diff --git a/.golangci.yaml b/.golangci.yaml index 0758c9f4c..1353499f2 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -94,7 +94,7 @@ linters: - pkg: sigs.k8s.io/controller-runtime alias: ctrl # CAPI - - pkg: sigs.k8s.io/cluster-api/api/v1beta1 + - pkg: sigs.k8s.io/cluster-api/api/core/v1beta2 alias: clusterv1 - pkg: sigs.k8s.io/cluster-api/cmd/clusterctl/api/v1alpha3 alias: clusterctlv1 diff --git a/api/v1alpha2/addonprovider_wrapper.go b/api/v1alpha2/addonprovider_wrapper.go index 0eb5ab74c..d7c1e1896 100644 --- a/api/v1alpha2/addonprovider_wrapper.go +++ b/api/v1alpha2/addonprovider_wrapper.go @@ -17,16 +17,16 @@ limitations under the License. package v1alpha2 import ( - clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) var _ GenericProvider = &AddonProvider{} -func (b *AddonProvider) GetConditions() clusterv1.Conditions { +func (b *AddonProvider) GetConditions() []metav1.Condition { return b.Status.Conditions } -func (b *AddonProvider) SetConditions(conditions clusterv1.Conditions) { +func (b *AddonProvider) SetConditions(conditions []metav1.Condition) { b.Status.Conditions = conditions } diff --git a/api/v1alpha2/bootstrapprovider_wrapper.go b/api/v1alpha2/bootstrapprovider_wrapper.go index 8dc4341de..da5a966d3 100644 --- a/api/v1alpha2/bootstrapprovider_wrapper.go +++ b/api/v1alpha2/bootstrapprovider_wrapper.go @@ -17,16 +17,16 @@ limitations under the License. package v1alpha2 import ( - clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) var _ GenericProvider = &BootstrapProvider{} -func (b *BootstrapProvider) GetConditions() clusterv1.Conditions { +func (b *BootstrapProvider) GetConditions() []metav1.Condition { return b.Status.Conditions } -func (b *BootstrapProvider) SetConditions(conditions clusterv1.Conditions) { +func (b *BootstrapProvider) SetConditions(conditions []metav1.Condition) { b.Status.Conditions = conditions } diff --git a/api/v1alpha2/conditions_consts.go b/api/v1alpha2/conditions_consts.go index a9b7d835d..a45be9039 100644 --- a/api/v1alpha2/conditions_consts.go +++ b/api/v1alpha2/conditions_consts.go @@ -16,11 +16,9 @@ limitations under the License. package v1alpha2 -import clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" - const ( // PreflightCheckCondition documents a Provider that has not passed preflight checks. - PreflightCheckCondition clusterv1.ConditionType = "PreflightCheckPassed" + PreflightCheckCondition string = "PreflightCheckPassed" // MoreThanOneProviderInstanceExistsReason (Severity=Info) documents that more than one instance of provider // exists in the cluster. @@ -71,14 +69,17 @@ const ( // NoDeploymentAvailableConditionReason documents that there is no Available condition for provider deployment yet. NoDeploymentAvailableConditionReason = "NoDeploymentAvailableConditionReason" + // DeploymentAvailableReason documents that the provider deployment is available. + DeploymentAvailableReason = "DeploymentAvailable" + // UnsupportedProviderDowngradeReason documents that the provider downgrade is not supported. UnsupportedProviderDowngradeReason = "UnsupportedProviderDowngradeReason" ) const ( // ProviderInstalledCondition documents a Provider that has been installed. - ProviderInstalledCondition clusterv1.ConditionType = "ProviderInstalled" + ProviderInstalledCondition string = "ProviderInstalled" // ProviderUpgradedCondition documents a Provider that has been recently upgraded. - ProviderUpgradedCondition clusterv1.ConditionType = "ProviderUpgraded" + ProviderUpgradedCondition string = "ProviderUpgraded" ) diff --git a/api/v1alpha2/controlplaneprovider_wrapper.go b/api/v1alpha2/controlplaneprovider_wrapper.go index 74164684c..59a497954 100644 --- a/api/v1alpha2/controlplaneprovider_wrapper.go +++ b/api/v1alpha2/controlplaneprovider_wrapper.go @@ -17,16 +17,16 @@ limitations under the License. package v1alpha2 import ( - clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) var _ GenericProvider = &ControlPlaneProvider{} -func (c *ControlPlaneProvider) GetConditions() clusterv1.Conditions { +func (c *ControlPlaneProvider) GetConditions() []metav1.Condition { return c.Status.Conditions } -func (c *ControlPlaneProvider) SetConditions(conditions clusterv1.Conditions) { +func (c *ControlPlaneProvider) SetConditions(conditions []metav1.Condition) { c.Status.Conditions = conditions } diff --git a/api/v1alpha2/coreprovider_wrapper.go b/api/v1alpha2/coreprovider_wrapper.go index 6d7b17b53..c52a20c25 100644 --- a/api/v1alpha2/coreprovider_wrapper.go +++ b/api/v1alpha2/coreprovider_wrapper.go @@ -17,16 +17,16 @@ limitations under the License. package v1alpha2 import ( - clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) var _ GenericProvider = &CoreProvider{} -func (c *CoreProvider) GetConditions() clusterv1.Conditions { +func (c *CoreProvider) GetConditions() []metav1.Condition { return c.Status.Conditions } -func (c *CoreProvider) SetConditions(conditions clusterv1.Conditions) { +func (c *CoreProvider) SetConditions(conditions []metav1.Condition) { c.Status.Conditions = conditions } diff --git a/api/v1alpha2/genericprovider_interfaces.go b/api/v1alpha2/genericprovider_interfaces.go index 454e64c7e..e10df83b1 100644 --- a/api/v1alpha2/genericprovider_interfaces.go +++ b/api/v1alpha2/genericprovider_interfaces.go @@ -18,12 +18,14 @@ package v1alpha2 import ( "sigs.k8s.io/cluster-api/util/conditions" + "sigs.k8s.io/controller-runtime/pkg/client" ) // GenericProvider interface describes operations applicable to the provider type. // // +kubebuilder:object:generate=false type GenericProvider interface { + client.Object conditions.Setter GetSpec() ProviderSpec SetSpec(in ProviderSpec) diff --git a/api/v1alpha2/infrastructureprovider_wrapper.go b/api/v1alpha2/infrastructureprovider_wrapper.go index 00e90f203..4a557e7b7 100644 --- a/api/v1alpha2/infrastructureprovider_wrapper.go +++ b/api/v1alpha2/infrastructureprovider_wrapper.go @@ -17,16 +17,16 @@ limitations under the License. package v1alpha2 import ( - clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) var _ GenericProvider = &InfrastructureProvider{} -func (c *InfrastructureProvider) GetConditions() clusterv1.Conditions { +func (c *InfrastructureProvider) GetConditions() []metav1.Condition { return c.Status.Conditions } -func (c *InfrastructureProvider) SetConditions(conditions clusterv1.Conditions) { +func (c *InfrastructureProvider) SetConditions(conditions []metav1.Condition) { c.Status.Conditions = conditions } diff --git a/api/v1alpha2/ipamprovider_wrapper.go b/api/v1alpha2/ipamprovider_wrapper.go index 3ead4e3b0..6448ea06a 100644 --- a/api/v1alpha2/ipamprovider_wrapper.go +++ b/api/v1alpha2/ipamprovider_wrapper.go @@ -17,16 +17,16 @@ limitations under the License. package v1alpha2 import ( - clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) var _ GenericProvider = &IPAMProvider{} -func (p *IPAMProvider) GetConditions() clusterv1.Conditions { +func (p *IPAMProvider) GetConditions() []metav1.Condition { return p.Status.Conditions } -func (p *IPAMProvider) SetConditions(conditions clusterv1.Conditions) { +func (p *IPAMProvider) SetConditions(conditions []metav1.Condition) { p.Status.Conditions = conditions } diff --git a/api/v1alpha2/provider_types.go b/api/v1alpha2/provider_types.go index 43eba1579..b015b823a 100644 --- a/api/v1alpha2/provider_types.go +++ b/api/v1alpha2/provider_types.go @@ -19,7 +19,6 @@ package v1alpha2 import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" ) const ( @@ -263,7 +262,7 @@ type ProviderStatus struct { // Conditions define the current service state of the provider. // +optional - Conditions clusterv1.Conditions `json:"conditions,omitempty"` + Conditions []metav1.Condition `json:"conditions,omitempty"` // ObservedGeneration is the latest generation observed by the controller. // +optional diff --git a/api/v1alpha2/runtimeextensionprovider_wrapper.go b/api/v1alpha2/runtimeextensionprovider_wrapper.go index 2f0df6c40..af3df1f47 100644 --- a/api/v1alpha2/runtimeextensionprovider_wrapper.go +++ b/api/v1alpha2/runtimeextensionprovider_wrapper.go @@ -17,16 +17,16 @@ limitations under the License. package v1alpha2 import ( - clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) var _ GenericProvider = &RuntimeExtensionProvider{} -func (p *RuntimeExtensionProvider) GetConditions() clusterv1.Conditions { +func (p *RuntimeExtensionProvider) GetConditions() []metav1.Condition { return p.Status.Conditions } -func (p *RuntimeExtensionProvider) SetConditions(conditions clusterv1.Conditions) { +func (p *RuntimeExtensionProvider) SetConditions(conditions []metav1.Condition) { p.Status.Conditions = conditions } diff --git a/api/v1alpha2/zz_generated.deepcopy.go b/api/v1alpha2/zz_generated.deepcopy.go index 28c520ee2..0c16ea1ff 100644 --- a/api/v1alpha2/zz_generated.deepcopy.go +++ b/api/v1alpha2/zz_generated.deepcopy.go @@ -25,7 +25,6 @@ import ( "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/component-base/config/v1alpha1" - "sigs.k8s.io/cluster-api/api/v1beta1" timex "time" ) @@ -958,7 +957,7 @@ func (in *ProviderStatus) DeepCopyInto(out *ProviderStatus) { } if in.Conditions != nil { in, out := &in.Conditions, &out.Conditions - *out = make(v1beta1.Conditions, len(*in)) + *out = make([]v1.Condition, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } diff --git a/cmd/main.go b/cmd/main.go index 54a1b64f1..8b8093938 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -33,7 +33,7 @@ import ( "k8s.io/klog/v2" "k8s.io/klog/v2/textlogger" "sigs.k8s.io/cluster-api-operator/internal/webhook" - clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2" clusterctlv1 "sigs.k8s.io/cluster-api/cmd/clusterctl/api/v1alpha3" "sigs.k8s.io/cluster-api/util/flags" "sigs.k8s.io/cluster-api/version" diff --git a/cmd/plugin/cmd/init.go b/cmd/plugin/cmd/init.go index 1e41895f8..937ec22d3 100644 --- a/cmd/plugin/cmd/init.go +++ b/cmd/plugin/cmd/init.go @@ -25,10 +25,10 @@ import ( "github.com/spf13/cobra" - corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" - clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2" clusterctlv1 "sigs.k8s.io/cluster-api/cmd/clusterctl/api/v1alpha3" "sigs.k8s.io/cluster-api/cmd/clusterctl/client/cluster" configclient "sigs.k8s.io/cluster-api/cmd/clusterctl/client/config" @@ -354,7 +354,7 @@ func checkProviderReadiness(ctx context.Context, client ctrlclient.Client, gener // Checking Ready condition for the provider. for _, cond := range genericProvider.GetConditions() { - if cond.Type == clusterv1.ReadyCondition && cond.Status == corev1.ConditionTrue { + if cond.Type == clusterv1.ReadyCondition && cond.Status == metav1.ConditionTrue { log.Info("Provider is ready", "Type", genericProvider.GetType(), "Name", genericProvider.GetName(), "Namespace", genericProvider.GetNamespace()) return true, nil diff --git a/cmd/plugin/cmd/upgrade_plan.go b/cmd/plugin/cmd/upgrade_plan.go index 49a274a50..046573358 100644 --- a/cmd/plugin/cmd/upgrade_plan.go +++ b/cmd/plugin/cmd/upgrade_plan.go @@ -27,7 +27,7 @@ import ( "github.com/spf13/cobra" appsv1 "k8s.io/api/apps/v1" - clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2" clusterctlv1 "sigs.k8s.io/cluster-api/cmd/clusterctl/api/v1alpha3" "sigs.k8s.io/cluster-api/cmd/clusterctl/client/cluster" configclient "sigs.k8s.io/cluster-api/cmd/clusterctl/client/config" @@ -348,7 +348,7 @@ func getInstalledProviders(ctx context.Context, client ctrlclient.Client) ([]ope // Iterate through installed providers and create a list of upgrade plans. genericProviders := []operatorv1.GenericProvider{} - contract := "v1beta1" + contract := "v1beta2" // Get Core Providers. var coreProviderList operatorv1.CoreProviderList diff --git a/cmd/plugin/cmd/upgrade_plan_test.go b/cmd/plugin/cmd/upgrade_plan_test.go index 596b00e9c..f269c0eb3 100644 --- a/cmd/plugin/cmd/upgrade_plan_test.go +++ b/cmd/plugin/cmd/upgrade_plan_test.go @@ -40,7 +40,7 @@ func TestUpgradePlan(t *testing.T) { { name: "no providers", wantedUpgradePlan: upgradePlan{ - Contract: "v1beta1", + Contract: "v1beta2", Providers: []upgradeItem{}, }, wantErr: false, @@ -49,7 +49,7 @@ func TestUpgradePlan(t *testing.T) { { name: "builtin core provider", wantedUpgradePlan: upgradePlan{ - Contract: "v1beta1", + Contract: "v1beta2", Providers: []upgradeItem{ { Name: "cluster-api", @@ -74,7 +74,7 @@ func TestUpgradePlan(t *testing.T) { name: "custom infra provider", customURL: "https://github.com/kubernetes-sigs/cluster-api/releases/latest/core-components.yaml", wantedUpgradePlan: upgradePlan{ - Contract: "v1beta1", + Contract: "v1beta2", Providers: []upgradeItem{ { Name: "docker", diff --git a/config/crd/bases/operator.cluster.x-k8s.io_addonproviders.yaml b/config/crd/bases/operator.cluster.x-k8s.io_addonproviders.yaml index 2449ff13e..d25535924 100644 --- a/config/crd/bases/operator.cluster.x-k8s.io_addonproviders.yaml +++ b/config/crd/bases/operator.cluster.x-k8s.io_addonproviders.yaml @@ -346,7 +346,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -361,7 +360,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -529,7 +527,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -544,7 +541,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -710,7 +706,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -725,7 +720,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -893,7 +887,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -908,7 +901,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1817,7 +1809,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1832,7 +1823,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1999,7 +1989,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2014,7 +2003,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2179,7 +2167,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2194,7 +2181,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2361,7 +2347,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2376,7 +2361,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -3043,51 +3027,56 @@ spec: conditions: description: Conditions define the current service state of the provider. items: - description: Condition defines an observation of a Cluster API resource - operational state. + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. - This field may be empty. - maxLength: 10240 - minLength: 1 + This may be an empty string. + maxLength: 32768 type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer reason: description: |- - reason is the reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - maxLength: 256 + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 minLength: 1 - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - maxLength: 32 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - maxLength: 256 - minLength: 1 + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime + - message + - reason - status - type type: object diff --git a/config/crd/bases/operator.cluster.x-k8s.io_bootstrapproviders.yaml b/config/crd/bases/operator.cluster.x-k8s.io_bootstrapproviders.yaml index de0adbff2..31aee2f86 100644 --- a/config/crd/bases/operator.cluster.x-k8s.io_bootstrapproviders.yaml +++ b/config/crd/bases/operator.cluster.x-k8s.io_bootstrapproviders.yaml @@ -346,7 +346,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -361,7 +360,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -529,7 +527,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -544,7 +541,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -710,7 +706,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -725,7 +720,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -893,7 +887,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -908,7 +901,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1817,7 +1809,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1832,7 +1823,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1999,7 +1989,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2014,7 +2003,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2179,7 +2167,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2194,7 +2181,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2361,7 +2347,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2376,7 +2361,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -3043,51 +3027,56 @@ spec: conditions: description: Conditions define the current service state of the provider. items: - description: Condition defines an observation of a Cluster API resource - operational state. + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. - This field may be empty. - maxLength: 10240 - minLength: 1 + This may be an empty string. + maxLength: 32768 type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer reason: description: |- - reason is the reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - maxLength: 256 + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 minLength: 1 - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - maxLength: 32 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - maxLength: 256 - minLength: 1 + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime + - message + - reason - status - type type: object diff --git a/config/crd/bases/operator.cluster.x-k8s.io_controlplaneproviders.yaml b/config/crd/bases/operator.cluster.x-k8s.io_controlplaneproviders.yaml index c278a3e48..b9b631bfe 100644 --- a/config/crd/bases/operator.cluster.x-k8s.io_controlplaneproviders.yaml +++ b/config/crd/bases/operator.cluster.x-k8s.io_controlplaneproviders.yaml @@ -347,7 +347,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -362,7 +361,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -530,7 +528,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -545,7 +542,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -711,7 +707,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -726,7 +721,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -894,7 +888,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -909,7 +902,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1818,7 +1810,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1833,7 +1824,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2000,7 +1990,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2015,7 +2004,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2180,7 +2168,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2195,7 +2182,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2362,7 +2348,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2377,7 +2362,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -3045,51 +3029,56 @@ spec: conditions: description: Conditions define the current service state of the provider. items: - description: Condition defines an observation of a Cluster API resource - operational state. + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. - This field may be empty. - maxLength: 10240 - minLength: 1 + This may be an empty string. + maxLength: 32768 type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer reason: description: |- - reason is the reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - maxLength: 256 + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 minLength: 1 - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - maxLength: 32 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - maxLength: 256 - minLength: 1 + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime + - message + - reason - status - type type: object diff --git a/config/crd/bases/operator.cluster.x-k8s.io_coreproviders.yaml b/config/crd/bases/operator.cluster.x-k8s.io_coreproviders.yaml index ee05932d8..50d79de0d 100644 --- a/config/crd/bases/operator.cluster.x-k8s.io_coreproviders.yaml +++ b/config/crd/bases/operator.cluster.x-k8s.io_coreproviders.yaml @@ -346,7 +346,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -361,7 +360,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -529,7 +527,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -544,7 +541,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -710,7 +706,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -725,7 +720,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -893,7 +887,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -908,7 +901,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1817,7 +1809,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1832,7 +1823,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1999,7 +1989,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2014,7 +2003,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2179,7 +2167,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2194,7 +2181,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2361,7 +2347,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2376,7 +2361,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -3043,51 +3027,56 @@ spec: conditions: description: Conditions define the current service state of the provider. items: - description: Condition defines an observation of a Cluster API resource - operational state. + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. - This field may be empty. - maxLength: 10240 - minLength: 1 + This may be an empty string. + maxLength: 32768 type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer reason: description: |- - reason is the reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - maxLength: 256 + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 minLength: 1 - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - maxLength: 32 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - maxLength: 256 - minLength: 1 + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime + - message + - reason - status - type type: object diff --git a/config/crd/bases/operator.cluster.x-k8s.io_infrastructureproviders.yaml b/config/crd/bases/operator.cluster.x-k8s.io_infrastructureproviders.yaml index 5c211c2ff..3e9e88fa5 100644 --- a/config/crd/bases/operator.cluster.x-k8s.io_infrastructureproviders.yaml +++ b/config/crd/bases/operator.cluster.x-k8s.io_infrastructureproviders.yaml @@ -347,7 +347,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -362,7 +361,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -530,7 +528,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -545,7 +542,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -711,7 +707,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -726,7 +721,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -894,7 +888,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -909,7 +902,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1818,7 +1810,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1833,7 +1824,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2000,7 +1990,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2015,7 +2004,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2180,7 +2168,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2195,7 +2182,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2362,7 +2348,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2377,7 +2362,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -3045,51 +3029,56 @@ spec: conditions: description: Conditions define the current service state of the provider. items: - description: Condition defines an observation of a Cluster API resource - operational state. + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. - This field may be empty. - maxLength: 10240 - minLength: 1 + This may be an empty string. + maxLength: 32768 type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer reason: description: |- - reason is the reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - maxLength: 256 + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 minLength: 1 - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - maxLength: 32 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - maxLength: 256 - minLength: 1 + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime + - message + - reason - status - type type: object diff --git a/config/crd/bases/operator.cluster.x-k8s.io_ipamproviders.yaml b/config/crd/bases/operator.cluster.x-k8s.io_ipamproviders.yaml index 77c4fa125..73004dcb2 100644 --- a/config/crd/bases/operator.cluster.x-k8s.io_ipamproviders.yaml +++ b/config/crd/bases/operator.cluster.x-k8s.io_ipamproviders.yaml @@ -346,7 +346,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -361,7 +360,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -529,7 +527,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -544,7 +541,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -710,7 +706,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -725,7 +720,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -893,7 +887,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -908,7 +901,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1817,7 +1809,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1832,7 +1823,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1999,7 +1989,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2014,7 +2003,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2179,7 +2167,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2194,7 +2181,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2361,7 +2347,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2376,7 +2361,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -3043,51 +3027,56 @@ spec: conditions: description: Conditions define the current service state of the provider. items: - description: Condition defines an observation of a Cluster API resource - operational state. + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. - This field may be empty. - maxLength: 10240 - minLength: 1 + This may be an empty string. + maxLength: 32768 type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer reason: description: |- - reason is the reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - maxLength: 256 + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 minLength: 1 - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - maxLength: 32 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - maxLength: 256 - minLength: 1 + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime + - message + - reason - status - type type: object diff --git a/config/crd/bases/operator.cluster.x-k8s.io_runtimeextensionproviders.yaml b/config/crd/bases/operator.cluster.x-k8s.io_runtimeextensionproviders.yaml index 3ced8a421..a791fc157 100644 --- a/config/crd/bases/operator.cluster.x-k8s.io_runtimeextensionproviders.yaml +++ b/config/crd/bases/operator.cluster.x-k8s.io_runtimeextensionproviders.yaml @@ -348,7 +348,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -363,7 +362,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -531,7 +529,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -546,7 +543,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -712,7 +708,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -727,7 +722,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -895,7 +889,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -910,7 +903,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1819,7 +1811,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1834,7 +1825,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2001,7 +1991,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2016,7 +2005,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2181,7 +2169,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2196,7 +2183,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2363,7 +2349,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2378,7 +2363,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -3046,51 +3030,56 @@ spec: conditions: description: Conditions define the current service state of the provider. items: - description: Condition defines an observation of a Cluster API resource - operational state. + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. - This field may be empty. - maxLength: 10240 - minLength: 1 + This may be an empty string. + maxLength: 32768 type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer reason: description: |- - reason is the reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - maxLength: 256 + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 minLength: 1 - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - maxLength: 32 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - maxLength: 256 - minLength: 1 + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime + - message + - reason - status - type type: object diff --git a/go.mod b/go.mod index 418c4741f..30e8cc557 100644 --- a/go.mod +++ b/go.mod @@ -15,29 +15,25 @@ require ( github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.10 golang.org/x/oauth2 v0.30.0 - k8s.io/api v0.32.7 - k8s.io/apiextensions-apiserver v0.32.7 - k8s.io/apimachinery v0.32.7 - k8s.io/client-go v0.32.7 - k8s.io/component-base v0.32.7 + k8s.io/api v0.33.3 + k8s.io/apiextensions-apiserver v0.33.3 + k8s.io/apimachinery v0.33.3 + k8s.io/client-go v0.33.3 + k8s.io/component-base v0.33.3 k8s.io/klog/v2 v2.130.1 k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 oras.land/oras-go/v2 v2.6.0 - sigs.k8s.io/cluster-api v1.10.4 - sigs.k8s.io/controller-runtime v0.20.4 + sigs.k8s.io/cluster-api v1.11.0 + sigs.k8s.io/controller-runtime v0.21.0 sigs.k8s.io/yaml v1.6.0 ) require ( - cel.dev/expr v0.18.0 // indirect - dario.cat/mergo v1.0.1 // indirect - github.com/Masterminds/semver/v3 v3.4.0 // indirect - github.com/Masterminds/sprig/v3 v3.3.0 // indirect + cel.dev/expr v0.19.1 // indirect github.com/NYTimes/gziphandler v1.1.1 // indirect github.com/ProtonMail/go-crypto v1.0.0 // indirect github.com/adrg/xdg v0.5.3 // indirect github.com/antlr4-go/antlr/v4 v4.13.0 // indirect - github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/cenkalti/backoff/v4 v4.3.0 // indirect @@ -57,50 +53,45 @@ require ( github.com/go-viper/mapstructure/v2 v2.4.0 // indirect github.com/gobuffalo/flect v1.0.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/protobuf v1.5.4 // indirect github.com/google/btree v1.1.3 // indirect - github.com/google/cel-go v0.22.0 // indirect - github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect + github.com/google/cel-go v0.23.2 // indirect + github.com/google/gnostic-models v0.6.9 // indirect github.com/google/go-github/v53 v53.2.0 // indirect github.com/google/go-querystring v1.1.0 // indirect - github.com/google/gofuzz v1.2.0 // indirect github.com/google/uuid v1.6.0 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect - github.com/huandu/xstrings v1.5.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect + github.com/kylelemons/godebug v1.1.0 // indirect github.com/mailru/easyjson v0.7.7 // indirect - github.com/mitchellh/copystructure v1.2.0 // indirect - github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/pelletier/go-toml/v2 v2.2.3 // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/prometheus/client_golang v1.19.1 // indirect + github.com/prometheus/client_golang v1.22.0 // indirect github.com/prometheus/client_model v0.6.1 // indirect - github.com/prometheus/common v0.55.0 // indirect + github.com/prometheus/common v0.62.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/sagikazarmark/locafero v0.7.0 // indirect - github.com/shopspring/decimal v1.4.0 // indirect github.com/sourcegraph/conc v0.3.0 // indirect github.com/spf13/afero v1.12.0 // indirect github.com/spf13/cast v1.7.1 // indirect - github.com/spf13/viper v1.20.0 // indirect + github.com/spf13/viper v1.20.1 // indirect github.com/stoewer/go-strcase v1.3.0 // indirect github.com/subosito/gotenv v1.6.0 // indirect - github.com/valyala/fastjson v1.6.4 // indirect github.com/x448/float16 v0.8.4 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect - go.opentelemetry.io/otel v1.29.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 // indirect - go.opentelemetry.io/otel/metric v1.29.0 // indirect - go.opentelemetry.io/otel/sdk v1.29.0 // indirect - go.opentelemetry.io/otel/trace v1.29.0 // indirect - go.opentelemetry.io/proto/otlp v1.3.1 // indirect + go.opentelemetry.io/auto/sdk v1.1.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect + go.opentelemetry.io/otel v1.34.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0 // indirect + go.opentelemetry.io/otel/metric v1.34.0 // indirect + go.opentelemetry.io/otel/sdk v1.34.0 // indirect + go.opentelemetry.io/otel/trace v1.34.0 // indirect + go.opentelemetry.io/proto/otlp v1.4.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.yaml.in/yaml/v2 v2.4.2 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect @@ -111,19 +102,20 @@ require ( golang.org/x/sys v0.35.0 // indirect golang.org/x/term v0.34.0 // indirect golang.org/x/text v0.28.0 // indirect - golang.org/x/time v0.8.0 // indirect + golang.org/x/time v0.9.0 // indirect gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241223144023-3abc09e42ca8 // indirect - google.golang.org/grpc v1.67.3 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20250106144421-5f5ef82da422 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f // indirect + google.golang.org/grpc v1.71.3 // indirect google.golang.org/protobuf v1.36.7 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiserver v0.32.7 // indirect - k8s.io/cluster-bootstrap v0.32.3 // indirect - k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect - sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.0 // indirect + k8s.io/apiserver v0.33.3 // indirect + k8s.io/cluster-bootstrap v0.33.3 // indirect + k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect + sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2 // indirect sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect + sigs.k8s.io/randfill v1.0.0 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect ) diff --git a/go.sum b/go.sum index 32aabade8..25b50c9e1 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -cel.dev/expr v0.18.0 h1:CJ6drgk+Hf96lkLikr4rFf19WrU0BOWEihyZnI2TAzo= -cel.dev/expr v0.18.0/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw= +cel.dev/expr v0.19.1 h1:NciYrtDRIR0lNCnH1LFJegdjspNx9fI59O7TWcua/W4= +cel.dev/expr v0.19.1/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw= dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ= @@ -18,8 +18,6 @@ github.com/adrg/xdg v0.5.3 h1:xRnxJXne7+oWDatRhR1JLnvuccuIeCoBu2rtuLqQB78= github.com/adrg/xdg v0.5.3/go.mod h1:nlTsY+NNiCBGCK2tpm09vRqfVzrc2fLmXGpBLF0zlTQ= github.com/antlr4-go/antlr/v4 v4.13.0 h1:lxCg3LAv+EUK6t1i0y1V6/SLeUi0eKEKdhQAlS8TVTI= github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g= -github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= -github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= @@ -34,13 +32,8 @@ github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= github.com/coredns/caddy v1.1.1 h1:2eYKZT7i6yxIfGP3qLJoJ7HAsDJqYB+X68g4NYjSrE0= github.com/coredns/caddy v1.1.1/go.mod h1:A6ntJQlAWuQfFlsd9hvigKbo2WS0VUs2l1e2F+BawD4= -github.com/coredns/corefile-migration v1.0.26 h1:xiiEkVB1Dwolb24pkeDUDBfygV9/XsOSq79yFCrhptY= -github.com/coredns/corefile-migration v1.0.26/go.mod h1:56DPqONc3njpVPsdilEnfijCwNGC3/kTJLl7i7SPavY= -github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4= -github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= -github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf h1:iW4rZ826su+pqaw19uhpSCzhj44qo35pNgKFGqzDKkU= -github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= -github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= +github.com/coredns/corefile-migration v1.0.27 h1:WIIw5sU0LfGgoGnhdrYdVcto/aWmJoGA/C62iwkU0JM= +github.com/coredns/corefile-migration v1.0.27/go.mod h1:56DPqONc3njpVPsdilEnfijCwNGC3/kTJLl7i7SPavY= github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -51,8 +44,6 @@ github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5Qvfr github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= github.com/drone/envsubst/v2 v2.0.0-20210730161058-179042472c46 h1:7QPwrLT79GlD5sizHf27aoY2RTvw62mO6x7mxkScNk0= github.com/drone/envsubst/v2 v2.0.0-20210730161058-179042472c46/go.mod h1:esf2rsHFNlZlxsqsZDojNBcnNs5REqIvRrWRHqX0vEU= -github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= -github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= github.com/emicklei/go-restful/v3 v3.12.2 h1:DhwDP0vY3k8ZzE0RunuJy8GhNpPL6zqLkDf9B/a0/xU= github.com/emicklei/go-restful/v3 v3.12.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI= @@ -92,16 +83,14 @@ github.com/gobuffalo/flect v1.0.3 h1:xeWBM2nui+qnVvNM4S3foBhCAL2XgPU+a7FdpelbTq4 github.com/gobuffalo/flect v1.0.3/go.mod h1:A5msMlrHtLqh9umBSnvabjsMrCcCpAyzglnDvkbYKHs= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= -github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= -github.com/google/cel-go v0.22.0 h1:b3FJZxpiv1vTMo2/5RDUqAHPxkT8mmMfJIrq1llbf7g= -github.com/google/cel-go v0.22.0/go.mod h1:BuznPXXfQDpXKWQ9sPW3TzlAJN5zzFe+i9tIs0yC4s8= -github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 h1:0VpGH+cDhbDtdcweoyCVsF3fhN8kejK6rFe/2FFX2nU= -github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49/go.mod h1:BkkQ4L1KS1xMt2aWSPStnn55ChGC0DPOn2FQYj+f25M= +github.com/google/cel-go v0.23.2 h1:UdEe3CvQh3Nv+E/j9r1Y//WO0K0cSyD7/y0bzyLIMI4= +github.com/google/cel-go v0.23.2/go.mod h1:52Pb6QsDbC5kvgxvZhiL9QX1oZEkcUF/ZqaPx1J5Wwo= +github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw= +github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= @@ -120,28 +109,20 @@ github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 h1:BHT72Gu3keYf3ZEu2J github.com/google/pprof v0.0.0-20250403155104-27863c87afa6/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg= -github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= -github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw= -github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= -github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho= -github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= -github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= -github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 h1:TmHmbvxPmaegwhDubVz0lICL0J5Ka2vwTzhoePEXsGE= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0/go.mod h1:qztMSjm835F2bXf+5HKAPIS5qsmQDqZna/PgVt4rWtI= github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI= github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= -github.com/jonboulle/clockwork v0.4.0 h1:p4Cf1aMWXnXAUh8lVfewRBx1zaTSYKrKMF2g3ST4RZ4= -github.com/jonboulle/clockwork v0.4.0/go.mod h1:xgRqUGwRcjKCO1vbZUEtSLrqKoPSsUpK7fnezOII0kc= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo= +github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= @@ -149,6 +130,8 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= +github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= @@ -174,28 +157,23 @@ github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNH github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= -github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE= -github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= +github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q= +github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= -github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= -github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= +github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ2Io= +github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= -github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= -github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= +github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= +github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sagikazarmark/locafero v0.7.0 h1:5MqpDsTGNDhY8sGp0Aowyf0qKsPrhewaLSsFaodPcyo= github.com/sagikazarmark/locafero v0.7.0/go.mod h1:2za3Cg5rMaTMoG/2Ulr9AwtFaIppKXTRYnozin4aB5k= github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME= -github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= -github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/soheilhy/cmux v0.1.5 h1:jjzc5WVemNEDTLwv9tlmemhC73tI08BNOIGwBOo10Js= -github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo= github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0= github.com/spf13/afero v1.12.0 h1:UcOPyRBYczmFn6yvphxkn9ZEOY65cpwGKb5mL36mrqs= @@ -207,13 +185,15 @@ github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wx github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk= github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v1.20.0 h1:zrxIyR3RQIOsarIrgL8+sAvALXul9jeEPa06Y0Ph6vY= -github.com/spf13/viper v1.20.0/go.mod h1:P9Mdzt1zoHIG8m2eZQinpiBjo6kCmZSKBClNNqjJvu4= +github.com/spf13/viper v1.20.1 h1:ZMi+z/lvLyPSCoNtFCpqjy0S4kPbirhpTMwl8BkW9X4= +github.com/spf13/viper v1.20.1/go.mod h1:P9Mdzt1zoHIG8m2eZQinpiBjo6kCmZSKBClNNqjJvu4= github.com/stoewer/go-strcase v1.3.0 h1:g0eASXYtp+yvN9fK8sH94oCIk0fau9uV1/ZdJ0AVEzs= github.com/stoewer/go-strcase v1.3.0/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= @@ -222,51 +202,31 @@ github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOf github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8= github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU= -github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75 h1:6fotK7otjonDflCTK0BCfls4SPy3NcCVb5dqqmbRknE= -github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75/go.mod h1:KO6IkyS8Y3j8OdNO85qEYBsRPuteD+YciPomcXdrMnk= -github.com/valyala/fastjson v1.6.4 h1:uAUNq9Z6ymTgGhcm0UynUAB6tlbakBrz6CQFax3BXVQ= -github.com/valyala/fastjson v1.6.4/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/xiang90/probing v0.0.0-20221125231312-a49e3df8f510 h1:S2dVYn90KE98chqDkyE9Z4N61UnQd+KOfgp5Iu53llk= -github.com/xiang90/probing v0.0.0-20221125231312-a49e3df8f510/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -go.etcd.io/bbolt v1.3.11 h1:yGEzV1wPz2yVCLsD8ZAiGHhHVlczyC9d1rP43/VCRJ0= -go.etcd.io/bbolt v1.3.11/go.mod h1:dksAq7YMXoljX0xu6VF5DMZGbhYYoLUalEiSySYAS4I= -go.etcd.io/etcd/api/v3 v3.5.20 h1:aKfz3nPZECWoZJXMSH9y6h2adXjtOHaHTGEVCuCmaz0= -go.etcd.io/etcd/api/v3 v3.5.20/go.mod h1:QqKGViq4KTgOG43dr/uH0vmGWIaoJY3ggFi6ZH0TH/U= -go.etcd.io/etcd/client/pkg/v3 v3.5.20 h1:sZIAtra+xCo56gdf6BR62to/hiie5Bwl7hQIqMzVTEM= -go.etcd.io/etcd/client/pkg/v3 v3.5.20/go.mod h1:qaOi1k4ZA9lVLejXNvyPABrVEe7VymMF2433yyRQ7O0= -go.etcd.io/etcd/client/v2 v2.305.16 h1:kQrn9o5czVNaukf2A2At43cE9ZtWauOtf9vRZuiKXow= -go.etcd.io/etcd/client/v2 v2.305.16/go.mod h1:h9YxWCzcdvZENbfzBTFCnoNumr2ax3F19sKMqHFmXHE= -go.etcd.io/etcd/client/v3 v3.5.20 h1:jMT2MwQEhyvhQg49Cec+1ZHJzfUf6ZgcmV0GjPv0tIQ= -go.etcd.io/etcd/client/v3 v3.5.20/go.mod h1:J5lbzYRMUR20YolS5UjlqqMcu3/wdEvG5VNBhzyo3m0= -go.etcd.io/etcd/pkg/v3 v3.5.16 h1:cnavs5WSPWeK4TYwPYfmcr3Joz9BH+TZ6qoUtz6/+mc= -go.etcd.io/etcd/pkg/v3 v3.5.16/go.mod h1:+lutCZHG5MBBFI/U4eYT5yL7sJfnexsoM20Y0t2uNuY= -go.etcd.io/etcd/raft/v3 v3.5.16 h1:zBXA3ZUpYs1AwiLGPafYAKKl/CORn/uaxYDwlNwndAk= -go.etcd.io/etcd/raft/v3 v3.5.16/go.mod h1:P4UP14AxofMJ/54boWilabqqWoW9eLodl6I5GdGzazI= -go.etcd.io/etcd/server/v3 v3.5.16 h1:d0/SAdJ3vVsZvF8IFVb1k8zqMZ+heGcNfft71ul9GWE= -go.etcd.io/etcd/server/v3 v3.5.16/go.mod h1:ynhyZZpdDp1Gq49jkUg5mfkDWZwXnn3eIqCqtJnrD/s= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 h1:r6I7RJCN86bpD/FQwedZ0vSixDpwuWREjW9oRMsmqDc= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0/go.mod h1:B9yO6b04uB80CzjedvewuqDhxJxi11s7/GtiGa8bAjI= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 h1:TT4fX+nBOA/+LUkobKGW1ydGcn+G3vRw9+g5HwCphpk= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0/go.mod h1:L7UH0GbB0p47T4Rri3uHjbpCFYrVrwc1I25QhNPiGK8= -go.opentelemetry.io/otel v1.29.0 h1:PdomN/Al4q/lN6iBJEN3AwPvUiHPMlt93c8bqTG5Llw= -go.opentelemetry.io/otel v1.29.0/go.mod h1:N/WtXPs1CNCUEx+Agz5uouwCba+i+bJGFicT8SR4NP8= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9ROb4G8qkH90LXEIICcs5zv1OYY= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 h1:qFffATk0X+HD+f1Z8lswGiOQYKHRlzfmdJm0wEaVrFA= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0/go.mod h1:MOiCmryaYtc+V0Ei+Tx9o5S1ZjA7kzLucuVuyzBZloQ= -go.opentelemetry.io/otel/metric v1.29.0 h1:vPf/HFWTNkPu1aYeIsc98l4ktOQaL6LeSoeV2g+8YLc= -go.opentelemetry.io/otel/metric v1.29.0/go.mod h1:auu/QWieFVWx+DmQOUMgj0F8LHWdgalxXqvp7BII/W8= -go.opentelemetry.io/otel/sdk v1.29.0 h1:vkqKjk7gwhS8VaWb0POZKmIEDimRCMsopNYnriHyryo= -go.opentelemetry.io/otel/sdk v1.29.0/go.mod h1:pM8Dx5WKnvxLCb+8lG1PRNIDxu9g9b9g59Qr7hfAAok= -go.opentelemetry.io/otel/trace v1.29.0 h1:J/8ZNK4XgR7a21DZUAsbF8pZ5Jcw1VhACmnYt39JTi4= -go.opentelemetry.io/otel/trace v1.29.0/go.mod h1:eHl3w0sp3paPkYstJOmAimxhiFXPg+MMTlEh3nsQgWQ= -go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= -go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= +go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= +go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 h1:yd02MEjBdJkG3uabWP9apV+OuWRIXGDuJEUJbOHmCFU= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0/go.mod h1:umTcuxiv1n/s/S6/c2AT/g2CQ7u5C59sHDNmfSwgz7Q= +go.opentelemetry.io/otel v1.34.0 h1:zRLXxLCgL1WyKsPVrgbSdMN4c0FMkDAskSTQP+0hdUY= +go.opentelemetry.io/otel v1.34.0/go.mod h1:OWFPOQ+h4G8xpyjgqo4SxJYdDQ/qmRH+wivy7zzx9oI= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 h1:Vh5HayB/0HHfOQA7Ctx69E/Y/DcQSMPpKANYVMQ7fBA= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0/go.mod h1:cpgtDBaqD/6ok/UG0jT15/uKjAY8mRA53diogHBg3UI= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0 h1:5pojmb1U1AogINhN3SurB+zm/nIcusopeBNp42f45QM= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0/go.mod h1:57gTHJSE5S1tqg+EKsLPlTWhpHMsWlVmer+LA926XiA= +go.opentelemetry.io/otel/metric v1.34.0 h1:+eTR3U0MyfWjRDhmFMxe2SsW64QrZ84AOhvqS7Y+PoQ= +go.opentelemetry.io/otel/metric v1.34.0/go.mod h1:CEDrp0fy2D0MvkXE+dPV7cMi8tWZwX3dmaIhwPOaqHE= +go.opentelemetry.io/otel/sdk v1.34.0 h1:95zS4k/2GOy069d321O8jWgYsW3MzVV+KuSPKp7Wr1A= +go.opentelemetry.io/otel/sdk v1.34.0/go.mod h1:0e/pNiaMAqaykJGKbi+tSjWfNNHMTxoC9qANsCzbyxU= +go.opentelemetry.io/otel/sdk/metric v1.34.0 h1:5CeK9ujjbFVL5c1PhLuStg1wxA7vQv7ce1EK0Gyvahk= +go.opentelemetry.io/otel/sdk/metric v1.34.0/go.mod h1:jQ/r8Ze28zRKoNRdkjCZxfs6YvBTG1+YIqyFVFYec5w= +go.opentelemetry.io/otel/trace v1.34.0 h1:+ouXS2V8Rd4hp4580a8q23bg0azF2nI8cqLYnC8mh/k= +go.opentelemetry.io/otel/trace v1.34.0/go.mod h1:Svm7lSjQD7kG7KJ/MUHPVXSDGz2OX4h0M2jHBhmSfRE= +go.opentelemetry.io/proto/otlp v1.4.0 h1:TA9WRvW6zMwP+Ssb6fLoUIuirti1gGbP28GcKG1jgeg= +go.opentelemetry.io/proto/otlp v1.4.0/go.mod h1:PPBWZIP98o2ElSqI35IHfu7hIhSwvc5N38Jw8pXuGFY= go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs= go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= @@ -341,8 +301,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng= golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU= -golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg= -golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY= +golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= @@ -357,14 +317,12 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.5.0 h1:JELs8RLM12qJGXU4u/TO3V25KW8GreMKl9pdkk14RM0= gomodules.xyz/jsonpatch/v2 v2.5.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 h1:ToEetK57OidYuqD4Q5w+vfEnPvPpuTwedCNVohYJfNk= -google.golang.org/genproto v0.0.0-20241118233622-e639e219e697/go.mod h1:JJrvXBWRZaFMxBufik1a4RpFw4HhgVtBBWQeQgUj2cc= -google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 h1:CkkIfIt50+lT6NHAVoRYEyAvQGFM7xEwXUUywFvEb3Q= -google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576/go.mod h1:1R3kvZ1dtP3+4p4d3G8uJ8rFk/fWlScl38vanWACI08= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241223144023-3abc09e42ca8 h1:TqExAhdPaB60Ux47Cn0oLV07rGnxZzIsaRhQaqS666A= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241223144023-3abc09e42ca8/go.mod h1:lcTa1sDdWEIHMWlITnIczmw5w60CF9ffkb8Z+DVmmjA= -google.golang.org/grpc v1.67.3 h1:OgPcDAFKHnH8X3O4WcO4XUc8GRDeKsKReqbQtiCj7N8= -google.golang.org/grpc v1.67.3/go.mod h1:YGaHCc6Oap+FzBJTZLBzkGSYt/cvGPFTPxkn7QfSU8s= +google.golang.org/genproto/googleapis/api v0.0.0-20250106144421-5f5ef82da422 h1:GVIKPyP/kLIyVOgOnTwFOrvQaQUzOzGMCxgFUOEmm24= +google.golang.org/genproto/googleapis/api v0.0.0-20250106144421-5f5ef82da422/go.mod h1:b6h1vNKhxaSoEI+5jc3PJUCustfli/mRab7295pY7rw= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f h1:OxYkA3wjPsZyBylwymxSHa7ViiW1Sml4ToBrncvFehI= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f/go.mod h1:+2Yz8+CLJbIfL9z73EW45avw8Lmge3xVElCP9zEKi50= +google.golang.org/grpc v1.71.3 h1:iEhneYTxOruJyZAxdAv8Y0iRZvsc5M6KoW7UA0/7jn0= +google.golang.org/grpc v1.71.3/go.mod h1:H0GRtasmQOh9LkFoCPDu3ZrwUtD1YGE+b2vYBYd/8Ec= google.golang.org/protobuf v1.36.7 h1:IgrO7UwFQGJdRNXH/sQux4R1Dj1WAKcLElzeeRaXV2A= google.golang.org/protobuf v1.36.7/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -374,43 +332,44 @@ gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSP gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc= -gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.32.7 h1:CBhHkoi3YJW8QQI6VL/Hu9f1HHVImmuIh513d4H4VfQ= -k8s.io/api v0.32.7/go.mod h1:YEB46LZ/M0/9t0m+R2FxW5fkZAUR/eoS6sZQKS3mBYk= -k8s.io/apiextensions-apiserver v0.32.7 h1:w7IzqA3SZG9KNm5YMtrrqY3ipPgt13rZevDaZSubARA= -k8s.io/apiextensions-apiserver v0.32.7/go.mod h1:CelzsiBUTLZeJ+MxBEcuDEgu9Qr3LQkZqmydvA/W9UA= -k8s.io/apimachinery v0.32.7 h1:1vTegNQIfM7dvZrMV5//6jJv2odKAnadv9Bg+doJmaA= -k8s.io/apimachinery v0.32.7/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= -k8s.io/apiserver v0.32.7 h1:BJADFQpbKM1LC5GTueefdnDjzu5PUXAcEgWZrs2gj18= -k8s.io/apiserver v0.32.7/go.mod h1:a3O36FgT3dQ26oufk9/1VVmWcna/OLQjofirYiocfQI= -k8s.io/client-go v0.32.7 h1:ZDhv3JTaQ/IejnNXRePBZdRecAEvxf8+pFdt/ruuWXc= -k8s.io/client-go v0.32.7/go.mod h1:/he4Akuzee/lTiWmcsrpZfCQ2LPNLTC2qqumLVAw/Fw= -k8s.io/cluster-bootstrap v0.32.3 h1:AqIpsUhB6MUeaAsl1WvaUw54AHRd2hfZrESlKChtd8s= -k8s.io/cluster-bootstrap v0.32.3/go.mod h1:CHbBwgOb6liDV6JFUTkx5t85T2xidy0sChBDoyYw344= -k8s.io/component-base v0.32.7 h1:iXfcDveIsx0CyB0b8qo0/4pfgmhwshaO/u4ij1hZeAM= -k8s.io/component-base v0.32.7/go.mod h1:Qfa6+z8IIyIdyqewerOlWaibCsxKbpBNd3ATNrPKe/A= +k8s.io/api v0.33.3 h1:SRd5t//hhkI1buzxb288fy2xvjubstenEKL9K51KBI8= +k8s.io/api v0.33.3/go.mod h1:01Y/iLUjNBM3TAvypct7DIj0M0NIZc+PzAHCIo0CYGE= +k8s.io/apiextensions-apiserver v0.33.3 h1:qmOcAHN6DjfD0v9kxL5udB27SRP6SG/MTopmge3MwEs= +k8s.io/apiextensions-apiserver v0.33.3/go.mod h1:oROuctgo27mUsyp9+Obahos6CWcMISSAPzQ77CAQGz8= +k8s.io/apimachinery v0.33.3 h1:4ZSrmNa0c/ZpZJhAgRdcsFcZOw1PQU1bALVQ0B3I5LA= +k8s.io/apimachinery v0.33.3/go.mod h1:BHW0YOu7n22fFv/JkYOEfkUYNRN0fj0BlvMFWA7b+SM= +k8s.io/apiserver v0.33.3 h1:Wv0hGc+QFdMJB4ZSiHrCgN3zL3QRatu56+rpccKC3J4= +k8s.io/apiserver v0.33.3/go.mod h1:05632ifFEe6TxwjdAIrwINHWE2hLwyADFk5mBsQa15E= +k8s.io/client-go v0.33.3 h1:M5AfDnKfYmVJif92ngN532gFqakcGi6RvaOF16efrpA= +k8s.io/client-go v0.33.3/go.mod h1:luqKBQggEf3shbxHY4uVENAxrDISLOarxpTKMiUuujg= +k8s.io/cluster-bootstrap v0.33.3 h1:u2NTxJ5CFSBFXaDxLQoOWMly8eni31psVso+caq6uwI= +k8s.io/cluster-bootstrap v0.33.3/go.mod h1:p970f8u8jf273zyQ5raD8WUu2XyAl0SAWOY82o7i/ds= +k8s.io/component-base v0.33.3 h1:mlAuyJqyPlKZM7FyaoM/LcunZaaY353RXiOd2+B5tGA= +k8s.io/component-base v0.33.3/go.mod h1:ktBVsBzkI3imDuxYXmVxZ2zxJnYTZ4HAsVj9iF09qp4= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y= -k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4= +k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff h1:/usPimJzUKKu+m+TE36gUyGcf03XZEP0ZIKgKj35LS4= +k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff/go.mod h1:5jIi+8yX4RIb8wk3XwBo5Pq2ccx4FP10ohkbSKCZoK8= k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro= k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= oras.land/oras-go/v2 v2.6.0 h1:X4ELRsiGkrbeox69+9tzTu492FMUu7zJQW6eJU+I2oc= oras.land/oras-go/v2 v2.6.0/go.mod h1:magiQDfG6H1O9APp+rOsvCPcW1GD2MM7vgnKY0Y+u1o= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.0 h1:CPT0ExVicCzcpeN4baWEV2ko2Z/AsiZgEdwgcfwLgMo= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.0/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= -sigs.k8s.io/cluster-api v1.10.4 h1:5mdyWLGbbwOowWrjqM/J9N600QnxTohu5J1/1YR6g7c= -sigs.k8s.io/cluster-api v1.10.4/go.mod h1:68GJs286ZChsncp+TxYNj/vhy2NWokiPtH4+SA0afs0= -sigs.k8s.io/controller-runtime v0.20.4 h1:X3c+Odnxz+iPTRobG4tp092+CvBU9UK0t/bRf+n0DGU= -sigs.k8s.io/controller-runtime v0.20.4/go.mod h1:xg2XB0K5ShQzAgsoujxuKN4LNXR2LfwwHsPj7Iaw+XY= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2 h1:jpcvIRr3GLoUoEKRkHKSmGjxb6lWwrBlJsXc+eUYQHM= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= +sigs.k8s.io/cluster-api v1.11.0 h1:4ZqKxjhdP3F/vvHMd675rGsDrT/siggnFPt5eKQ8nkI= +sigs.k8s.io/cluster-api v1.11.0/go.mod h1:gGmNlHrtJe3z0YV3J6JRy5Rwh9SfzokjQaS+Fv3DBPE= +sigs.k8s.io/controller-runtime v0.21.0 h1:CYfjpEuicjUecRk+KAeyYh+ouUBn4llGyDYytIGcJS8= +sigs.k8s.io/controller-runtime v0.21.0/go.mod h1:OSg14+F65eWqIu4DceX7k/+QRAbTTvxeQSNSOQpukWM= sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8= sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo= -sigs.k8s.io/structured-merge-diff/v4 v4.4.2 h1:MdmvkGuXi/8io6ixD5wud3vOLwc1rj0aNqRlpuvjmwA= -sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= +sigs.k8s.io/randfill v0.0.0-20250304075658-069ef1bbf016/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= +sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= +sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= +sigs.k8s.io/structured-merge-diff/v4 v4.6.0 h1:IUA9nvMmnKWcj5jl84xn+T5MnlZKThmUW1TdblaLVAc= +sigs.k8s.io/structured-merge-diff/v4 v4.6.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4= diff --git a/internal/controller/configmap_changes_test.go b/internal/controller/configmap_changes_test.go index 3a71ae02e..c01a011ad 100644 --- a/internal/controller/configmap_changes_test.go +++ b/internal/controller/configmap_changes_test.go @@ -24,7 +24,7 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" operatorv1 "sigs.k8s.io/cluster-api-operator/api/v1alpha2" - clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2" "sigs.k8s.io/cluster-api/util/conditions" "sigs.k8s.io/cluster-api/util/patch" "sigs.k8s.io/controller-runtime/pkg/client" @@ -92,7 +92,11 @@ func TestConfigMapChangesAreAppliedToTheProvider(t *testing.T) { // Manually set ReadyCondition as it's not set automatically in test env patchHelper, err := patch.NewHelper(coreProvider, env) g.Expect(err).ToNot(HaveOccurred()) - conditions.MarkTrue(coreProvider, clusterv1.ReadyCondition) + conditions.Set(coreProvider, metav1.Condition{ + Type: clusterv1.ReadyCondition, + Status: metav1.ConditionTrue, + Reason: "Ready", + }) g.Expect(patchHelper.Patch(ctx, coreProvider)).To(Succeed()) // Create InfrastructureProvider that uses the ConfigMap @@ -211,7 +215,11 @@ func TestConfigMapChangesWithNonMatchingSelector(t *testing.T) { // Manually set ReadyCondition as it's not set automatically in test env patchHelper, err := patch.NewHelper(coreProvider, env) g.Expect(err).ToNot(HaveOccurred()) - conditions.MarkTrue(coreProvider, clusterv1.ReadyCondition) + conditions.Set(coreProvider, metav1.Condition{ + Type: clusterv1.ReadyCondition, + Status: metav1.ConditionTrue, + Reason: "Ready", + }) g.Expect(patchHelper.Patch(ctx, coreProvider)).To(Succeed()) // Create ConfigMap that won't match any provider selector @@ -380,7 +388,11 @@ func TestMultipleConfigMapsError(t *testing.T) { // Manually set ReadyCondition as it's not set automatically in test env patchHelper, err := patch.NewHelper(coreProvider, env) g.Expect(err).ToNot(HaveOccurred()) - conditions.MarkTrue(coreProvider, clusterv1.ReadyCondition) + conditions.Set(coreProvider, metav1.Condition{ + Type: clusterv1.ReadyCondition, + Status: metav1.ConditionTrue, + Reason: "Ready", + }) g.Expect(patchHelper.Patch(ctx, coreProvider)).To(Succeed()) // Create multiple ConfigMaps with the same labels (this should cause an error) diff --git a/internal/controller/coreprovider_to_providers.go b/internal/controller/coreprovider_to_providers.go index 1adffda12..522094318 100644 --- a/internal/controller/coreprovider_to_providers.go +++ b/internal/controller/coreprovider_to_providers.go @@ -22,7 +22,7 @@ import ( operatorv1 "sigs.k8s.io/cluster-api-operator/api/v1alpha2" "sigs.k8s.io/cluster-api-operator/internal/controller/genericprovider" - clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2" "sigs.k8s.io/cluster-api/util/conditions" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" diff --git a/internal/controller/coreprovider_to_providers_test.go b/internal/controller/coreprovider_to_providers_test.go index 4f0af5fd5..11bb04c59 100644 --- a/internal/controller/coreprovider_to_providers_test.go +++ b/internal/controller/coreprovider_to_providers_test.go @@ -20,11 +20,10 @@ import ( "testing" . "github.com/onsi/gomega" - corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" operatorv1 "sigs.k8s.io/cluster-api-operator/api/v1alpha2" - clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/fake" @@ -48,10 +47,10 @@ func TestCoreProviderToProvidersMapper(t *testing.T) { }, Status: operatorv1.CoreProviderStatus{ ProviderStatus: operatorv1.ProviderStatus{ - Conditions: clusterv1.Conditions{ + Conditions: []metav1.Condition{ { Type: clusterv1.ReadyCondition, - Status: corev1.ConditionTrue, + Status: metav1.ConditionTrue, LastTransitionTime: metav1.Now(), Message: "Provider is ready", }, @@ -88,10 +87,10 @@ func TestCoreProviderToProvidersMapper(t *testing.T) { }, Status: operatorv1.InfrastructureProviderStatus{ ProviderStatus: operatorv1.ProviderStatus{ - Conditions: clusterv1.Conditions{ + Conditions: []metav1.Condition{ { Type: operatorv1.PreflightCheckCondition, - Status: corev1.ConditionFalse, + Status: metav1.ConditionFalse, LastTransitionTime: metav1.Now(), Reason: operatorv1.WaitingForCoreProviderReadyReason, Message: "Core provider is not ready", @@ -110,10 +109,10 @@ func TestCoreProviderToProvidersMapper(t *testing.T) { }, Status: operatorv1.InfrastructureProviderStatus{ ProviderStatus: operatorv1.ProviderStatus{ - Conditions: clusterv1.Conditions{ + Conditions: []metav1.Condition{ { Type: operatorv1.PreflightCheckCondition, - Status: corev1.ConditionTrue, + Status: metav1.ConditionTrue, LastTransitionTime: metav1.Now(), Message: "Core provider is ready", }, diff --git a/internal/controller/genericprovider_controller.go b/internal/controller/genericprovider_controller.go index 7f544e990..f46048836 100644 --- a/internal/controller/genericprovider_controller.go +++ b/internal/controller/genericprovider_controller.go @@ -34,7 +34,6 @@ import ( operatorv1 "sigs.k8s.io/cluster-api-operator/api/v1alpha2" "sigs.k8s.io/cluster-api-operator/internal/controller/genericprovider" "sigs.k8s.io/cluster-api-operator/util" - clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" clusterctlv1 "sigs.k8s.io/cluster-api/cmd/clusterctl/api/v1alpha3" configclient "sigs.k8s.io/cluster-api/cmd/clusterctl/client/config" "sigs.k8s.io/cluster-api/util/conditions" @@ -194,7 +193,7 @@ func (r *GenericProviderReconciler) Reconcile(ctx context.Context, req reconcile } func patchProvider(ctx context.Context, provider operatorv1.GenericProvider, patchHelper *patch.Helper, options ...patch.Option) error { - conds := []clusterv1.ConditionType{ + conds := []string{ operatorv1.PreflightCheckCondition, operatorv1.ProviderInstalledCondition, } @@ -212,7 +211,12 @@ func (r *GenericProviderReconciler) reconcile(ctx context.Context) (*Result, err if err != nil { var pe *PhaseError if errors.As(err, &pe) { - conditions.Set(r.Provider, conditions.FalseCondition(pe.Type, pe.Reason, pe.Severity, "%s", err.Error())) + conditions.Set(r.Provider, metav1.Condition{ + Type: pe.Type, + Status: metav1.ConditionFalse, + Reason: pe.Reason, + Message: err.Error(), + }) } } @@ -242,7 +246,12 @@ func (r *GenericProviderReconciler) reconcileDelete(ctx context.Context, provide if err != nil { var pe *PhaseError if errors.As(err, &pe) { - conditions.Set(provider, conditions.FalseCondition(pe.Type, pe.Reason, pe.Severity, "%s", err.Error())) + conditions.Set(provider, metav1.Condition{ + Type: pe.Type, + Status: metav1.ConditionFalse, + Reason: pe.Reason, + Message: err.Error(), + }) } } diff --git a/internal/controller/genericprovider_controller_test.go b/internal/controller/genericprovider_controller_test.go index e736284b0..f157db796 100644 --- a/internal/controller/genericprovider_controller_test.go +++ b/internal/controller/genericprovider_controller_test.go @@ -27,7 +27,7 @@ import ( "k8s.io/apimachinery/pkg/runtime" utilruntime "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/utils/ptr" - clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2" clusterctlv1 "sigs.k8s.io/cluster-api/cmd/clusterctl/api/v1alpha3" "sigs.k8s.io/cluster-api/util/conditions" "sigs.k8s.io/cluster-api/util/patch" @@ -40,10 +40,11 @@ import ( const ( testMetadata = ` apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 +kind: Metadata releaseSeries: - - major: 0 - minor: 4 - contract: v1beta1 + - major: 1 + minor: 11 + contract: v1beta2 ` testDeploymentName = "capd-controller-manager" testComponents = ` @@ -78,7 +79,7 @@ spec: cpu: 200m ` - testCurrentVersion = "v0.4.2" + testCurrentVersion = "v1.11.0" ) func insertDummyConfig(provider genericprovider.GenericProvider) { @@ -254,10 +255,10 @@ func TestReconcilerPreflightConditions(t *testing.T) { }, Status: operatorv1.CoreProviderStatus{ ProviderStatus: operatorv1.ProviderStatus{ - Conditions: []clusterv1.Condition{ + Conditions: []metav1.Condition{ { Type: clusterv1.ReadyCondition, - Status: corev1.ConditionTrue, + Status: metav1.ConditionTrue, }, }, }, @@ -325,10 +326,11 @@ func TestAirGappedUpgradeDowngradeProvider(t *testing.T) { currentVersion := "v999.9.2" futureMetadata := ` apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 +kind: Metadata releaseSeries: - major: 999 minor: 9 - contract: v1beta1 + contract: v1beta2 ` dummyFutureConfigMap := func(ns, name string) *corev1.ConfigMap { @@ -409,7 +411,7 @@ releaseSeries: for _, cond := range provider.GetStatus().Conditions { if cond.Type == operatorv1.PreflightCheckCondition { t.Log(t.Name(), provider.GetName(), cond) - if cond.Status == corev1.ConditionTrue { + if cond.Status == metav1.ConditionTrue { return true } } @@ -459,7 +461,7 @@ releaseSeries: for _, cond := range provider.GetStatus().Conditions { if cond.Type == operatorv1.PreflightCheckCondition { t.Log(t.Name(), provider.GetName(), cond) - if cond.Status == corev1.ConditionTrue { + if cond.Status == metav1.ConditionTrue { allFound = true break } @@ -474,7 +476,7 @@ releaseSeries: for _, cond := range provider.GetStatus().Conditions { if cond.Type == operatorv1.ProviderUpgradedCondition { t.Log(t.Name(), provider.GetName(), cond) - if cond.Status == corev1.ConditionTrue { + if cond.Status == metav1.ConditionTrue { allFound = tc.newVersion != currentVersion break } @@ -502,7 +504,7 @@ releaseSeries: for _, cond := range provider.GetStatus().Conditions { if cond.Type == operatorv1.ProviderUpgradedCondition { t.Log(t.Name(), provider.GetName(), cond) - if cond.Status == corev1.ConditionTrue { + if cond.Status == metav1.ConditionTrue { allSet = tc.newVersion != currentVersion break } @@ -637,7 +639,13 @@ func TestReconcilerPreflightConditionsFromCoreProviderEvents(t *testing.T) { patchHelper, err := patch.NewHelper(coreProvider, env) g.Expect(err).ToNot(HaveOccurred()) - conditions.MarkTrue(coreProvider, clusterv1.ReadyCondition) + + conditions.Set(coreProvider, metav1.Condition{ + Type: clusterv1.ReadyCondition, + Status: metav1.ConditionTrue, + Reason: "Ready", + Message: "Provider is ready", + }) g.Expect(patchHelper.Patch(ctx, coreProvider)).To(Succeed()) g.Eventually(func() bool { @@ -748,7 +756,7 @@ func TestProviderConfigSecretChanges(t *testing.T) { g.Expect(env.CreateAndWait(ctx, provider.DeepCopy())).To(Succeed()) objs = append(objs, provider) - g.Eventually(generateExpectedResultChecker(provider, corev1.ConditionTrue, func(s string) bool { return s != "" }), timeout).Should(BeEquivalentTo(true)) + g.Eventually(generateExpectedResultChecker(provider, metav1.ConditionTrue, func(s string) bool { return s != "" }), timeout).Should(BeEquivalentTo(true)) initialHash := provider.GetAnnotations()[appliedSpecHashAnnotation] @@ -902,7 +910,7 @@ func TestProviderSpecChanges(t *testing.T) { g.Expect(env.Cleanup(ctx, provider, dummyConfigMap(namespace))).To(Succeed()) }() - g.Eventually(generateExpectedResultChecker(provider, corev1.ConditionTrue, func(s string) bool { + g.Eventually(generateExpectedResultChecker(provider, metav1.ConditionTrue, func(s string) bool { return s != "" }), timeout).Should(BeEquivalentTo(true)) @@ -929,7 +937,7 @@ func TestProviderSpecChanges(t *testing.T) { }).Should(Succeed()) if !tc.expectError { - g.Eventually(generateExpectedResultChecker(provider, corev1.ConditionTrue, func(s string) bool { + g.Eventually(generateExpectedResultChecker(provider, metav1.ConditionTrue, func(s string) bool { if tc.expectHashChange { return s != currentHash } @@ -937,13 +945,13 @@ func TestProviderSpecChanges(t *testing.T) { return s == currentHash }), timeout).Should(BeEquivalentTo(true)) } else { - g.Eventually(generateExpectedResultChecker(provider, corev1.ConditionFalse, func(s string) bool { return s == currentHash }), timeout).Should(BeEquivalentTo(true)) + g.Eventually(generateExpectedResultChecker(provider, metav1.ConditionFalse, func(s string) bool { return s == currentHash }), timeout).Should(BeEquivalentTo(true)) } }) } } -func generateExpectedResultChecker(provider genericprovider.GenericProvider, condStatus corev1.ConditionStatus, hashCheck func(string) bool) func() bool { +func generateExpectedResultChecker(provider genericprovider.GenericProvider, condStatus metav1.ConditionStatus, hashCheck func(string) bool) func() bool { return func() bool { if err := env.Get(ctx, client.ObjectKeyFromObject(provider), provider); err != nil { return false diff --git a/internal/controller/healthcheck/healthcheck_controller.go b/internal/controller/healthcheck/healthcheck_controller.go index 8ece61ff4..50a199292 100644 --- a/internal/controller/healthcheck/healthcheck_controller.go +++ b/internal/controller/healthcheck/healthcheck_controller.go @@ -22,7 +22,6 @@ import ( "time" appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/types" @@ -30,7 +29,7 @@ import ( "k8s.io/apimachinery/pkg/runtime" kerrors "k8s.io/apimachinery/pkg/util/errors" operatorv1 "sigs.k8s.io/cluster-api-operator/api/v1alpha2" - clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2" "sigs.k8s.io/cluster-api/util/conditions" "sigs.k8s.io/cluster-api/util/patch" ctrl "sigs.k8s.io/controller-runtime" @@ -153,7 +152,7 @@ func (r *GenericProviderHealthCheckReconciler) Reconcile(ctx context.Context, re // Compare provider's Ready condition with the deployment's Available condition and stop if they already match. currentReadyCondition := conditions.Get(typedProvider, clusterv1.ReadyCondition) - if currentReadyCondition != nil && deploymentAvailableCondition != nil && currentReadyCondition.Status == deploymentAvailableCondition.Status { + if currentReadyCondition != nil && deploymentAvailableCondition != nil && currentReadyCondition.Status == metav1.ConditionStatus(deploymentAvailableCondition.Status) { return result, nil } @@ -164,15 +163,20 @@ func (r *GenericProviderHealthCheckReconciler) Reconcile(ctx context.Context, re } if deploymentAvailableCondition != nil { - conditions.Set(typedProvider, &clusterv1.Condition{ + reason := deploymentAvailableCondition.Reason + if reason == "" { + reason = operatorv1.DeploymentAvailableReason + } + + conditions.Set(typedProvider, metav1.Condition{ Type: clusterv1.ReadyCondition, - Status: deploymentAvailableCondition.Status, - Reason: deploymentAvailableCondition.Reason, + Status: metav1.ConditionStatus(deploymentAvailableCondition.Status), + Reason: reason, }) } else { - conditions.Set(typedProvider, &clusterv1.Condition{ + conditions.Set(typedProvider, metav1.Condition{ Type: clusterv1.ReadyCondition, - Status: corev1.ConditionFalse, + Status: metav1.ConditionFalse, Reason: operatorv1.NoDeploymentAvailableConditionReason, }) } @@ -182,7 +186,7 @@ func (r *GenericProviderHealthCheckReconciler) Reconcile(ctx context.Context, re result = ctrl.Result{RequeueAfter: 5 * time.Second} } - options := patch.WithOwnedConditions{Conditions: []clusterv1.ConditionType{clusterv1.ReadyCondition}} + options := patch.WithOwnedConditions{Conditions: []string{clusterv1.ReadyCondition}} return result, patchHelper.Patch(ctx, typedProvider, options) } diff --git a/internal/controller/healthcheck/healthcheck_controller_test.go b/internal/controller/healthcheck/healthcheck_controller_test.go index 311d5966c..e7e5fb229 100644 --- a/internal/controller/healthcheck/healthcheck_controller_test.go +++ b/internal/controller/healthcheck/healthcheck_controller_test.go @@ -24,7 +24,7 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" - clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2" "sigs.k8s.io/controller-runtime/pkg/client" operatorv1 "sigs.k8s.io/cluster-api-operator/api/v1alpha2" @@ -33,10 +33,11 @@ import ( const ( testMetadata = ` apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 +kind: Metadata releaseSeries: - - major: 0 - minor: 4 - contract: v1alpha4 + - major: 1 + minor: 11 + contract: v1beta2 ` testComponents = ` apiVersion: apps/v1 @@ -69,7 +70,7 @@ spec: cpu: 200m ` - testCurrentVersion = "v0.4.2" + testCurrentVersion = "v1.11.0" ) func insertDummyConfig(provider operatorv1.GenericProvider) { @@ -173,7 +174,7 @@ func TestReconcilerReadyConditions(t *testing.T) { for _, cond := range provider.GetStatus().Conditions { if cond.Type == clusterv1.ReadyCondition { t.Log(t.Name(), provider.GetName(), cond) - if cond.Status == tc.expectedAvailability { + if cond.Status == metav1.ConditionStatus(tc.expectedAvailability) { return true } } diff --git a/internal/controller/manifests_downloader.go b/internal/controller/manifests_downloader.go index e642487b9..8a5b31039 100644 --- a/internal/controller/manifests_downloader.go +++ b/internal/controller/manifests_downloader.go @@ -147,7 +147,7 @@ func (p *PhaseReconciler) Finalize(ctx context.Context) (*Result, error) { ctrl.LoggerFrom(ctx).V(5).Error(err, "Failed to update providers hash") } - return &Result{}, wrapPhaseError(err, "failed to update providers hash", operatorv1.ProviderInstalledCondition) + return &Result{}, wrapPhaseError(err, "FailedToUpdateProvidersHash", operatorv1.ProviderInstalledCondition) } // prepareConfigMapLabels returns labels that identify a config map with downloaded manifests. diff --git a/internal/controller/phases.go b/internal/controller/phases.go index 4c7563bd9..3a6681a17 100644 --- a/internal/controller/phases.go +++ b/internal/controller/phases.go @@ -39,7 +39,7 @@ import ( operatorv1 "sigs.k8s.io/cluster-api-operator/api/v1alpha2" "sigs.k8s.io/cluster-api-operator/internal/controller/genericprovider" "sigs.k8s.io/cluster-api-operator/util" - clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2" clusterctlv1 "sigs.k8s.io/cluster-api/cmd/clusterctl/api/v1alpha3" "sigs.k8s.io/cluster-api/cmd/clusterctl/client/cluster" configclient "sigs.k8s.io/cluster-api/cmd/clusterctl/client/config" @@ -154,7 +154,7 @@ func (r *Result) IsZero() bool { // PhaseError custom error type for phases. type PhaseError struct { Reason string - Type clusterv1.ConditionType + Type string Severity clusterv1.ConditionSeverity Err error } @@ -163,7 +163,7 @@ func (p *PhaseError) Error() string { return p.Err.Error() } -func wrapPhaseError(err error, reason string, condition clusterv1.ConditionType) error { +func wrapPhaseError(err error, reason string, condition string) error { if err == nil { return nil } @@ -340,7 +340,7 @@ func (p *PhaseReconciler) Load(ctx context.Context) (*Result, error) { p.repo, err = p.configmapRepository(ctx, labelSelector, InNamespace(p.provider.GetNamespace()), WithAdditionalManifests(additionalManifests)) if err != nil { - return &Result{}, wrapPhaseError(err, "failed to load the repository", operatorv1.ProviderInstalledCondition) + return &Result{}, wrapPhaseError(err, operatorv1.ComponentsFetchErrorReason, operatorv1.ProviderInstalledCondition) } if spec.Version == "" { @@ -569,7 +569,7 @@ func (p *PhaseReconciler) validateRepoCAPIVersion(ctx context.Context) error { return fmt.Errorf("invalid provider metadata: version %s for the provider %s does not match any release series", p.options.Version, name) } - if releaseSeries.Contract != "v1alpha4" && releaseSeries.Contract != "v1beta1" { + if releaseSeries.Contract != "v1beta1" && releaseSeries.Contract != "v1beta2" { return fmt.Errorf(capiVersionIncompatibilityMessage, clusterv1.GroupVersion.Version, releaseSeries.Contract, name) } @@ -757,7 +757,12 @@ func (p *PhaseReconciler) Upgrade(ctx context.Context) (*Result, error) { } log.Info("Provider successfully upgraded") - conditions.Set(p.provider, conditions.TrueCondition(operatorv1.ProviderUpgradedCondition)) + conditions.Set(p.provider, metav1.Condition{ + Type: operatorv1.ProviderUpgradedCondition, + Status: metav1.ConditionTrue, + Reason: "ProviderUpgraded", + Message: "Provider upgraded successfully", + }) return &Result{}, nil } @@ -776,16 +781,21 @@ func (p *PhaseReconciler) Install(ctx context.Context) (*Result, error) { log.Info("Installing provider") if err := clusterClient.ProviderComponents().Create(ctx, p.components.Objs()); err != nil { - reason := "Install failed" + reason := "InstallFailed" if wait.Interrupted(err) { - reason = "Timed out waiting for deployment to become ready" + reason = "TimedOutWaitingForDeployment" } return &Result{}, wrapPhaseError(err, reason, operatorv1.ProviderInstalledCondition) } log.Info("Provider successfully installed") - conditions.Set(p.provider, conditions.TrueCondition(operatorv1.ProviderInstalledCondition)) + conditions.Set(p.provider, metav1.Condition{ + Type: operatorv1.ProviderInstalledCondition, + Status: metav1.ConditionTrue, + Reason: "ProviderInstalled", + Message: "Provider installed successfully", + }) return &Result{}, nil } diff --git a/internal/controller/phases_test.go b/internal/controller/phases_test.go index d98b364f1..4412a5110 100644 --- a/internal/controller/phases_test.go +++ b/internal/controller/phases_test.go @@ -34,6 +34,17 @@ import ( "sigs.k8s.io/cluster-api-operator/util" ) +const testProviderMetadata = ` +apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 +kind: Metadata +releaseSeries: + - major: 1 + minor: 11 + contract: v1beta2 + - major: 1 + minor: 10 + contract: v1beta1` + func TestSecretReader(t *testing.T) { g := NewWithT(t) @@ -135,15 +146,7 @@ func TestConfigmapRepository(t *testing.T) { }, }, } - metadata := ` -apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 -releaseSeries: - - major: 0 - minor: 4 - contract: v1alpha4 - - major: 0 - minor: 3 - contract: v1alpha3` + metadata := testProviderMetadata components := ` apiVersion: v1 @@ -469,46 +472,30 @@ func TestRepositoryProxy(t *testing.T) { }, } - awsMetadata := ` -apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 -releaseSeries: - - major: 2 - minor: 4 - contract: v1beta1 - - major: 2 - minor: 3 - contract: v1beta1` + awsMetadata := testProviderMetadata awsMetaReleaseSeries := []clusterctlv1.ReleaseSeries{ { - Major: 2, - Minor: 4, - Contract: "v1beta1", + Major: 1, + Minor: 11, + Contract: "v1beta2", }, { - Major: 2, - Minor: 3, + Major: 1, + Minor: 10, Contract: "v1beta1", }, } - metadata := ` -apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 -releaseSeries: - - major: 0 - minor: 4 - contract: v1alpha4 - - major: 0 - minor: 3 - contract: v1alpha3` + metadata := testProviderMetadata metaReleaseSeries := []clusterctlv1.ReleaseSeries{{ - Major: 0, - Minor: 4, - Contract: "v1alpha4", + Major: 1, + Minor: 11, + Contract: "v1beta2", }, { - Major: 0, - Minor: 3, - Contract: "v1alpha3", + Major: 1, + Minor: 10, + Contract: "v1beta1", }} tests := []struct { @@ -527,7 +514,7 @@ releaseSeries: provider: coreProvider, wantDefaultVersion: testCurrentVersion, genericProviders: []client.Object{core, provider}, - metadataErr: "failed to read \"metadata.yaml\" from the repository for provider \"cluster-api\": unable to get files for version v0.4.2", + metadataErr: "failed to read \"metadata.yaml\" from the repository for provider \"cluster-api\": unable to get files for version v1.11.0", }, { name: "correct configmap with data", diff --git a/internal/controller/preflight_checks.go b/internal/controller/preflight_checks.go index fb7360eb4..e353ba465 100644 --- a/internal/controller/preflight_checks.go +++ b/internal/controller/preflight_checks.go @@ -25,11 +25,12 @@ import ( "github.com/google/go-github/v52/github" "golang.org/x/oauth2" corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/version" operatorv1 "sigs.k8s.io/cluster-api-operator/api/v1alpha2" "sigs.k8s.io/cluster-api-operator/internal/controller/genericprovider" - clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2" clusterctlv1 "sigs.k8s.io/cluster-api/cmd/clusterctl/api/v1alpha3" configclient "sigs.k8s.io/cluster-api/cmd/clusterctl/client/config" "sigs.k8s.io/cluster-api/util/conditions" @@ -67,12 +68,12 @@ func preflightChecks(ctx context.Context, c client.Client, provider genericprovi // Ensure that the CoreProvider is called "cluster-api". if mapper(provider) == clusterctlv1.CoreProviderType { if provider.ProviderName() != configclient.ClusterAPIProviderName { - conditions.Set(provider, conditions.FalseCondition( - operatorv1.PreflightCheckCondition, - operatorv1.IncorrectCoreProviderNameReason, - clusterv1.ConditionSeverityError, - "%s", fmt.Sprintf(incorrectCoreProviderNameMessage, provider.ProviderName(), configclient.ClusterAPIProviderName), - )) + conditions.Set(provider, metav1.Condition{ + Type: operatorv1.PreflightCheckCondition, + Status: metav1.ConditionFalse, + Reason: operatorv1.IncorrectCoreProviderNameReason, + Message: fmt.Sprintf(incorrectCoreProviderNameMessage, provider.ProviderName(), configclient.ClusterAPIProviderName), + }) return fmt.Errorf("incorrect CoreProvider name: %s, it should be %s", provider.ProviderName(), configclient.ClusterAPIProviderName) } @@ -86,12 +87,12 @@ func preflightChecks(ctx context.Context, c client.Client, provider genericprovi if !isPredefinedProvider { if spec.FetchConfig == nil || spec.FetchConfig.Selector == nil && spec.FetchConfig.URL == "" && spec.FetchConfig.OCI == "" { - conditions.Set(provider, conditions.FalseCondition( - operatorv1.PreflightCheckCondition, - operatorv1.FetchConfigValidationErrorReason, - clusterv1.ConditionSeverityError, - "Either Selector, OCI URL or provider URL must be provided for a not predefined provider", - )) + conditions.Set(provider, metav1.Condition{ + Type: operatorv1.PreflightCheckCondition, + Status: metav1.ConditionFalse, + Reason: operatorv1.FetchConfigValidationErrorReason, + Message: "Either Selector, OCI URL or provider URL must be provided for a not predefined provider", + }) return fmt.Errorf("either selector, OCI URL or provider URL must be provided for a not predefined provider %s", provider.GetName()) } @@ -99,12 +100,12 @@ func preflightChecks(ctx context.Context, c client.Client, provider genericprovi if spec.FetchConfig != nil && spec.FetchConfig.Selector != nil && spec.FetchConfig.URL != "" { // If FetchConfiguration is not nil, exactly one of `URL` or `Selector` must be specified. - conditions.Set(provider, conditions.FalseCondition( - operatorv1.PreflightCheckCondition, - operatorv1.FetchConfigValidationErrorReason, - clusterv1.ConditionSeverityError, - "Only one of Selector and URL must be provided, not both", - )) + conditions.Set(provider, metav1.Condition{ + Type: operatorv1.PreflightCheckCondition, + Status: metav1.ConditionFalse, + Reason: operatorv1.FetchConfigValidationErrorReason, + Message: "Only one of Selector and URL must be provided, not both", + }) return fmt.Errorf("only one of Selector and URL must be provided for provider %s", provider.GetName()) } @@ -123,12 +124,12 @@ func preflightChecks(ctx context.Context, c client.Client, provider genericprovi &oauth2.Token{AccessToken: string(token)}, ))) if _, _, err := githubClient.Organizations.List(ctx, "kubernetes-sigs", nil); err != nil { - conditions.Set(provider, conditions.FalseCondition( - operatorv1.PreflightCheckCondition, - operatorv1.InvalidGithubTokenReason, - clusterv1.ConditionSeverityError, - "%s", invalidGithubTokenMessage, - )) + conditions.Set(provider, metav1.Condition{ + Type: operatorv1.PreflightCheckCondition, + Status: metav1.ConditionFalse, + Reason: operatorv1.InvalidGithubTokenReason, + Message: invalidGithubTokenMessage, + }) return fmt.Errorf("failed to validate provided github token: %w", err) } @@ -146,27 +147,31 @@ func preflightChecks(ctx context.Context, c client.Client, provider genericprovi continue } - preflightFalseCondition := conditions.FalseCondition( - operatorv1.PreflightCheckCondition, - operatorv1.MoreThanOneProviderInstanceExistsReason, - clusterv1.ConditionSeverityError, - "", - ) - // CoreProvider is a singleton resource, more than one instances should not exist if mapper(provider) == clusterctlv1.CoreProviderType && mapper(p) == clusterctlv1.CoreProviderType { log.Info(moreThanOneCoreProviderInstanceExistsMessage) - preflightFalseCondition.Message = moreThanOneCoreProviderInstanceExistsMessage - conditions.Set(provider, preflightFalseCondition) + + conditions.Set(provider, metav1.Condition{ + Type: operatorv1.PreflightCheckCondition, + Status: metav1.ConditionFalse, + Reason: operatorv1.MoreThanOneProviderInstanceExistsReason, + Message: moreThanOneCoreProviderInstanceExistsMessage, + }) return fmt.Errorf("only one instance of CoreProvider is allowed") } // For any other provider we should check that instances with similar name exist in any namespace if mapper(p) != clusterctlv1.CoreProviderType && p.GetName() == provider.GetName() && mapper(p) == mapper(provider) { - preflightFalseCondition.Message = fmt.Sprintf(moreThanOneProviderInstanceExistsMessage, p.GetName(), p.GetNamespace()) - log.Info(preflightFalseCondition.Message) - conditions.Set(provider, preflightFalseCondition) + message := fmt.Sprintf(moreThanOneProviderInstanceExistsMessage, p.GetName(), p.GetNamespace()) + log.Info(message) + + conditions.Set(provider, metav1.Condition{ + Type: operatorv1.PreflightCheckCondition, + Status: metav1.ConditionFalse, + Reason: operatorv1.MoreThanOneProviderInstanceExistsReason, + Message: message, + }) return fmt.Errorf("only one %s provider is allowed in the cluster", p.GetName()) } @@ -181,18 +186,24 @@ func preflightChecks(ctx context.Context, c client.Client, provider genericprovi if !ready { log.Info(waitingForCoreProviderReadyMessage) - conditions.Set(provider, conditions.FalseCondition( - operatorv1.PreflightCheckCondition, - operatorv1.WaitingForCoreProviderReadyReason, - clusterv1.ConditionSeverityInfo, - "%s", waitingForCoreProviderReadyMessage, - )) + + conditions.Set(provider, metav1.Condition{ + Type: operatorv1.PreflightCheckCondition, + Status: metav1.ConditionFalse, + Reason: operatorv1.WaitingForCoreProviderReadyReason, + Message: waitingForCoreProviderReadyMessage, + }) return errCoreProviderWait } } - conditions.Set(provider, conditions.TrueCondition(operatorv1.PreflightCheckCondition)) + conditions.Set(provider, metav1.Condition{ + Type: operatorv1.PreflightCheckCondition, + Status: metav1.ConditionTrue, + Reason: "PreflightChecksPassed", + Message: "All preflight checks passed", + }) log.Info("Preflight checks passed") @@ -207,12 +218,13 @@ func checkProviderVersion(ctx context.Context, providerVersion string, provider targetVersion, err := version.ParseSemantic(providerVersion) if err != nil { log.Info("Version contains invalid value") - conditions.Set(provider, conditions.FalseCondition( - operatorv1.PreflightCheckCondition, - operatorv1.IncorrectVersionFormatReason, - clusterv1.ConditionSeverityError, - "%s", err.Error(), - )) + + conditions.Set(provider, metav1.Condition{ + Type: operatorv1.PreflightCheckCondition, + Status: metav1.ConditionFalse, + Reason: operatorv1.IncorrectVersionFormatReason, + Message: err.Error(), + }) return fmt.Errorf("version contains invalid value for provider %q", provider.GetName()) } @@ -225,12 +237,12 @@ func checkProviderVersion(ctx context.Context, providerVersion string, provider } if targetVersion.Major() < installedVersion.Major() || targetVersion.Major() == installedVersion.Major() && targetVersion.Minor() < installedVersion.Minor() { - conditions.Set(provider, conditions.FalseCondition( - operatorv1.PreflightCheckCondition, - operatorv1.UnsupportedProviderDowngradeReason, - clusterv1.ConditionSeverityError, - "%s", unsupportedProviderDowngradeMessage, - )) + conditions.Set(provider, metav1.Condition{ + Type: operatorv1.PreflightCheckCondition, + Status: metav1.ConditionFalse, + Reason: operatorv1.UnsupportedProviderDowngradeReason, + Message: unsupportedProviderDowngradeMessage, + }) return fmt.Errorf("downgrade is not supported for provider %q", provider.GetName()) } diff --git a/internal/controller/preflight_checks_test.go b/internal/controller/preflight_checks_test.go index 4ab90a545..0f9af042e 100644 --- a/internal/controller/preflight_checks_test.go +++ b/internal/controller/preflight_checks_test.go @@ -22,9 +22,8 @@ import ( "testing" . "github.com/onsi/gomega" - corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2" clusterctlv1 "sigs.k8s.io/cluster-api/cmd/clusterctl/api/v1alpha3" "sigs.k8s.io/controller-runtime/pkg/client/fake" @@ -42,7 +41,7 @@ func TestPreflightChecks(t *testing.T) { providers []operatorv1.GenericProvider providerList genericprovider.GenericProviderList mapper ProviderTypeMapper - expectedCondition clusterv1.Condition + expectedCondition metav1.Condition expectedError bool }{ { @@ -67,9 +66,11 @@ func TestPreflightChecks(t *testing.T) { }, }, }, - expectedCondition: clusterv1.Condition{ - Type: operatorv1.PreflightCheckCondition, - Status: corev1.ConditionTrue, + expectedCondition: metav1.Condition{ + Type: operatorv1.PreflightCheckCondition, + Status: metav1.ConditionTrue, + Reason: "PreflightChecksPassed", + Message: "All preflight checks passed", }, providerList: &operatorv1.CoreProviderList{}, }, @@ -96,12 +97,11 @@ func TestPreflightChecks(t *testing.T) { }, }, }, - expectedCondition: clusterv1.Condition{ - Type: operatorv1.PreflightCheckCondition, - Reason: operatorv1.IncorrectCoreProviderNameReason, - Severity: clusterv1.ConditionSeverityError, - Message: "Incorrect CoreProvider name: my-fancy-cluster-api. It should be cluster-api", - Status: corev1.ConditionFalse, + expectedCondition: metav1.Condition{ + Type: operatorv1.PreflightCheckCondition, + Reason: operatorv1.IncorrectCoreProviderNameReason, + Message: "Incorrect CoreProvider name: my-fancy-cluster-api. It should be cluster-api", + Status: metav1.ConditionFalse, }, providerList: &operatorv1.CoreProviderList{}, }, @@ -140,12 +140,11 @@ func TestPreflightChecks(t *testing.T) { }, }, }, - expectedCondition: clusterv1.Condition{ - Type: operatorv1.PreflightCheckCondition, - Reason: operatorv1.MoreThanOneProviderInstanceExistsReason, - Severity: clusterv1.ConditionSeverityError, - Message: moreThanOneCoreProviderInstanceExistsMessage, - Status: corev1.ConditionFalse, + expectedCondition: metav1.Condition{ + Type: operatorv1.PreflightCheckCondition, + Status: metav1.ConditionFalse, + Reason: operatorv1.MoreThanOneProviderInstanceExistsReason, + Message: moreThanOneCoreProviderInstanceExistsMessage, }, providerList: &operatorv1.CoreProviderList{}, }, @@ -183,9 +182,11 @@ func TestPreflightChecks(t *testing.T) { }, }, }, - expectedCondition: clusterv1.Condition{ - Type: operatorv1.PreflightCheckCondition, - Status: corev1.ConditionTrue, + expectedCondition: metav1.Condition{ + Type: operatorv1.PreflightCheckCondition, + Status: metav1.ConditionTrue, + Reason: "PreflightChecksPassed", + Message: "All preflight checks passed", }, mapper: func(provider operatorv1.GenericProvider) clusterctlv1.ProviderType { if provider.GetName() == "core-3" { @@ -231,12 +232,11 @@ func TestPreflightChecks(t *testing.T) { }, }, }, - expectedCondition: clusterv1.Condition{ - Type: operatorv1.PreflightCheckCondition, - Reason: operatorv1.MoreThanOneProviderInstanceExistsReason, - Severity: clusterv1.ConditionSeverityError, - Message: moreThanOneCoreProviderInstanceExistsMessage, - Status: corev1.ConditionFalse, + expectedCondition: metav1.Condition{ + Type: operatorv1.PreflightCheckCondition, + Status: metav1.ConditionFalse, + Reason: operatorv1.MoreThanOneProviderInstanceExistsReason, + Message: moreThanOneCoreProviderInstanceExistsMessage, }, providerList: &operatorv1.CoreProviderList{}, }, @@ -274,10 +274,10 @@ func TestPreflightChecks(t *testing.T) { }, Status: operatorv1.CoreProviderStatus{ ProviderStatus: operatorv1.ProviderStatus{ - Conditions: []clusterv1.Condition{ + Conditions: []metav1.Condition{ { Type: clusterv1.ReadyCondition, - Status: corev1.ConditionTrue, + Status: metav1.ConditionTrue, LastTransitionTime: metav1.Now(), }, }, @@ -285,9 +285,11 @@ func TestPreflightChecks(t *testing.T) { }, }, }, - expectedCondition: clusterv1.Condition{ - Type: operatorv1.PreflightCheckCondition, - Status: corev1.ConditionTrue, + expectedCondition: metav1.Condition{ + Type: operatorv1.PreflightCheckCondition, + Status: metav1.ConditionTrue, + Reason: "PreflightChecksPassed", + Message: "All preflight checks passed", }, providerList: &operatorv1.InfrastructureProviderList{}, }, @@ -326,10 +328,10 @@ func TestPreflightChecks(t *testing.T) { }, Status: operatorv1.CoreProviderStatus{ ProviderStatus: operatorv1.ProviderStatus{ - Conditions: []clusterv1.Condition{ + Conditions: []metav1.Condition{ { Type: clusterv1.ReadyCondition, - Status: corev1.ConditionFalse, + Status: metav1.ConditionFalse, LastTransitionTime: metav1.Now(), }, }, @@ -337,12 +339,11 @@ func TestPreflightChecks(t *testing.T) { }, }, }, - expectedCondition: clusterv1.Condition{ - Type: operatorv1.PreflightCheckCondition, - Status: corev1.ConditionFalse, - Reason: operatorv1.WaitingForCoreProviderReadyReason, - Severity: clusterv1.ConditionSeverityInfo, - Message: "Waiting for the CoreProvider to be installed.", + expectedCondition: metav1.Condition{ + Type: operatorv1.PreflightCheckCondition, + Status: metav1.ConditionFalse, + Reason: operatorv1.WaitingForCoreProviderReadyReason, + Message: "Waiting for the CoreProvider to be installed.", }, providerList: &operatorv1.InfrastructureProviderList{}, }, @@ -395,10 +396,10 @@ func TestPreflightChecks(t *testing.T) { }, Status: operatorv1.CoreProviderStatus{ ProviderStatus: operatorv1.ProviderStatus{ - Conditions: []clusterv1.Condition{ + Conditions: []metav1.Condition{ { Type: clusterv1.ReadyCondition, - Status: corev1.ConditionTrue, + Status: metav1.ConditionTrue, LastTransitionTime: metav1.Now(), }, }, @@ -406,9 +407,11 @@ func TestPreflightChecks(t *testing.T) { }, }, }, - expectedCondition: clusterv1.Condition{ - Type: operatorv1.PreflightCheckCondition, - Status: corev1.ConditionTrue, + expectedCondition: metav1.Condition{ + Type: operatorv1.PreflightCheckCondition, + Status: metav1.ConditionTrue, + Reason: "PreflightChecksPassed", + Message: "All preflight checks passed", }, providerList: &operatorv1.InfrastructureProviderList{}, }, @@ -461,10 +464,10 @@ func TestPreflightChecks(t *testing.T) { }, Status: operatorv1.CoreProviderStatus{ ProviderStatus: operatorv1.ProviderStatus{ - Conditions: []clusterv1.Condition{ + Conditions: []metav1.Condition{ { Type: clusterv1.ReadyCondition, - Status: corev1.ConditionTrue, + Status: metav1.ConditionTrue, LastTransitionTime: metav1.Now(), }, }, @@ -472,9 +475,11 @@ func TestPreflightChecks(t *testing.T) { }, }, }, - expectedCondition: clusterv1.Condition{ - Type: operatorv1.PreflightCheckCondition, - Status: corev1.ConditionTrue, + expectedCondition: metav1.Condition{ + Type: operatorv1.PreflightCheckCondition, + Status: metav1.ConditionTrue, + Reason: "PreflightChecksPassed", + Message: "All preflight checks passed", }, providerList: &operatorv1.InfrastructureProviderList{}, }, @@ -513,12 +518,11 @@ func TestPreflightChecks(t *testing.T) { }, }, }, - expectedCondition: clusterv1.Condition{ - Type: operatorv1.PreflightCheckCondition, - Reason: operatorv1.MoreThanOneProviderInstanceExistsReason, - Severity: clusterv1.ConditionSeverityError, - Message: fmt.Sprintf(moreThanOneProviderInstanceExistsMessage, "aws", namespaceName2), - Status: corev1.ConditionFalse, + expectedCondition: metav1.Condition{ + Type: operatorv1.PreflightCheckCondition, + Status: metav1.ConditionFalse, + Reason: operatorv1.MoreThanOneProviderInstanceExistsReason, + Message: fmt.Sprintf(moreThanOneProviderInstanceExistsMessage, "aws", namespaceName2), }, providerList: &operatorv1.InfrastructureProviderList{}, }, @@ -584,9 +588,11 @@ func TestPreflightChecks(t *testing.T) { return clusterctlv1.InfrastructureProviderType }, - expectedCondition: clusterv1.Condition{ - Type: operatorv1.PreflightCheckCondition, - Status: corev1.ConditionTrue, + expectedCondition: metav1.Condition{ + Type: operatorv1.PreflightCheckCondition, + Status: metav1.ConditionTrue, + Reason: "PreflightChecksPassed", + Message: "All preflight checks passed", }, providerList: &operatorv1.InfrastructureProviderList{}, }, @@ -610,12 +616,11 @@ func TestPreflightChecks(t *testing.T) { }, }, }, - expectedCondition: clusterv1.Condition{ - Type: operatorv1.PreflightCheckCondition, - Reason: operatorv1.IncorrectVersionFormatReason, - Severity: clusterv1.ConditionSeverityError, - Message: "could not parse \"one\" as version", - Status: corev1.ConditionFalse, + expectedCondition: metav1.Condition{ + Type: operatorv1.PreflightCheckCondition, + Status: metav1.ConditionFalse, + Reason: operatorv1.IncorrectVersionFormatReason, + Message: "could not parse \"one\" as version", }, providerList: &operatorv1.InfrastructureProviderList{}, }, @@ -640,9 +645,11 @@ func TestPreflightChecks(t *testing.T) { }, }, }, - expectedCondition: clusterv1.Condition{ - Type: operatorv1.PreflightCheckCondition, - Status: corev1.ConditionTrue, + expectedCondition: metav1.Condition{ + Type: operatorv1.PreflightCheckCondition, + Status: metav1.ConditionTrue, + Reason: "PreflightChecksPassed", + Message: "All preflight checks passed", }, providerList: &operatorv1.CoreProviderList{}, }, @@ -672,12 +679,11 @@ func TestPreflightChecks(t *testing.T) { }, }, }, - expectedCondition: clusterv1.Condition{ - Type: operatorv1.PreflightCheckCondition, - Reason: operatorv1.FetchConfigValidationErrorReason, - Severity: clusterv1.ConditionSeverityError, - Message: "Only one of Selector and URL must be provided, not both", - Status: corev1.ConditionFalse, + expectedCondition: metav1.Condition{ + Type: operatorv1.PreflightCheckCondition, + Status: metav1.ConditionFalse, + Reason: operatorv1.FetchConfigValidationErrorReason, + Message: "Only one of Selector and URL must be provided, not both", }, providerList: &operatorv1.InfrastructureProviderList{}, }, @@ -700,9 +706,11 @@ func TestPreflightChecks(t *testing.T) { }, }, }, - expectedCondition: clusterv1.Condition{ - Type: operatorv1.PreflightCheckCondition, - Status: corev1.ConditionTrue, + expectedCondition: metav1.Condition{ + Type: operatorv1.PreflightCheckCondition, + Status: metav1.ConditionTrue, + Reason: "PreflightChecksPassed", + Message: "All preflight checks passed", }, providerList: &operatorv1.CoreProviderList{}, }, @@ -726,12 +734,11 @@ func TestPreflightChecks(t *testing.T) { }, }, }, - expectedCondition: clusterv1.Condition{ - Type: operatorv1.PreflightCheckCondition, - Reason: operatorv1.FetchConfigValidationErrorReason, - Severity: clusterv1.ConditionSeverityError, - Message: "Either Selector, OCI URL or provider URL must be provided for a not predefined provider", - Status: corev1.ConditionFalse, + expectedCondition: metav1.Condition{ + Type: operatorv1.PreflightCheckCondition, + Reason: operatorv1.FetchConfigValidationErrorReason, + Message: "Either Selector, OCI URL or provider URL must be provided for a not predefined provider", + Status: metav1.ConditionFalse, }, providerList: &operatorv1.CoreProviderList{}, }, @@ -759,12 +766,11 @@ func TestPreflightChecks(t *testing.T) { }, }, }, - expectedCondition: clusterv1.Condition{ - Type: operatorv1.PreflightCheckCondition, - Reason: operatorv1.FetchConfigValidationErrorReason, - Severity: clusterv1.ConditionSeverityError, - Message: "Either Selector, OCI URL or provider URL must be provided for a not predefined provider", - Status: corev1.ConditionFalse, + expectedCondition: metav1.Condition{ + Type: operatorv1.PreflightCheckCondition, + Reason: operatorv1.FetchConfigValidationErrorReason, + Message: "Either Selector, OCI URL or provider URL must be provided for a not predefined provider", + Status: metav1.ConditionFalse, }, providerList: &operatorv1.CoreProviderList{}, }, @@ -801,7 +807,6 @@ func TestPreflightChecks(t *testing.T) { gs.Expect(tc.providers[0].GetStatus().Conditions[0].Type).To(Equal(tc.expectedCondition.Type)) gs.Expect(tc.providers[0].GetStatus().Conditions[0].Status).To(Equal(tc.expectedCondition.Status)) gs.Expect(tc.providers[0].GetStatus().Conditions[0].Message).To(Equal(tc.expectedCondition.Message)) - gs.Expect(tc.providers[0].GetStatus().Conditions[0].Severity).To(Equal(tc.expectedCondition.Severity)) }) } } @@ -811,44 +816,44 @@ func TestPreflightChecksUpgradesDowngrades(t *testing.T) { name string installedVersion string targetVersion string - expectedConditionStatus corev1.ConditionStatus + expectedConditionStatus metav1.ConditionStatus expectedError bool }{ { name: "upgrade core provider major version", - expectedConditionStatus: corev1.ConditionTrue, + expectedConditionStatus: metav1.ConditionTrue, installedVersion: "v1.9.0", targetVersion: "v2.0.0", }, { name: "upgrade core provider minor version", - expectedConditionStatus: corev1.ConditionTrue, + expectedConditionStatus: metav1.ConditionTrue, installedVersion: "v1.9.0", targetVersion: "v1.10.0", }, { name: "downgrade core provider major version", - expectedConditionStatus: corev1.ConditionFalse, + expectedConditionStatus: metav1.ConditionFalse, installedVersion: "v2.0.0", targetVersion: "v1.9.0", expectedError: true, }, { name: "downgrade core provider minor version", - expectedConditionStatus: corev1.ConditionFalse, + expectedConditionStatus: metav1.ConditionFalse, installedVersion: "v1.10.0", targetVersion: "v1.9.0", expectedError: true, }, { name: "downgrade core provider patch version", - expectedConditionStatus: corev1.ConditionTrue, + expectedConditionStatus: metav1.ConditionTrue, installedVersion: "v1.10.1", targetVersion: "v1.10.0", }, { name: "same version", - expectedConditionStatus: corev1.ConditionTrue, + expectedConditionStatus: metav1.ConditionTrue, installedVersion: "v1.10.0", targetVersion: "v1.10.0", }, @@ -902,9 +907,8 @@ func TestPreflightChecksUpgradesDowngrades(t *testing.T) { gs.Expect(provider.GetStatus().Conditions[0].Type).To(Equal(operatorv1.PreflightCheckCondition)) gs.Expect(provider.GetStatus().Conditions[0].Status).To(Equal(tc.expectedConditionStatus)) - if tc.expectedConditionStatus == corev1.ConditionFalse { + if tc.expectedConditionStatus == metav1.ConditionFalse { gs.Expect(provider.GetStatus().Conditions[0].Reason).To(Equal(operatorv1.UnsupportedProviderDowngradeReason)) - gs.Expect(provider.GetStatus().Conditions[0].Severity).To(Equal(clusterv1.ConditionSeverityError)) } }) } diff --git a/internal/envtest/environment.go b/internal/envtest/environment.go index 00f47864b..a3e134fb6 100644 --- a/internal/envtest/environment.go +++ b/internal/envtest/environment.go @@ -42,7 +42,7 @@ import ( "k8s.io/klog/v2" "k8s.io/klog/v2/textlogger" operatorv1 "sigs.k8s.io/cluster-api-operator/api/v1alpha2" - clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2" clusterctlv1 "sigs.k8s.io/cluster-api/cmd/clusterctl/api/v1alpha3" "sigs.k8s.io/cluster-api/util/kubeconfig" diff --git a/test/e2e/air_gapped_test.go b/test/e2e/air_gapped_test.go index 019b392c0..d332e72e6 100644 --- a/test/e2e/air_gapped_test.go +++ b/test/e2e/air_gapped_test.go @@ -30,7 +30,6 @@ import ( "k8s.io/utils/ptr" operatorv1 "sigs.k8s.io/cluster-api-operator/api/v1alpha2" . "sigs.k8s.io/cluster-api-operator/test/framework" - clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" "sigs.k8s.io/cluster-api/test/framework" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/yaml" @@ -59,7 +58,7 @@ var _ = Describe("Install ControlPlane, Core, Bootstrap providers in an air-gapp MatchLabels: map[string]string{ operatorv1.ConfigMapNameLabel: coreProviderName, operatorv1.ConfigMapTypeLabel: "core", - operatorv1.ConfigMapVersionLabelName: "v1.7.7", + operatorv1.ConfigMapVersionLabelName: previousCAPIVersion, }, }, }, @@ -73,12 +72,12 @@ var _ = Describe("Install ControlPlane, Core, Bootstrap providers in an air-gapp By("should successfully create ConfigMaps with ControlPlane, Core, and Bootstrap provider manifests") configMapFiles := []string{ - "core-cluster-api-v1.7.7.yaml", - "core-cluster-api-v1.8.0.yaml", - "bootstrap-kubeadm-v1.7.7.yaml", - "bootstrap-kubeadm-v1.8.0.yaml", - "controlplane-kubeadm-v1.7.7.yaml", - "controlplane-kubeadm-v1.8.0.yaml", + "core-cluster-api-v1.10.4.yaml", + "core-cluster-api-v1.11.0.yaml", + "bootstrap-kubeadm-v1.10.4.yaml", + "bootstrap-kubeadm-v1.11.0.yaml", + "controlplane-kubeadm-v1.10.4.yaml", + "controlplane-kubeadm-v1.11.0.yaml", } for _, fileName := range configMapFiles { @@ -112,7 +111,7 @@ var _ = Describe("Install ControlPlane, Core, Bootstrap providers in an air-gapp By("Waiting for Core provider to be ready") WaitFor(ctx, For(coreProvider).In(bootstrapCluster).ToSatisfy( - HaveStatusConditionsTrue(coreProvider, operatorv1.PreflightCheckCondition, operatorv1.ProviderInstalledCondition, clusterv1.ReadyCondition), + HaveStatusConditionsTrue(coreProvider, operatorv1.PreflightCheckCondition, operatorv1.ProviderInstalledCondition, "Ready"), ), e2eConfig.GetIntervals(bootstrapClusterProxy.GetName(), "wait-controllers")...) By("Validating that status.InstalledVersion is set") @@ -156,7 +155,7 @@ var _ = Describe("Install ControlPlane, Core, Bootstrap providers in an air-gapp }) }) - It("should successfully create, upgrade (v1.7.7 -> v1.8.0) and delete a BootstrapProvider from a ConfigMap", func() { + It("should successfully create, upgrade (v1.10.4 -> v1.11.0) and delete a BootstrapProvider from a ConfigMap", func() { bootstrapProvider := &operatorv1.BootstrapProvider{ ObjectMeta: metav1.ObjectMeta{ Name: customProviderName, @@ -169,7 +168,7 @@ var _ = Describe("Install ControlPlane, Core, Bootstrap providers in an air-gapp MatchLabels: map[string]string{ operatorv1.ConfigMapNameLabel: "kubeadm", operatorv1.ConfigMapTypeLabel: "bootstrap", - operatorv1.ConfigMapVersionLabelName: "v1.7.7", + operatorv1.ConfigMapVersionLabelName: previousCAPIVersion, }, }, }, @@ -182,7 +181,7 @@ var _ = Describe("Install ControlPlane, Core, Bootstrap providers in an air-gapp By("Waiting for BootstrapProvider to be ready") WaitFor(ctx, For(bootstrapProvider).In(bootstrapCluster).ToSatisfy( - HaveStatusConditionsTrue(bootstrapProvider, operatorv1.PreflightCheckCondition, operatorv1.ProviderInstalledCondition, clusterv1.ReadyCondition), + HaveStatusConditionsTrue(bootstrapProvider, operatorv1.PreflightCheckCondition, operatorv1.ProviderInstalledCondition, "Ready"), ), e2eConfig.GetIntervals(bootstrapClusterProxy.GetName(), "wait-controllers")...) By("Waiting for the BootstrapProvider Deployment to be ready") @@ -194,15 +193,32 @@ var _ = Describe("Install ControlPlane, Core, Bootstrap providers in an air-gapp By("Validating that status.InstalledVersion is set") Expect(ptr.Equal(bootstrapProvider.Status.InstalledVersion, ptr.To(bootstrapProvider.Spec.Version))).To(BeTrue()) + By("Updating the CoreProvider to new Cluster API version first (required for contract version compatibility)") + patch := client.MergeFrom(coreProvider.DeepCopy()) + coreProvider.Spec.Version = nextCAPIVersion + coreProvider.Spec.FetchConfig.Selector.MatchLabels[operatorv1.ConfigMapVersionLabelName] = nextCAPIVersion + Expect(bootstrapCluster.Patch(ctx, coreProvider, patch)).To(Succeed()) + + By("Waiting for CoreProvider to be ready after upgrade") + WaitFor(ctx, For(coreProvider).In(bootstrapCluster).ToSatisfy( + HaveStatusConditionsTrue(coreProvider, operatorv1.PreflightCheckCondition, operatorv1.ProviderInstalledCondition, operatorv1.ProviderUpgradedCondition, "Ready"), + ), e2eConfig.GetIntervals(bootstrapClusterProxy.GetName(), "wait-controllers")...) + + By("Waiting for the Core provider Deployment to be ready after upgrade") + framework.WaitForDeploymentsAvailable(ctx, framework.WaitForDeploymentsAvailableInput{ + Getter: bootstrapClusterProxy.GetClient(), + Deployment: &appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: coreProviderDeploymentName, Namespace: capiSystemNamespace}}, + }, e2eConfig.GetIntervals(bootstrapClusterProxy.GetName(), "wait-controllers")...) + By("Updating the BootstrapProvider to new Custer API version") - patch := client.MergeFrom(bootstrapProvider.DeepCopy()) + patch = client.MergeFrom(bootstrapProvider.DeepCopy()) bootstrapProvider.Spec.Version = nextCAPIVersion bootstrapProvider.Spec.FetchConfig.Selector.MatchLabels[operatorv1.ConfigMapVersionLabelName] = nextCAPIVersion Expect(bootstrapCluster.Patch(ctx, bootstrapProvider, patch)).To(Succeed()) By("Waiting for BootstrapProvider to be ready") WaitFor(ctx, For(bootstrapProvider).In(bootstrapCluster).ToSatisfy( - HaveStatusConditionsTrue(bootstrapProvider, operatorv1.PreflightCheckCondition, operatorv1.ProviderInstalledCondition, operatorv1.ProviderUpgradedCondition, clusterv1.ReadyCondition), + HaveStatusConditionsTrue(bootstrapProvider, operatorv1.PreflightCheckCondition, operatorv1.ProviderInstalledCondition, operatorv1.ProviderUpgradedCondition, "Ready"), ), e2eConfig.GetIntervals(bootstrapClusterProxy.GetName(), "wait-controllers")...) By("Waiting for the BootstrapProvider Deployment to be ready") @@ -229,7 +245,7 @@ var _ = Describe("Install ControlPlane, Core, Bootstrap providers in an air-gapp e2eConfig.GetIntervals(bootstrapClusterProxy.GetName(), "wait-controllers")...) }) - It("should successfully create, upgrade (v1.7.7 -> v1.8.0) and delete a ControlPlaneProvider from a ConfigMap", func() { + It("should successfully create, upgrade (v1.10.4 -> v1.11.0) and delete a ControlPlaneProvider from a ConfigMap", func() { controlPlaneProvider := &operatorv1.ControlPlaneProvider{ ObjectMeta: metav1.ObjectMeta{ Name: customProviderName, @@ -242,7 +258,7 @@ var _ = Describe("Install ControlPlane, Core, Bootstrap providers in an air-gapp MatchLabels: map[string]string{ operatorv1.ConfigMapNameLabel: "kubeadm", operatorv1.ConfigMapTypeLabel: "controlplane", - operatorv1.ConfigMapVersionLabelName: "v1.7.7", + operatorv1.ConfigMapVersionLabelName: previousCAPIVersion, }, }, }, @@ -255,7 +271,7 @@ var _ = Describe("Install ControlPlane, Core, Bootstrap providers in an air-gapp By("Waiting for ControlPlaneProvider to be ready") WaitFor(ctx, For(controlPlaneProvider).In(bootstrapCluster).ToSatisfy( - HaveStatusConditionsTrue(controlPlaneProvider, operatorv1.PreflightCheckCondition, operatorv1.ProviderInstalledCondition, clusterv1.ReadyCondition), + HaveStatusConditionsTrue(controlPlaneProvider, operatorv1.PreflightCheckCondition, operatorv1.ProviderInstalledCondition, "Ready"), ), e2eConfig.GetIntervals(bootstrapClusterProxy.GetName(), "wait-controllers")...) By("Waiting for the ControlPlaneProvider Deployment to be ready") @@ -267,15 +283,32 @@ var _ = Describe("Install ControlPlane, Core, Bootstrap providers in an air-gapp By("Validating that status.InstalledVersion is set") Expect(ptr.Equal(controlPlaneProvider.Status.InstalledVersion, ptr.To(controlPlaneProvider.Spec.Version))).To(BeTrue()) + By("Updating the CoreProvider to new Cluster API version first (required for contract version compatibility)") + patch := client.MergeFrom(coreProvider.DeepCopy()) + coreProvider.Spec.Version = nextCAPIVersion + coreProvider.Spec.FetchConfig.Selector.MatchLabels[operatorv1.ConfigMapVersionLabelName] = nextCAPIVersion + Expect(bootstrapCluster.Patch(ctx, coreProvider, patch)).To(Succeed()) + + By("Waiting for CoreProvider to be ready after upgrade") + WaitFor(ctx, For(coreProvider).In(bootstrapCluster).ToSatisfy( + HaveStatusConditionsTrue(coreProvider, operatorv1.PreflightCheckCondition, operatorv1.ProviderInstalledCondition, operatorv1.ProviderUpgradedCondition, "Ready"), + ), e2eConfig.GetIntervals(bootstrapClusterProxy.GetName(), "wait-controllers")...) + + By("Waiting for the Core provider Deployment to be ready after upgrade") + framework.WaitForDeploymentsAvailable(ctx, framework.WaitForDeploymentsAvailableInput{ + Getter: bootstrapClusterProxy.GetClient(), + Deployment: &appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: coreProviderDeploymentName, Namespace: capiSystemNamespace}}, + }, e2eConfig.GetIntervals(bootstrapClusterProxy.GetName(), "wait-controllers")...) + By("Updating the ControlPlaneProvider to new Custer API version") - patch := client.MergeFrom(controlPlaneProvider.DeepCopy()) + patch = client.MergeFrom(controlPlaneProvider.DeepCopy()) controlPlaneProvider.Spec.Version = nextCAPIVersion controlPlaneProvider.Spec.FetchConfig.Selector.MatchLabels[operatorv1.ConfigMapVersionLabelName] = nextCAPIVersion Expect(bootstrapCluster.Patch(ctx, controlPlaneProvider, patch)).To(Succeed()) By("Waiting for ControlPlaneProvider to be ready") WaitFor(ctx, For(controlPlaneProvider).In(bootstrapCluster).ToSatisfy( - HaveStatusConditionsTrue(controlPlaneProvider, operatorv1.PreflightCheckCondition, operatorv1.ProviderInstalledCondition, operatorv1.ProviderUpgradedCondition, clusterv1.ReadyCondition), + HaveStatusConditionsTrue(controlPlaneProvider, operatorv1.PreflightCheckCondition, operatorv1.ProviderInstalledCondition, operatorv1.ProviderUpgradedCondition, "Ready"), ), e2eConfig.GetIntervals(bootstrapClusterProxy.GetName(), "wait-controllers")...) By("Waiting for the ControlPlaneProvider Deployment to be ready") @@ -302,7 +335,7 @@ var _ = Describe("Install ControlPlane, Core, Bootstrap providers in an air-gapp e2eConfig.GetIntervals(bootstrapClusterProxy.GetName(), "wait-controllers")...) }) - It("should successfully upgrade CoreProvider (v1.7.7 -> v1.8.0)", func() { + It("should successfully upgrade CoreProvider (v1.10.4 -> v1.11.0)", func() { Expect(bootstrapCluster.Get(ctx, client.ObjectKeyFromObject(coreProvider), coreProvider)).To(Succeed()) By("Updating the CoreProvider to new Custer API version") @@ -313,7 +346,7 @@ var _ = Describe("Install ControlPlane, Core, Bootstrap providers in an air-gapp By("Waiting for CoreProvider to be ready") WaitFor(ctx, For(coreProvider).In(bootstrapCluster).ToSatisfy( - HaveStatusConditionsTrue(coreProvider, operatorv1.PreflightCheckCondition, operatorv1.ProviderInstalledCondition, operatorv1.ProviderUpgradedCondition, clusterv1.ReadyCondition), + HaveStatusConditionsTrue(coreProvider, operatorv1.PreflightCheckCondition, operatorv1.ProviderInstalledCondition, operatorv1.ProviderUpgradedCondition, "Ready"), ), e2eConfig.GetIntervals(bootstrapClusterProxy.GetName(), "wait-controllers")...) By("Waiting for the CoreProvider Deployment to be ready") diff --git a/test/e2e/compressed_manifests_test.go b/test/e2e/compressed_manifests_test.go index 752f6075d..cc459159b 100644 --- a/test/e2e/compressed_manifests_test.go +++ b/test/e2e/compressed_manifests_test.go @@ -46,6 +46,11 @@ const ( var _ = Describe("Create and delete a provider with manifests that don't fit the configmap", func() { ociInfrastructureConfigMap := &corev1.ConfigMap{} + BeforeEach(func() { + // Ensure that there are no Cluster API CRDs from previous tests + deleteClusterAPICRDs(bootstrapClusterProxy) + }) + It("should successfully create a CoreProvider", func() { bootstrapCluster := bootstrapClusterProxy.GetClient() coreProvider := &operatorv1.CoreProvider{ diff --git a/test/e2e/e2e_suite_test.go b/test/e2e/e2e_suite_test.go index b0b7048dd..731e15eb9 100644 --- a/test/e2e/e2e_suite_test.go +++ b/test/e2e/e2e_suite_test.go @@ -31,20 +31,17 @@ import ( appsv1 "k8s.io/api/apps/v1" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - clusterctlv1 "sigs.k8s.io/cluster-api/cmd/clusterctl/api/v1alpha3" - configclient "sigs.k8s.io/cluster-api/cmd/clusterctl/client/config" "k8s.io/apimachinery/pkg/runtime" "k8s.io/klog/v2" operatorv1 "sigs.k8s.io/cluster-api-operator/api/v1alpha2" - clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2" . "sigs.k8s.io/cluster-api-operator/test/framework" "sigs.k8s.io/cluster-api/test/framework" "sigs.k8s.io/cluster-api/test/framework/bootstrap" "sigs.k8s.io/cluster-api/test/framework/clusterctl" ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/yaml" ) @@ -345,13 +342,19 @@ func ensureCertManager(clusterProxy framework.ClusterProxy, config *clusterctl.E } func deleteClusterAPICRDs(clusterProxy framework.ClusterProxy) { - // To remove all Cluster API CRDs we need filter them by labels: - // cluster.x-k8s.io/provider: cluster-api - // clusterctl.cluster.x-k8s.io: "" - Expect(clusterProxy.GetClient().DeleteAllOf(ctx, &apiextensionsv1.CustomResourceDefinition{}, client.MatchingLabels{ - clusterv1.ProviderNameLabel: configclient.ClusterAPIProviderName, - clusterctlv1.ClusterctlLabel: "", - })).To(Succeed()) + // To remove all Cluster API CRDs we need to delete all CRDs that belong to cluster-api groups. + // This includes CRDs from all providers (core, bootstrap, control-plane, infrastructure, etc.) + // But we must NOT delete the operator's own CRDs (operator.cluster.x-k8s.io) + crds := &apiextensionsv1.CustomResourceDefinitionList{} + Expect(clusterProxy.GetClient().List(ctx, crds)).To(Succeed()) + + for _, crd := range crds.Items { + // Delete CRDs that belong to cluster.x-k8s.io groups, but exclude operator CRDs + if strings.Contains(crd.Spec.Group, "cluster.x-k8s.io") && + crd.Spec.Group != "operator.cluster.x-k8s.io" { + Expect(clusterProxy.GetClient().Delete(ctx, &crd)).To(Succeed()) + } + } } func initHelmChart() { diff --git a/test/e2e/helm_test.go b/test/e2e/helm_test.go index c7dacc3d2..a6178f654 100644 --- a/test/e2e/helm_test.go +++ b/test/e2e/helm_test.go @@ -37,6 +37,11 @@ import ( ) var _ = Describe("Create a proper set of manifests when using helm charts", func() { + BeforeEach(func() { + // Ensure that there are no Cluster API CRDs from previous tests + deleteClusterAPICRDs(helmClusterProxy) + }) + It("should deploy a quick-start cluster-api-operator chart", func() { clusterProxy := helmClusterProxy.GetClient() diff --git a/test/e2e/helpers_test.go b/test/e2e/helpers_test.go index 8c7d4884b..ab48e0a64 100644 --- a/test/e2e/helpers_test.go +++ b/test/e2e/helpers_test.go @@ -33,8 +33,8 @@ const ( capiSystemNamespace = "capi-system" capiOperatorRelease = "capi-operator" - previousCAPIVersion = "v1.7.7" - nextCAPIVersion = "v1.8.0" + previousCAPIVersion = "v1.10.4" + nextCAPIVersion = "v1.11.0" coreProviderName = configclient.ClusterAPIProviderName coreProviderDeploymentName = "capi-controller-manager" diff --git a/test/e2e/resources/bootstrap-kubeadm-v1.8.0.yaml b/test/e2e/resources/bootstrap-kubeadm-v1.10.4.yaml similarity index 83% rename from test/e2e/resources/bootstrap-kubeadm-v1.8.0.yaml rename to test/e2e/resources/bootstrap-kubeadm-v1.10.4.yaml index 328dec283..2a68ba099 100644 --- a/test/e2e/resources/bootstrap-kubeadm-v1.8.0.yaml +++ b/test/e2e/resources/bootstrap-kubeadm-v1.10.4.yaml @@ -1,12 +1,20 @@ apiVersion: v1 data: components: | + apiVersion: v1 + kind: Namespace + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + control-plane: controller-manager + name: capi-kubeadm-bootstrap-system + --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 labels: cluster.x-k8s.io/provider: bootstrap-kubeadm cluster.x-k8s.io/v1beta1: v1beta1 @@ -40,7 +48,6 @@ data: description: |- KubeadmConfig is the Schema for the kubeadmconfigs API. - Deprecated: This type will be removed in one of the next releases. properties: apiVersion: @@ -61,12 +68,10 @@ data: metadata: type: object spec: - description: |- - KubeadmConfigSpec defines the desired state of KubeadmConfig. - Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined. + description: spec is the desired state of KubeadmConfig. properties: clusterConfiguration: - description: ClusterConfiguration along with InitConfiguration are + description: clusterConfiguration along with InitConfiguration are the configurations necessary for the init command properties: apiServer: @@ -82,10 +87,8 @@ data: extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: ExtraArgs is an extra set of flags to pass to + the control plane component. type: object extraVolumes: description: ExtraVolumes is an extra set of host volumes, @@ -161,10 +164,8 @@ data: extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: ExtraArgs is an extra set of flags to pass to + the control plane component. type: object extraVolumes: description: ExtraVolumes is an extra set of host volumes, @@ -348,10 +349,8 @@ data: extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: ExtraArgs is an extra set of flags to pass to + the control plane component. type: object extraVolumes: description: ExtraVolumes is an extra set of host volumes, @@ -393,44 +392,44 @@ data: type: boolean type: object diskSetup: - description: DiskSetup specifies options for the creation of partition + description: diskSetup specifies options for the creation of partition tables and file systems on devices. properties: filesystems: - description: Filesystems specifies the list of file systems to + description: filesystems specifies the list of file systems to setup. items: description: Filesystem defines the file systems to be created. properties: device: - description: Device specifies the device name + description: device specifies the device name type: string extraOpts: - description: ExtraOpts defined extra options to add to the + description: extraOpts defined extra options to add to the command for creating the file system. items: type: string type: array filesystem: - description: Filesystem specifies the file system type. + description: filesystem specifies the file system type. type: string label: - description: Label specifies the file system label to be + description: label specifies the file system label to be used. If set to None, no label is used. type: string overwrite: description: |- - Overwrite defines whether or not to overwrite any existing filesystem. + overwrite defines whether or not to overwrite any existing filesystem. If true, any pre-existing file system will be destroyed. Use with Caution. type: boolean partition: - description: 'Partition specifies the partition to use. + description: 'partition specifies the partition to use. The valid options are: "auto|any", "auto", "any", "none", and , where NUM is the actual partition number.' type: string replaceFS: description: |- - ReplaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . + replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . NOTE: unless you define a label, this requires the use of the 'any' partition directive. type: string required: @@ -440,28 +439,28 @@ data: type: object type: array partitions: - description: Partitions specifies the list of the partitions to + description: partitions specifies the list of the partitions to setup. items: description: Partition defines how to create and layout a partition. properties: device: - description: Device is the name of the device. + description: device is the name of the device. type: string layout: description: |- - Layout specifies the device layout. + layout specifies the device layout. If it is true, a single partition will be created for the entire device. When layout is false, it means don't partition or ignore existing partitioning. type: boolean overwrite: description: |- - Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. + overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. Use with caution. Default is 'false'. type: boolean tableType: description: |- - TableType specifies the tupe of partition table. The following are supported: + tableType specifies the tupe of partition table. The following are supported: 'mbr': default and setups a MS-DOS partition table 'gpt': setups a GPT partition table type: string @@ -472,29 +471,29 @@ data: type: array type: object files: - description: Files specifies extra files to be passed to user_data + description: files specifies extra files to be passed to user_data upon creation. items: description: File defines the input for generating write_files in cloud-init. properties: content: - description: Content is the actual content of the file. + description: content is the actual content of the file. type: string contentFrom: - description: ContentFrom is a referenced source of content to + description: contentFrom is a referenced source of content to populate the file. properties: secret: - description: Secret represents a secret that should populate + description: secret represents a secret that should populate this file. properties: key: - description: Key is the key in the secret's data map + description: key is the key in the secret's data map for this value. type: string name: - description: Name of the secret in the KubeadmBootstrapConfig's + description: name of the secret in the KubeadmBootstrapConfig's namespace to use. type: string required: @@ -505,22 +504,22 @@ data: - secret type: object encoding: - description: Encoding specifies the encoding of the file contents. + description: encoding specifies the encoding of the file contents. enum: - base64 - gzip - gzip+base64 type: string owner: - description: Owner specifies the ownership of the file, e.g. + description: owner specifies the ownership of the file, e.g. "root:root". type: string path: - description: Path specifies the full path on disk where to store + description: path specifies the full path on disk where to store the file. type: string permissions: - description: Permissions specifies the permissions to assign + description: permissions specifies the permissions to assign to the file, e.g. "0640". type: string required: @@ -528,12 +527,12 @@ data: type: object type: array format: - description: Format specifies the output format of the bootstrap data + description: format specifies the output format of the bootstrap data enum: - cloud-config type: string initConfiguration: - description: InitConfiguration along with ClusterConfiguration are + description: initConfiguration along with ClusterConfiguration are the configurations necessary for the init command properties: apiVersion: @@ -684,7 +683,7 @@ data: type: object type: object joinConfiguration: - description: JoinConfiguration is the kubeadm configuration for the + description: joinConfiguration is the kubeadm configuration for the join command properties: apiVersion: @@ -699,7 +698,6 @@ data: CACertPath is the path to the SSL certificate authority used to secure comunications between node and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". - TODO: revisit when there is defaulting from k/k type: string controlPlane: description: |- @@ -726,9 +724,8 @@ data: type: object type: object discovery: - description: |- - Discovery specifies the options for the kubelet to use during the TLS Bootstrap process - TODO: revisit when there is defaulting from k/k + description: Discovery specifies the options for the kubelet to + use during the TLS Bootstrap process properties: bootstrapToken: description: |- @@ -788,7 +785,6 @@ data: TLSBootstrapToken is a token used for TLS bootstrapping. If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information - TODO: revisit when there is defaulting from k/k type: string type: object kind: @@ -862,7 +858,7 @@ data: type: object type: object mounts: - description: Mounts specifies a list of mount points to be setup. + description: mounts specifies a list of mount points to be setup. items: description: MountPoints defines input for generated mounts in cloud-init. items: @@ -870,90 +866,87 @@ data: type: array type: array ntp: - description: NTP specifies NTP configuration + description: ntp specifies NTP configuration properties: enabled: - description: Enabled specifies whether NTP should be enabled + description: enabled specifies whether NTP should be enabled type: boolean servers: - description: Servers specifies which NTP servers to use + description: servers specifies which NTP servers to use items: type: string type: array type: object postKubeadmCommands: - description: PostKubeadmCommands specifies extra commands to run after + description: postKubeadmCommands specifies extra commands to run after kubeadm runs items: type: string type: array preKubeadmCommands: - description: PreKubeadmCommands specifies extra commands to run before + description: preKubeadmCommands specifies extra commands to run before kubeadm runs items: type: string type: array useExperimentalRetryJoin: description: |- - UseExperimentalRetryJoin replaces a basic kubeadm command with a shell + useExperimentalRetryJoin replaces a basic kubeadm command with a shell script with retries for joins. - This is meant to be an experimental temporary workaround on some environments where joins fail due to timing (and other issues). The long term goal is to add retries to kubeadm proper and use that functionality. - This will add about 40KB to userdata - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. type: boolean users: - description: Users specifies extra users to add + description: users specifies extra users to add items: description: User defines the input for a generated user in cloud-init. properties: gecos: - description: Gecos specifies the gecos to use for the user + description: gecos specifies the gecos to use for the user type: string groups: - description: Groups specifies the additional groups for the + description: groups specifies the additional groups for the user type: string homeDir: - description: HomeDir specifies the home directory to use for + description: homeDir specifies the home directory to use for the user type: string inactive: - description: Inactive specifies whether to mark the user as + description: inactive specifies whether to mark the user as inactive type: boolean lockPassword: - description: LockPassword specifies if password login should + description: lockPassword specifies if password login should be disabled type: boolean name: - description: Name specifies the user name + description: name specifies the user name type: string passwd: - description: Passwd specifies a hashed password for the user + description: passwd specifies a hashed password for the user type: string primaryGroup: - description: PrimaryGroup specifies the primary group for the + description: primaryGroup specifies the primary group for the user type: string shell: - description: Shell specifies the user's shell + description: shell specifies the user's shell type: string sshAuthorizedKeys: - description: SSHAuthorizedKeys specifies a list of ssh authorized + description: sshAuthorizedKeys specifies a list of ssh authorized keys for the user items: type: string type: array sudo: - description: Sudo specifies a sudo role for the user + description: sudo specifies a sudo role for the user type: string required: - name @@ -961,58 +954,57 @@ data: type: array verbosity: description: |- - Verbosity is the number for the kubeadm log level verbosity. + verbosity is the number for the kubeadm log level verbosity. It overrides the `--v` flag in kubeadm commands. format: int32 type: integer type: object status: - description: KubeadmConfigStatus defines the observed state of KubeadmConfig. + description: status is the observed state of KubeadmConfig. properties: bootstrapData: description: |- - BootstrapData will be a cloud-init script for now. - + bootstrapData will be a cloud-init script for now. Deprecated: Switch to DataSecretName. format: byte type: string conditions: - description: Conditions defines current service state of the KubeadmConfig. + description: conditions defines current service state of the KubeadmConfig. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -1022,22 +1014,22 @@ data: type: object type: array dataSecretName: - description: DataSecretName is the name of the secret that stores + description: dataSecretName is the name of the secret that stores the bootstrap data script. type: string failureMessage: - description: FailureMessage will be set on non-retryable errors + description: failureMessage will be set on non-retryable errors type: string failureReason: - description: FailureReason will be set on non-retryable errors + description: failureReason will be set on non-retryable errors type: string observedGeneration: - description: ObservedGeneration is the latest generation observed + description: observedGeneration is the latest generation observed by the controller. format: int64 type: integer ready: - description: Ready indicates the BootstrapData field is ready to be + description: ready indicates the BootstrapData field is ready to be consumed type: boolean type: object @@ -1058,7 +1050,6 @@ data: description: |- KubeadmConfig is the Schema for the kubeadmconfigs API. - Deprecated: This type will be removed in one of the next releases. properties: apiVersion: @@ -1079,20 +1070,18 @@ data: metadata: type: object spec: - description: |- - KubeadmConfigSpec defines the desired state of KubeadmConfig. - Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined. + description: spec is the desired state of KubeadmConfig. properties: clusterConfiguration: - description: ClusterConfiguration along with InitConfiguration are + description: clusterConfiguration along with InitConfiguration are the configurations necessary for the init command properties: apiServer: - description: APIServer contains extra settings for the API server + description: apiServer contains extra settings for the API server control plane component properties: certSANs: - description: CertSANs sets extra Subject Alternative Names + description: certSANs sets extra Subject Alternative Names for the API Server signing cert. items: type: string @@ -1100,13 +1089,11 @@ data: extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: extraArgs is an extra set of flags to pass to + the control plane component. type: object extraVolumes: - description: ExtraVolumes is an extra set of host volumes, + description: extraVolumes is an extra set of host volumes, mounted to the control plane component. items: description: |- @@ -1115,21 +1102,21 @@ data: properties: hostPath: description: |- - HostPath is the path in the host that will be mounted inside + hostPath is the path in the host that will be mounted inside the pod. type: string mountPath: - description: MountPath is the path inside the pod where + description: mountPath is the path inside the pod where hostPath will be mounted. type: string name: - description: Name of the volume inside the pod template. + description: name of the volume inside the pod template. type: string pathType: - description: PathType is the type of the HostPath. + description: pathType is the type of the HostPath. type: string readOnly: - description: ReadOnly controls write access to the volume + description: readOnly controls write access to the volume type: boolean required: - hostPath @@ -1138,7 +1125,7 @@ data: type: object type: array timeoutForControlPlane: - description: TimeoutForControlPlane controls the timeout that + description: timeoutForControlPlane controls the timeout that we use for API server to appear type: string type: object @@ -1151,15 +1138,15 @@ data: type: string certificatesDir: description: |- - CertificatesDir specifies where to store or look for all required certificates. + certificatesDir specifies where to store or look for all required certificates. NB: if not provided, this will default to `/etc/kubernetes/pki` type: string clusterName: - description: The cluster name + description: clusterName is the cluster name type: string controlPlaneEndpoint: description: |- - ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it + controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint is specified but without a TCP port, @@ -1173,19 +1160,17 @@ data: NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. type: string controllerManager: - description: ControllerManager contains extra settings for the + description: controllerManager contains extra settings for the controller manager control plane component properties: extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: extraArgs is an extra set of flags to pass to + the control plane component. type: object extraVolumes: - description: ExtraVolumes is an extra set of host volumes, + description: extraVolumes is an extra set of host volumes, mounted to the control plane component. items: description: |- @@ -1194,21 +1179,21 @@ data: properties: hostPath: description: |- - HostPath is the path in the host that will be mounted inside + hostPath is the path in the host that will be mounted inside the pod. type: string mountPath: - description: MountPath is the path inside the pod where + description: mountPath is the path inside the pod where hostPath will be mounted. type: string name: - description: Name of the volume inside the pod template. + description: name of the volume inside the pod template. type: string pathType: - description: PathType is the type of the HostPath. + description: pathType is the type of the HostPath. type: string readOnly: - description: ReadOnly controls write access to the volume + description: readOnly controls write access to the volume type: boolean required: - hostPath @@ -1218,48 +1203,48 @@ data: type: array type: object dns: - description: DNS defines the options for the DNS add-on installed + description: dns defines the options for the DNS add-on installed in the cluster. properties: imageRepository: description: |- - ImageRepository sets the container registry to pull images from. + imageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead. type: string imageTag: description: |- - ImageTag allows to specify a tag for the image. + imageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. type: string type: object etcd: description: |- - Etcd holds configuration for etcd. + etcd holds configuration for etcd. NB: This value defaults to a Local (stacked) etcd properties: external: description: |- - External describes how to connect to an external etcd cluster + external describes how to connect to an external etcd cluster Local and External are mutually exclusive properties: caFile: description: |- - CAFile is an SSL Certificate Authority file used to secure etcd communication. + caFile is an SSL Certificate Authority file used to secure etcd communication. Required if using a TLS connection. type: string certFile: description: |- - CertFile is an SSL certification file used to secure etcd communication. + certFile is an SSL certification file used to secure etcd communication. Required if using a TLS connection. type: string endpoints: - description: Endpoints of etcd members. Required for ExternalEtcd. + description: endpoints of etcd members. Required for ExternalEtcd. items: type: string type: array keyFile: description: |- - KeyFile is an SSL key file used to secure etcd communication. + keyFile is an SSL key file used to secure etcd communication. Required if using a TLS connection. type: string required: @@ -1270,39 +1255,39 @@ data: type: object local: description: |- - Local provides configuration knobs for configuring the local etcd instance + local provides configuration knobs for configuring the local etcd instance Local and External are mutually exclusive properties: dataDir: description: |- - DataDir is the directory etcd will place its data. + dataDir is the directory etcd will place its data. Defaults to "/var/lib/etcd". type: string extraArgs: additionalProperties: type: string description: |- - ExtraArgs are extra arguments provided to the etcd binary + extraArgs are extra arguments provided to the etcd binary when run inside a static pod. type: object imageRepository: description: |- - ImageRepository sets the container registry to pull images from. + imageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead. type: string imageTag: description: |- - ImageTag allows to specify a tag for the image. + imageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. type: string peerCertSANs: - description: PeerCertSANs sets extra Subject Alternative + description: peerCertSANs sets extra Subject Alternative Names for the etcd peer signing cert. items: type: string type: array serverCertSANs: - description: ServerCertSANs sets extra Subject Alternative + description: serverCertSANs sets extra Subject Alternative Names for the etcd server signing cert. items: type: string @@ -1312,11 +1297,11 @@ data: featureGates: additionalProperties: type: boolean - description: FeatureGates enabled by the user. + description: featureGates enabled by the user. type: object imageRepository: description: |- - ImageRepository sets the container registry to pull images from. + imageRepository sets the container registry to pull images from. If empty, `registry.k8s.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `registry.k8s.io` will be used for all the other images. @@ -1331,45 +1316,43 @@ data: type: string kubernetesVersion: description: |- - KubernetesVersion is the target version of the control plane. + kubernetesVersion is the target version of the control plane. NB: This value defaults to the Machine object spec.version type: string networking: description: |- - Networking holds configuration for the networking topology of the cluster. + networking holds configuration for the networking topology of the cluster. NB: This value defaults to the Cluster object spec.clusterNetwork. properties: dnsDomain: - description: DNSDomain is the dns domain used by k8s services. + description: dnsDomain is the dns domain used by k8s services. Defaults to "cluster.local". type: string podSubnet: description: |- - PodSubnet is the subnet used by pods. + podSubnet is the subnet used by pods. If unset, the API server will not allocate CIDR ranges for every node. Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set type: string serviceSubnet: description: |- - ServiceSubnet is the subnet used by k8s services. + serviceSubnet is the subnet used by k8s services. Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12" if that's unset. type: string type: object scheduler: - description: Scheduler contains extra settings for the scheduler + description: scheduler contains extra settings for the scheduler control plane component properties: extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: extraArgs is an extra set of flags to pass to + the control plane component. type: object extraVolumes: - description: ExtraVolumes is an extra set of host volumes, + description: extraVolumes is an extra set of host volumes, mounted to the control plane component. items: description: |- @@ -1378,21 +1361,21 @@ data: properties: hostPath: description: |- - HostPath is the path in the host that will be mounted inside + hostPath is the path in the host that will be mounted inside the pod. type: string mountPath: - description: MountPath is the path inside the pod where + description: mountPath is the path inside the pod where hostPath will be mounted. type: string name: - description: Name of the volume inside the pod template. + description: name of the volume inside the pod template. type: string pathType: - description: PathType is the type of the HostPath. + description: pathType is the type of the HostPath. type: string readOnly: - description: ReadOnly controls write access to the volume + description: readOnly controls write access to the volume type: boolean required: - hostPath @@ -1403,44 +1386,44 @@ data: type: object type: object diskSetup: - description: DiskSetup specifies options for the creation of partition + description: diskSetup specifies options for the creation of partition tables and file systems on devices. properties: filesystems: - description: Filesystems specifies the list of file systems to + description: filesystems specifies the list of file systems to setup. items: description: Filesystem defines the file systems to be created. properties: device: - description: Device specifies the device name + description: device specifies the device name type: string extraOpts: - description: ExtraOpts defined extra options to add to the + description: extraOpts defined extra options to add to the command for creating the file system. items: type: string type: array filesystem: - description: Filesystem specifies the file system type. + description: filesystem specifies the file system type. type: string label: - description: Label specifies the file system label to be + description: label specifies the file system label to be used. If set to None, no label is used. type: string overwrite: description: |- - Overwrite defines whether or not to overwrite any existing filesystem. + overwrite defines whether or not to overwrite any existing filesystem. If true, any pre-existing file system will be destroyed. Use with Caution. type: boolean partition: - description: 'Partition specifies the partition to use. + description: 'partition specifies the partition to use. The valid options are: "auto|any", "auto", "any", "none", and , where NUM is the actual partition number.' type: string replaceFS: description: |- - ReplaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . + replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . NOTE: unless you define a label, this requires the use of the 'any' partition directive. type: string required: @@ -1450,28 +1433,28 @@ data: type: object type: array partitions: - description: Partitions specifies the list of the partitions to + description: partitions specifies the list of the partitions to setup. items: description: Partition defines how to create and layout a partition. properties: device: - description: Device is the name of the device. + description: device is the name of the device. type: string layout: description: |- - Layout specifies the device layout. + layout specifies the device layout. If it is true, a single partition will be created for the entire device. When layout is false, it means don't partition or ignore existing partitioning. type: boolean overwrite: description: |- - Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. + overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. Use with caution. Default is 'false'. type: boolean tableType: description: |- - TableType specifies the tupe of partition table. The following are supported: + tableType specifies the tupe of partition table. The following are supported: 'mbr': default and setups a MS-DOS partition table 'gpt': setups a GPT partition table type: string @@ -1482,29 +1465,29 @@ data: type: array type: object files: - description: Files specifies extra files to be passed to user_data + description: files specifies extra files to be passed to user_data upon creation. items: description: File defines the input for generating write_files in cloud-init. properties: content: - description: Content is the actual content of the file. + description: content is the actual content of the file. type: string contentFrom: - description: ContentFrom is a referenced source of content to + description: contentFrom is a referenced source of content to populate the file. properties: secret: - description: Secret represents a secret that should populate + description: secret represents a secret that should populate this file. properties: key: - description: Key is the key in the secret's data map + description: key is the key in the secret's data map for this value. type: string name: - description: Name of the secret in the KubeadmBootstrapConfig's + description: name of the secret in the KubeadmBootstrapConfig's namespace to use. type: string required: @@ -1515,22 +1498,22 @@ data: - secret type: object encoding: - description: Encoding specifies the encoding of the file contents. + description: encoding specifies the encoding of the file contents. enum: - base64 - gzip - gzip+base64 type: string owner: - description: Owner specifies the ownership of the file, e.g. + description: owner specifies the ownership of the file, e.g. "root:root". type: string path: - description: Path specifies the full path on disk where to store + description: path specifies the full path on disk where to store the file. type: string permissions: - description: Permissions specifies the permissions to assign + description: permissions specifies the permissions to assign to the file, e.g. "0640". type: string required: @@ -1538,12 +1521,12 @@ data: type: object type: array format: - description: Format specifies the output format of the bootstrap data + description: format specifies the output format of the bootstrap data enum: - cloud-config type: string initConfiguration: - description: InitConfiguration along with ClusterConfiguration are + description: initConfiguration along with ClusterConfiguration are the configurations necessary for the init command properties: apiVersion: @@ -1555,7 +1538,7 @@ data: type: string bootstrapTokens: description: |- - BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. + bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature items: description: BootstrapToken describes one bootstrap token, stored @@ -1563,35 +1546,35 @@ data: properties: description: description: |- - Description sets a human-friendly message why this token exists and what it's used + description sets a human-friendly message why this token exists and what it's used for, so other administrators can know its purpose. type: string expires: description: |- - Expires specifies the timestamp when this token expires. Defaults to being set + expires specifies the timestamp when this token expires. Defaults to being set dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. format: date-time type: string groups: description: |- - Groups specifies the extra groups that this token will authenticate as when/if + groups specifies the extra groups that this token will authenticate as when/if used for authentication items: type: string type: array token: description: |- - Token is used for establishing bidirectional trust between nodes and control-planes. + token is used for establishing bidirectional trust between nodes and control-planes. Used for joining nodes in the cluster. type: string ttl: description: |- - TTL defines the time to live for this token. Defaults to 24h. + ttl defines the time to live for this token. Defaults to 24h. Expires and TTL are mutually exclusive. type: string usages: description: |- - Usages describes the ways in which this token can be used. Can by default be used + usages describes the ways in which this token can be used. Can by default be used for establishing bidirectional trust, but that can be changed here. items: type: string @@ -1610,7 +1593,7 @@ data: type: string localAPIEndpoint: description: |- - LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node + localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible @@ -1618,29 +1601,29 @@ data: fails you may set the desired value here. properties: advertiseAddress: - description: AdvertiseAddress sets the IP address for the + description: advertiseAddress sets the IP address for the API server to advertise. type: string bindPort: description: |- - BindPort sets the secure port for the API Server to bind to. + bindPort sets the secure port for the API Server to bind to. Defaults to 6443. format: int32 type: integer type: object nodeRegistration: description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. When used in the context of control plane nodes, NodeRegistration should remain consistent across both InitConfiguration and JoinConfiguration properties: criSocket: - description: CRISocket is used to retrieve container runtime + description: criSocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use type: string ignorePreflightErrors: - description: IgnorePreflightErrors provides a slice of pre-flight + description: ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered. items: type: string @@ -1649,19 +1632,19 @@ data: additionalProperties: type: string description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file + kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. type: object name: description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. This field is also used in the CommonName field of the kubelet's client certificate to the API server. Defaults to the hostname of the node if not provided. type: string taints: description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. items: @@ -1697,7 +1680,7 @@ data: type: object type: object joinConfiguration: - description: JoinConfiguration is the kubeadm configuration for the + description: joinConfiguration is the kubeadm configuration for the join command properties: apiVersion: @@ -1709,49 +1692,47 @@ data: type: string caCertPath: description: |- - CACertPath is the path to the SSL certificate authority used to + caCertPath is the path to the SSL certificate authority used to secure comunications between node and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". - TODO: revisit when there is defaulting from k/k type: string controlPlane: description: |- - ControlPlane defines the additional control plane instance to be deployed on the joining node. + controlPlane defines the additional control plane instance to be deployed on the joining node. If nil, no additional control plane instance will be deployed. properties: localAPIEndpoint: - description: LocalAPIEndpoint represents the endpoint of the + description: localAPIEndpoint represents the endpoint of the API server instance to be deployed on this node. properties: advertiseAddress: - description: AdvertiseAddress sets the IP address for + description: advertiseAddress sets the IP address for the API server to advertise. type: string bindPort: description: |- - BindPort sets the secure port for the API Server to bind to. + bindPort sets the secure port for the API Server to bind to. Defaults to 6443. format: int32 type: integer type: object type: object discovery: - description: |- - Discovery specifies the options for the kubelet to use during the TLS Bootstrap process - TODO: revisit when there is defaulting from k/k + description: discovery specifies the options for the kubelet to + use during the TLS Bootstrap process properties: bootstrapToken: description: |- - BootstrapToken is used to set the options for bootstrap token based discovery + bootstrapToken is used to set the options for bootstrap token based discovery BootstrapToken and File are mutually exclusive properties: apiServerEndpoint: - description: APIServerEndpoint is an IP or domain name + description: apiServerEndpoint is an IP or domain name to the API server from which info will be fetched. type: string caCertHashes: description: |- - CACertHashes specifies a set of public key pins to verify + caCertHashes specifies a set of public key pins to verify when token-based discovery is used. The root CA found during discovery must match one of these values. Specifying an empty set disables root CA pinning, which can be unsafe. Each hash is specified as ":", @@ -1764,12 +1745,12 @@ data: type: array token: description: |- - Token is a token used to validate cluster information + token is a token used to validate cluster information fetched from the control-plane. type: string unsafeSkipCAVerification: description: |- - UnsafeSkipCAVerification allows token-based discovery + unsafeSkipCAVerification allows token-based discovery without CA verification via CACertHashes. This can weaken the security of kubeadm since other nodes can impersonate the control-plane. type: boolean @@ -1778,11 +1759,11 @@ data: type: object file: description: |- - File is used to specify a file or URL to a kubeconfig file from which to load cluster information + file is used to specify a file or URL to a kubeconfig file from which to load cluster information BootstrapToken and File are mutually exclusive properties: kubeConfigPath: - description: KubeConfigPath is used to specify the actual + description: kubeConfigPath is used to specify the actual file path or URL to the kubeconfig file from which to load cluster information type: string @@ -1790,11 +1771,11 @@ data: - kubeConfigPath type: object timeout: - description: Timeout modifies the discovery timeout + description: timeout modifies the discovery timeout type: string tlsBootstrapToken: description: |- - TLSBootstrapToken is a token used for TLS bootstrapping. + tlsBootstrapToken is a token used for TLS bootstrapping. If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information type: string @@ -1809,17 +1790,17 @@ data: type: string nodeRegistration: description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. When used in the context of control plane nodes, NodeRegistration should remain consistent across both InitConfiguration and JoinConfiguration properties: criSocket: - description: CRISocket is used to retrieve container runtime + description: criSocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use type: string ignorePreflightErrors: - description: IgnorePreflightErrors provides a slice of pre-flight + description: ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered. items: type: string @@ -1828,19 +1809,19 @@ data: additionalProperties: type: string description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file + kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. type: object name: description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. This field is also used in the CommonName field of the kubelet's client certificate to the API server. Defaults to the hostname of the node if not provided. type: string taints: description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. items: @@ -1876,7 +1857,7 @@ data: type: object type: object mounts: - description: Mounts specifies a list of mount points to be setup. + description: mounts specifies a list of mount points to be setup. items: description: MountPoints defines input for generated mounts in cloud-init. items: @@ -1884,90 +1865,87 @@ data: type: array type: array ntp: - description: NTP specifies NTP configuration + description: ntp specifies NTP configuration properties: enabled: - description: Enabled specifies whether NTP should be enabled + description: enabled specifies whether NTP should be enabled type: boolean servers: - description: Servers specifies which NTP servers to use + description: servers specifies which NTP servers to use items: type: string type: array type: object postKubeadmCommands: - description: PostKubeadmCommands specifies extra commands to run after + description: postKubeadmCommands specifies extra commands to run after kubeadm runs items: type: string type: array preKubeadmCommands: - description: PreKubeadmCommands specifies extra commands to run before + description: preKubeadmCommands specifies extra commands to run before kubeadm runs items: type: string type: array useExperimentalRetryJoin: description: |- - UseExperimentalRetryJoin replaces a basic kubeadm command with a shell + useExperimentalRetryJoin replaces a basic kubeadm command with a shell script with retries for joins. - This is meant to be an experimental temporary workaround on some environments where joins fail due to timing (and other issues). The long term goal is to add retries to kubeadm proper and use that functionality. - This will add about 40KB to userdata - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. type: boolean users: - description: Users specifies extra users to add + description: users specifies extra users to add items: description: User defines the input for a generated user in cloud-init. properties: gecos: - description: Gecos specifies the gecos to use for the user + description: gecos specifies the gecos to use for the user type: string groups: - description: Groups specifies the additional groups for the + description: groups specifies the additional groups for the user type: string homeDir: - description: HomeDir specifies the home directory to use for + description: homeDir specifies the home directory to use for the user type: string inactive: - description: Inactive specifies whether to mark the user as + description: inactive specifies whether to mark the user as inactive type: boolean lockPassword: - description: LockPassword specifies if password login should + description: lockPassword specifies if password login should be disabled type: boolean name: - description: Name specifies the user name + description: name specifies the user name type: string passwd: - description: Passwd specifies a hashed password for the user + description: passwd specifies a hashed password for the user type: string primaryGroup: - description: PrimaryGroup specifies the primary group for the + description: primaryGroup specifies the primary group for the user type: string shell: - description: Shell specifies the user's shell + description: shell specifies the user's shell type: string sshAuthorizedKeys: - description: SSHAuthorizedKeys specifies a list of ssh authorized + description: sshAuthorizedKeys specifies a list of ssh authorized keys for the user items: type: string type: array sudo: - description: Sudo specifies a sudo role for the user + description: sudo specifies a sudo role for the user type: string required: - name @@ -1975,50 +1953,50 @@ data: type: array verbosity: description: |- - Verbosity is the number for the kubeadm log level verbosity. + verbosity is the number for the kubeadm log level verbosity. It overrides the `--v` flag in kubeadm commands. format: int32 type: integer type: object status: - description: KubeadmConfigStatus defines the observed state of KubeadmConfig. + description: status is the observed state of KubeadmConfig. properties: conditions: - description: Conditions defines current service state of the KubeadmConfig. + description: conditions defines current service state of the KubeadmConfig. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -2028,22 +2006,22 @@ data: type: object type: array dataSecretName: - description: DataSecretName is the name of the secret that stores + description: dataSecretName is the name of the secret that stores the bootstrap data script. type: string failureMessage: - description: FailureMessage will be set on non-retryable errors + description: failureMessage will be set on non-retryable errors type: string failureReason: - description: FailureReason will be set on non-retryable errors + description: failureReason will be set on non-retryable errors type: string observedGeneration: - description: ObservedGeneration is the latest generation observed + description: observedGeneration is the latest generation observed by the controller. format: int64 type: integer ready: - description: Ready indicates the BootstrapData field is ready to be + description: ready indicates the BootstrapData field is ready to be consumed type: boolean type: object @@ -2084,35 +2062,45 @@ data: metadata: type: object spec: - description: |- - KubeadmConfigSpec defines the desired state of KubeadmConfig. - Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined. + description: spec is the desired state of KubeadmConfig. properties: + bootCommands: + description: |- + bootCommands specifies extra commands to run very early in the boot process via the cloud-init bootcmd + module. bootcmd will run on every boot, 'cloud-init-per' command can be used to make bootcmd run exactly + once. This is typically run in the cloud-init.service systemd unit. This has no effect in Ignition. + items: + maxLength: 10240 + minLength: 1 + type: string + maxItems: 1000 + type: array clusterConfiguration: - description: ClusterConfiguration along with InitConfiguration are + description: clusterConfiguration along with InitConfiguration are the configurations necessary for the init command properties: apiServer: - description: APIServer contains extra settings for the API server + description: apiServer contains extra settings for the API server control plane component properties: certSANs: - description: CertSANs sets extra Subject Alternative Names + description: certSANs sets extra Subject Alternative Names for the API Server signing cert. items: + maxLength: 253 + minLength: 1 type: string + maxItems: 100 type: array extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: extraArgs is an extra set of flags to pass to + the control plane component. type: object extraEnvs: description: |- - ExtraEnvs is an extra set of environment variables to pass to the control plane component. + extraEnvs is an extra set of environment variables to pass to the control plane component. Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. This option takes effect only on Kubernetes >=1.31.0. items: @@ -2152,9 +2140,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -2220,9 +2206,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -2236,9 +2220,10 @@ data: required: - name type: object + maxItems: 100 type: array extraVolumes: - description: ExtraVolumes is an extra set of host volumes, + description: extraVolumes is an extra set of host volumes, mounted to the control plane component. items: description: |- @@ -2247,30 +2232,37 @@ data: properties: hostPath: description: |- - HostPath is the path in the host that will be mounted inside + hostPath is the path in the host that will be mounted inside the pod. + maxLength: 512 + minLength: 1 type: string mountPath: - description: MountPath is the path inside the pod where + description: mountPath is the path inside the pod where hostPath will be mounted. + maxLength: 512 + minLength: 1 type: string name: - description: Name of the volume inside the pod template. + description: name of the volume inside the pod template. + maxLength: 512 + minLength: 1 type: string pathType: - description: PathType is the type of the HostPath. + description: pathType is the type of the HostPath. type: string readOnly: - description: ReadOnly controls write access to the volume + description: readOnly controls write access to the volume type: boolean required: - hostPath - mountPath - name type: object + maxItems: 100 type: array timeoutForControlPlane: - description: TimeoutForControlPlane controls the timeout that + description: timeoutForControlPlane controls the timeout that we use for API server to appear type: string type: object @@ -2283,15 +2275,19 @@ data: type: string certificatesDir: description: |- - CertificatesDir specifies where to store or look for all required certificates. + certificatesDir specifies where to store or look for all required certificates. NB: if not provided, this will default to `/etc/kubernetes/pki` + maxLength: 512 + minLength: 1 type: string clusterName: - description: The cluster name + description: clusterName is the cluster name + maxLength: 63 + minLength: 1 type: string controlPlaneEndpoint: description: |- - ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it + controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint is specified but without a TCP port, @@ -2303,22 +2299,22 @@ data: e.g. in environments with enforced node recycling, the ControlPlaneEndpoint could be used for assigning a stable DNS to the control plane. NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. + maxLength: 512 + minLength: 1 type: string controllerManager: - description: ControllerManager contains extra settings for the + description: controllerManager contains extra settings for the controller manager control plane component properties: extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: extraArgs is an extra set of flags to pass to + the control plane component. type: object extraEnvs: description: |- - ExtraEnvs is an extra set of environment variables to pass to the control plane component. + extraEnvs is an extra set of environment variables to pass to the control plane component. Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. This option takes effect only on Kubernetes >=1.31.0. items: @@ -2358,9 +2354,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -2426,9 +2420,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -2442,9 +2434,10 @@ data: required: - name type: object + maxItems: 100 type: array extraVolumes: - description: ExtraVolumes is an extra set of host volumes, + description: extraVolumes is an extra set of host volumes, mounted to the control plane component. items: description: |- @@ -2453,73 +2446,93 @@ data: properties: hostPath: description: |- - HostPath is the path in the host that will be mounted inside + hostPath is the path in the host that will be mounted inside the pod. + maxLength: 512 + minLength: 1 type: string mountPath: - description: MountPath is the path inside the pod where + description: mountPath is the path inside the pod where hostPath will be mounted. + maxLength: 512 + minLength: 1 type: string name: - description: Name of the volume inside the pod template. + description: name of the volume inside the pod template. + maxLength: 512 + minLength: 1 type: string pathType: - description: PathType is the type of the HostPath. + description: pathType is the type of the HostPath. type: string readOnly: - description: ReadOnly controls write access to the volume + description: readOnly controls write access to the volume type: boolean required: - hostPath - mountPath - name type: object + maxItems: 100 type: array type: object dns: - description: DNS defines the options for the DNS add-on installed + description: dns defines the options for the DNS add-on installed in the cluster. properties: imageRepository: description: |- - ImageRepository sets the container registry to pull images from. + imageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead. + maxLength: 512 + minLength: 1 type: string imageTag: description: |- - ImageTag allows to specify a tag for the image. + imageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. + maxLength: 256 + minLength: 1 type: string type: object etcd: description: |- - Etcd holds configuration for etcd. + etcd holds configuration for etcd. NB: This value defaults to a Local (stacked) etcd properties: external: description: |- - External describes how to connect to an external etcd cluster + external describes how to connect to an external etcd cluster Local and External are mutually exclusive properties: caFile: description: |- - CAFile is an SSL Certificate Authority file used to secure etcd communication. + caFile is an SSL Certificate Authority file used to secure etcd communication. Required if using a TLS connection. + maxLength: 512 + minLength: 1 type: string certFile: description: |- - CertFile is an SSL certification file used to secure etcd communication. + certFile is an SSL certification file used to secure etcd communication. Required if using a TLS connection. + maxLength: 512 + minLength: 1 type: string endpoints: - description: Endpoints of etcd members. Required for ExternalEtcd. + description: endpoints of etcd members. Required for ExternalEtcd. items: + maxLength: 512 + minLength: 1 type: string + maxItems: 50 type: array keyFile: description: |- - KeyFile is an SSL key file used to secure etcd communication. + keyFile is an SSL key file used to secure etcd communication. Required if using a TLS connection. + maxLength: 512 + minLength: 1 type: string required: - caFile @@ -2529,24 +2542,26 @@ data: type: object local: description: |- - Local provides configuration knobs for configuring the local etcd instance + local provides configuration knobs for configuring the local etcd instance Local and External are mutually exclusive properties: dataDir: description: |- - DataDir is the directory etcd will place its data. + dataDir is the directory etcd will place its data. Defaults to "/var/lib/etcd". + maxLength: 512 + minLength: 1 type: string extraArgs: additionalProperties: type: string description: |- - ExtraArgs are extra arguments provided to the etcd binary + extraArgs are extra arguments provided to the etcd binary when run inside a static pod. type: object extraEnvs: description: |- - ExtraEnvs is an extra set of environment variables to pass to the control plane component. + extraEnvs is an extra set of environment variables to pass to the control plane component. Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. This option takes effect only on Kubernetes >=1.31.0. items: @@ -2586,9 +2601,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -2655,9 +2668,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -2671,39 +2682,50 @@ data: required: - name type: object + maxItems: 100 type: array imageRepository: description: |- - ImageRepository sets the container registry to pull images from. + imageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead. + maxLength: 512 + minLength: 1 type: string imageTag: description: |- - ImageTag allows to specify a tag for the image. + imageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. + maxLength: 256 + minLength: 1 type: string peerCertSANs: - description: PeerCertSANs sets extra Subject Alternative + description: peerCertSANs sets extra Subject Alternative Names for the etcd peer signing cert. items: + maxLength: 253 + minLength: 1 type: string + maxItems: 100 type: array serverCertSANs: - description: ServerCertSANs sets extra Subject Alternative + description: serverCertSANs sets extra Subject Alternative Names for the etcd server signing cert. items: + maxLength: 253 + minLength: 1 type: string + maxItems: 100 type: array type: object type: object featureGates: additionalProperties: type: boolean - description: FeatureGates enabled by the user. + description: featureGates enabled by the user. type: object imageRepository: description: |- - ImageRepository sets the container registry to pull images from. + imageRepository sets the container registry to pull images from. * If not set, the default registry of kubeadm will be used, i.e. * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 * k8s.gcr.io (old registry): all older versions @@ -2712,8 +2734,10 @@ data: a newer patch version with the new registry instead (i.e. >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0). * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) - `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components + `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `registry.k8s.io` will be used for all the other images. + maxLength: 512 + minLength: 1 type: string kind: description: |- @@ -2725,46 +2749,52 @@ data: type: string kubernetesVersion: description: |- - KubernetesVersion is the target version of the control plane. + kubernetesVersion is the target version of the control plane. NB: This value defaults to the Machine object spec.version + maxLength: 256 + minLength: 1 type: string networking: description: |- - Networking holds configuration for the networking topology of the cluster. + networking holds configuration for the networking topology of the cluster. NB: This value defaults to the Cluster object spec.clusterNetwork. properties: dnsDomain: - description: DNSDomain is the dns domain used by k8s services. + description: dnsDomain is the dns domain used by k8s services. Defaults to "cluster.local". + maxLength: 253 + minLength: 1 type: string podSubnet: description: |- - PodSubnet is the subnet used by pods. + podSubnet is the subnet used by pods. If unset, the API server will not allocate CIDR ranges for every node. Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set + maxLength: 1024 + minLength: 1 type: string serviceSubnet: description: |- - ServiceSubnet is the subnet used by k8s services. + serviceSubnet is the subnet used by k8s services. Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12" if that's unset. + maxLength: 1024 + minLength: 1 type: string type: object scheduler: - description: Scheduler contains extra settings for the scheduler + description: scheduler contains extra settings for the scheduler control plane component properties: extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: extraArgs is an extra set of flags to pass to + the control plane component. type: object extraEnvs: description: |- - ExtraEnvs is an extra set of environment variables to pass to the control plane component. + extraEnvs is an extra set of environment variables to pass to the control plane component. Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. This option takes effect only on Kubernetes >=1.31.0. items: @@ -2804,9 +2834,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -2872,9 +2900,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -2888,9 +2914,10 @@ data: required: - name type: object + maxItems: 100 type: array extraVolumes: - description: ExtraVolumes is an extra set of host volumes, + description: extraVolumes is an extra set of host volumes, mounted to the control plane component. items: description: |- @@ -2899,138 +2926,170 @@ data: properties: hostPath: description: |- - HostPath is the path in the host that will be mounted inside + hostPath is the path in the host that will be mounted inside the pod. + maxLength: 512 + minLength: 1 type: string mountPath: - description: MountPath is the path inside the pod where + description: mountPath is the path inside the pod where hostPath will be mounted. + maxLength: 512 + minLength: 1 type: string name: - description: Name of the volume inside the pod template. + description: name of the volume inside the pod template. + maxLength: 512 + minLength: 1 type: string pathType: - description: PathType is the type of the HostPath. + description: pathType is the type of the HostPath. type: string readOnly: - description: ReadOnly controls write access to the volume + description: readOnly controls write access to the volume type: boolean required: - hostPath - mountPath - name type: object + maxItems: 100 type: array type: object type: object diskSetup: - description: DiskSetup specifies options for the creation of partition + description: diskSetup specifies options for the creation of partition tables and file systems on devices. properties: filesystems: - description: Filesystems specifies the list of file systems to + description: filesystems specifies the list of file systems to setup. items: description: Filesystem defines the file systems to be created. properties: device: - description: Device specifies the device name + description: device specifies the device name + maxLength: 256 + minLength: 1 type: string extraOpts: - description: ExtraOpts defined extra options to add to the + description: extraOpts defined extra options to add to the command for creating the file system. items: + maxLength: 256 + minLength: 1 type: string + maxItems: 100 type: array filesystem: - description: Filesystem specifies the file system type. + description: filesystem specifies the file system type. + maxLength: 128 + minLength: 1 type: string label: - description: Label specifies the file system label to be + description: label specifies the file system label to be used. If set to None, no label is used. + maxLength: 512 + minLength: 1 type: string overwrite: description: |- - Overwrite defines whether or not to overwrite any existing filesystem. + overwrite defines whether or not to overwrite any existing filesystem. If true, any pre-existing file system will be destroyed. Use with Caution. type: boolean partition: - description: 'Partition specifies the partition to use. + description: 'partition specifies the partition to use. The valid options are: "auto|any", "auto", "any", "none", and , where NUM is the actual partition number.' + maxLength: 128 + minLength: 1 type: string replaceFS: description: |- - ReplaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . + replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . NOTE: unless you define a label, this requires the use of the 'any' partition directive. + maxLength: 128 + minLength: 1 type: string required: - device - filesystem - - label type: object + maxItems: 100 type: array partitions: - description: Partitions specifies the list of the partitions to + description: partitions specifies the list of the partitions to setup. items: description: Partition defines how to create and layout a partition. properties: device: - description: Device is the name of the device. + description: device is the name of the device. + maxLength: 256 + minLength: 1 type: string layout: description: |- - Layout specifies the device layout. + layout specifies the device layout. If it is true, a single partition will be created for the entire device. When layout is false, it means don't partition or ignore existing partitioning. type: boolean overwrite: description: |- - Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. + overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. Use with caution. Default is 'false'. type: boolean tableType: description: |- - TableType specifies the tupe of partition table. The following are supported: + tableType specifies the tupe of partition table. The following are supported: 'mbr': default and setups a MS-DOS partition table 'gpt': setups a GPT partition table + enum: + - mbr + - gpt type: string required: - device - layout type: object + maxItems: 100 type: array type: object files: - description: Files specifies extra files to be passed to user_data + description: files specifies extra files to be passed to user_data upon creation. items: description: File defines the input for generating write_files in cloud-init. properties: append: - description: Append specifies whether to append Content to existing + description: append specifies whether to append Content to existing file if Path exists. type: boolean content: - description: Content is the actual content of the file. + description: content is the actual content of the file. + maxLength: 10240 + minLength: 1 type: string contentFrom: - description: ContentFrom is a referenced source of content to + description: contentFrom is a referenced source of content to populate the file. properties: secret: - description: Secret represents a secret that should populate + description: secret represents a secret that should populate this file. properties: key: - description: Key is the key in the secret's data map + description: key is the key in the secret's data map for this value. + maxLength: 256 + minLength: 1 type: string name: - description: Name of the secret in the KubeadmBootstrapConfig's + description: name of the secret in the KubeadmBootstrapConfig's namespace to use. + maxLength: 253 + minLength: 1 type: string required: - key @@ -3040,56 +3099,64 @@ data: - secret type: object encoding: - description: Encoding specifies the encoding of the file contents. + description: encoding specifies the encoding of the file contents. enum: - base64 - gzip - gzip+base64 type: string owner: - description: Owner specifies the ownership of the file, e.g. + description: owner specifies the ownership of the file, e.g. "root:root". + maxLength: 256 + minLength: 1 type: string path: - description: Path specifies the full path on disk where to store + description: path specifies the full path on disk where to store the file. + maxLength: 512 + minLength: 1 type: string permissions: - description: Permissions specifies the permissions to assign + description: permissions specifies the permissions to assign to the file, e.g. "0640". + maxLength: 16 + minLength: 1 type: string required: - path type: object + maxItems: 200 type: array format: - description: Format specifies the output format of the bootstrap data + description: format specifies the output format of the bootstrap data enum: - cloud-config - ignition type: string ignition: - description: Ignition contains Ignition specific configuration. + description: ignition contains Ignition specific configuration. properties: containerLinuxConfig: - description: ContainerLinuxConfig contains CLC specific configuration. + description: containerLinuxConfig contains CLC specific configuration. properties: additionalConfig: description: |- - AdditionalConfig contains additional configuration to be merged with the Ignition + additionalConfig contains additional configuration to be merged with the Ignition configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging - The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + maxLength: 32768 + minLength: 1 type: string strict: - description: Strict controls if AdditionalConfig should be + description: strict controls if AdditionalConfig should be strictly parsed. If so, warnings are treated as errors. type: boolean type: object type: object initConfiguration: - description: InitConfiguration along with ClusterConfiguration are + description: initConfiguration along with ClusterConfiguration are the configurations necessary for the init command properties: apiVersion: @@ -3101,7 +3168,7 @@ data: type: string bootstrapTokens: description: |- - BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. + bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature items: description: BootstrapToken describes one bootstrap token, stored @@ -3109,42 +3176,51 @@ data: properties: description: description: |- - Description sets a human-friendly message why this token exists and what it's used + description sets a human-friendly message why this token exists and what it's used for, so other administrators can know its purpose. + maxLength: 512 + minLength: 1 type: string expires: description: |- - Expires specifies the timestamp when this token expires. Defaults to being set + expires specifies the timestamp when this token expires. Defaults to being set dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. format: date-time type: string groups: description: |- - Groups specifies the extra groups that this token will authenticate as when/if + groups specifies the extra groups that this token will authenticate as when/if used for authentication items: + maxLength: 256 + minLength: 1 type: string + maxItems: 100 type: array token: description: |- - Token is used for establishing bidirectional trust between nodes and control-planes. + token is used for establishing bidirectional trust between nodes and control-planes. Used for joining nodes in the cluster. type: string ttl: description: |- - TTL defines the time to live for this token. Defaults to 24h. + ttl defines the time to live for this token. Defaults to 24h. Expires and TTL are mutually exclusive. type: string usages: description: |- - Usages describes the ways in which this token can be used. Can by default be used + usages describes the ways in which this token can be used. Can by default be used for establishing bidirectional trust, but that can be changed here. items: + maxLength: 256 + minLength: 1 type: string + maxItems: 100 type: array required: - token type: object + maxItems: 100 type: array kind: description: |- @@ -3156,7 +3232,7 @@ data: type: string localAPIEndpoint: description: |- - LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node + localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible @@ -3164,36 +3240,43 @@ data: fails you may set the desired value here. properties: advertiseAddress: - description: AdvertiseAddress sets the IP address for the + description: advertiseAddress sets the IP address for the API server to advertise. + maxLength: 39 + minLength: 1 type: string bindPort: description: |- - BindPort sets the secure port for the API Server to bind to. + bindPort sets the secure port for the API Server to bind to. Defaults to 6443. format: int32 type: integer type: object nodeRegistration: description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. When used in the context of control plane nodes, NodeRegistration should remain consistent across both InitConfiguration and JoinConfiguration properties: criSocket: - description: CRISocket is used to retrieve container runtime + description: criSocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use + maxLength: 512 + minLength: 1 type: string ignorePreflightErrors: - description: IgnorePreflightErrors provides a slice of pre-flight + description: ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered. items: + maxLength: 512 + minLength: 1 type: string + maxItems: 50 type: array imagePullPolicy: description: |- - ImagePullPolicy specifies the policy for image pulling + imagePullPolicy specifies the policy for image pulling during kubeadm "init" and "join" operations. The value of this field must be one of "Always", "IfNotPresent" or "Never". Defaults to "IfNotPresent". This can be used only @@ -3205,7 +3288,7 @@ data: type: string imagePullSerial: description: |- - ImagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. + imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. This option takes effect only on Kubernetes >=1.31.0. Default: true (defaulted in kubeadm) type: boolean @@ -3213,19 +3296,21 @@ data: additionalProperties: type: string description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file + kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. type: object name: description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. This field is also used in the CommonName field of the kubelet's client certificate to the API server. Defaults to the hostname of the node if not provided. + maxLength: 253 + minLength: 1 type: string taints: description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. items: @@ -3257,16 +3342,17 @@ data: - effect - key type: object + maxItems: 100 type: array type: object patches: description: |- - Patches contains options related to applying patches to components deployed by kubeadm during + patches contains options related to applying patches to components deployed by kubeadm during "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22 properties: directory: description: |- - Directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". + directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. @@ -3276,19 +3362,24 @@ data: These files can be written into the target directory via KubeadmConfig.Files which specifies additional files to be created on the machine, either with content inline or by referencing a secret. + maxLength: 512 + minLength: 1 type: string type: object skipPhases: description: |- - SkipPhases is a list of phases to skip during command execution. + skipPhases is a list of phases to skip during command execution. The list of phases can be obtained with the "kubeadm init --help" command. This option takes effect only on Kubernetes >=1.22.0. items: + maxLength: 256 + minLength: 1 type: string + maxItems: 50 type: array type: object joinConfiguration: - description: JoinConfiguration is the kubeadm configuration for the + description: joinConfiguration is the kubeadm configuration for the join command properties: apiVersion: @@ -3300,49 +3391,53 @@ data: type: string caCertPath: description: |- - CACertPath is the path to the SSL certificate authority used to + caCertPath is the path to the SSL certificate authority used to secure comunications between node and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". - TODO: revisit when there is defaulting from k/k + maxLength: 512 + minLength: 1 type: string controlPlane: description: |- - ControlPlane defines the additional control plane instance to be deployed on the joining node. + controlPlane defines the additional control plane instance to be deployed on the joining node. If nil, no additional control plane instance will be deployed. properties: localAPIEndpoint: - description: LocalAPIEndpoint represents the endpoint of the + description: localAPIEndpoint represents the endpoint of the API server instance to be deployed on this node. properties: advertiseAddress: - description: AdvertiseAddress sets the IP address for + description: advertiseAddress sets the IP address for the API server to advertise. + maxLength: 39 + minLength: 1 type: string bindPort: description: |- - BindPort sets the secure port for the API Server to bind to. + bindPort sets the secure port for the API Server to bind to. Defaults to 6443. format: int32 type: integer type: object type: object discovery: - description: |- - Discovery specifies the options for the kubelet to use during the TLS Bootstrap process - TODO: revisit when there is defaulting from k/k + description: discovery specifies the options for the kubelet to + use during the TLS Bootstrap process properties: bootstrapToken: description: |- - BootstrapToken is used to set the options for bootstrap token based discovery + bootstrapToken is used to set the options for bootstrap token based discovery BootstrapToken and File are mutually exclusive properties: apiServerEndpoint: - description: APIServerEndpoint is an IP or domain name + description: apiServerEndpoint is an IP or domain name to the API server from which info will be fetched. + maxLength: 512 + minLength: 1 type: string caCertHashes: description: |- - CACertHashes specifies a set of public key pins to verify + caCertHashes specifies a set of public key pins to verify when token-based discovery is used. The root CA found during discovery must match one of these values. Specifying an empty set disables root CA pinning, which can be unsafe. Each hash is specified as ":", @@ -3351,40 +3446,41 @@ data: ASN.1. These hashes can be calculated using, for example, OpenSSL: openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex items: + maxLength: 512 + minLength: 1 type: string + maxItems: 100 type: array token: description: |- - Token is a token used to validate cluster information + token is a token used to validate cluster information fetched from the control-plane. + maxLength: 512 + minLength: 1 type: string unsafeSkipCAVerification: description: |- - UnsafeSkipCAVerification allows token-based discovery + unsafeSkipCAVerification allows token-based discovery without CA verification via CACertHashes. This can weaken the security of kubeadm since other nodes can impersonate the control-plane. type: boolean - required: - - token type: object file: description: |- - File is used to specify a file or URL to a kubeconfig file from which to load cluster information + file is used to specify a file or URL to a kubeconfig file from which to load cluster information BootstrapToken and File are mutually exclusive properties: kubeConfig: description: |- - KubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information. + kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information. The file is generated at the path specified in KubeConfigPath. - Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint. Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret. properties: cluster: description: |- - Cluster contains information about how to communicate with the kubernetes cluster. - + cluster contains information about how to communicate with the kubernetes cluster. By default the following fields are automatically populated: - Server with the Cluster's ControlPlaneEndpoint. @@ -3392,87 +3488,101 @@ data: properties: certificateAuthorityData: description: |- - CertificateAuthorityData contains PEM-encoded certificate authority certificates. - + certificateAuthorityData contains PEM-encoded certificate authority certificates. Defaults to the Cluster's CA certificate if empty. format: byte + maxLength: 51200 + minLength: 1 type: string insecureSkipTLSVerify: - description: InsecureSkipTLSVerify skips the validity + description: insecureSkipTLSVerify skips the validity check for the server's certificate. This will make your HTTPS connections insecure. type: boolean proxyURL: description: |- - ProxyURL is the URL to the proxy to be used for all requests made by this + proxyURL is the URL to the proxy to be used for all requests made by this client. URLs with "http", "https", and "socks5" schemes are supported. If this configuration is not provided or the empty string, the client attempts to construct a proxy configuration from http_proxy and https_proxy environment variables. If these environment variables are not set, the client does not attempt to proxy requests. - socks5 proxying does not currently support spdy streaming endpoints (exec, attach, port forward). + maxLength: 512 + minLength: 1 type: string server: description: |- - Server is the address of the kubernetes cluster (https://hostname:port). - + server is the address of the kubernetes cluster (https://hostname:port). Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint. + maxLength: 512 + minLength: 1 type: string tlsServerName: - description: TLSServerName is used to check server + description: tlsServerName is used to check server certificate. If TLSServerName is empty, the hostname used to contact the server is used. + maxLength: 512 + minLength: 1 type: string type: object user: description: |- - User contains information that describes identity information. + user contains information that describes identity information. This is used to tell the kubernetes cluster who you are. properties: authProvider: - description: AuthProvider specifies a custom authentication + description: authProvider specifies a custom authentication plugin for the kubernetes cluster. properties: config: additionalProperties: type: string - description: Config holds the parameters for + description: config holds the parameters for the authentication plugin. type: object name: - description: Name is the name of the authentication + description: name is the name of the authentication plugin. + maxLength: 256 + minLength: 1 type: string required: - name type: object exec: - description: Exec specifies a custom exec-based + description: exec specifies a custom exec-based authentication plugin for the kubernetes cluster. properties: apiVersion: description: |- - Preferred input version of the ExecInfo. The returned ExecCredentials MUST use + apiVersion is preferred input version of the ExecInfo. The returned ExecCredentials MUST use the same encoding version as the input. Defaults to client.authentication.k8s.io/v1 if not set. + maxLength: 512 + minLength: 1 type: string args: - description: Arguments to pass to the command - when executing it. + description: args is the arguments to pass + to the command when executing it. items: + maxLength: 512 + minLength: 1 type: string + maxItems: 100 type: array command: - description: Command to execute. + description: command to execute. + maxLength: 1024 + minLength: 1 type: string env: description: |- - Env defines additional environment variables to expose to the process. These + env defines additional environment variables to expose to the process. These are unioned with the host's environment, as well as variables client-go uses to pass argument to the plugin. items: @@ -3481,17 +3591,26 @@ data: credential plugin. properties: name: + description: name of the environment + variable + maxLength: 512 + minLength: 1 type: string value: + description: value of the environment + variable + maxLength: 512 + minLength: 1 type: string required: - name - value type: object + maxItems: 100 type: array provideClusterInfo: description: |- - ProvideClusterInfo determines whether or not to provide cluster information, + provideClusterInfo determines whether or not to provide cluster information, which could potentially contain very large CA data, to this exec plugin as a part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for @@ -3505,21 +3624,25 @@ data: - user type: object kubeConfigPath: - description: KubeConfigPath is used to specify the actual + description: kubeConfigPath is used to specify the actual file path or URL to the kubeconfig file from which to load cluster information + maxLength: 512 + minLength: 1 type: string required: - kubeConfigPath type: object timeout: - description: Timeout modifies the discovery timeout + description: timeout modifies the discovery timeout type: string tlsBootstrapToken: description: |- - TLSBootstrapToken is a token used for TLS bootstrapping. + tlsBootstrapToken is a token used for TLS bootstrapping. If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information + maxLength: 512 + minLength: 1 type: string type: object kind: @@ -3532,24 +3655,29 @@ data: type: string nodeRegistration: description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. When used in the context of control plane nodes, NodeRegistration should remain consistent across both InitConfiguration and JoinConfiguration properties: criSocket: - description: CRISocket is used to retrieve container runtime + description: criSocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use + maxLength: 512 + minLength: 1 type: string ignorePreflightErrors: - description: IgnorePreflightErrors provides a slice of pre-flight + description: ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered. items: + maxLength: 512 + minLength: 1 type: string + maxItems: 50 type: array imagePullPolicy: description: |- - ImagePullPolicy specifies the policy for image pulling + imagePullPolicy specifies the policy for image pulling during kubeadm "init" and "join" operations. The value of this field must be one of "Always", "IfNotPresent" or "Never". Defaults to "IfNotPresent". This can be used only @@ -3561,7 +3689,7 @@ data: type: string imagePullSerial: description: |- - ImagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. + imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. This option takes effect only on Kubernetes >=1.31.0. Default: true (defaulted in kubeadm) type: boolean @@ -3569,19 +3697,21 @@ data: additionalProperties: type: string description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file + kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. type: object name: description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. This field is also used in the CommonName field of the kubelet's client certificate to the API server. Defaults to the hostname of the node if not provided. + maxLength: 253 + minLength: 1 type: string taints: description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. items: @@ -3613,16 +3743,17 @@ data: - effect - key type: object + maxItems: 100 type: array type: object patches: description: |- - Patches contains options related to applying patches to components deployed by kubeadm during + patches contains options related to applying patches to components deployed by kubeadm during "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22 properties: directory: description: |- - Directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". + directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. @@ -3632,114 +3763,145 @@ data: These files can be written into the target directory via KubeadmConfig.Files which specifies additional files to be created on the machine, either with content inline or by referencing a secret. + maxLength: 512 + minLength: 1 type: string type: object skipPhases: description: |- - SkipPhases is a list of phases to skip during command execution. + skipPhases is a list of phases to skip during command execution. The list of phases can be obtained with the "kubeadm init --help" command. This option takes effect only on Kubernetes >=1.22.0. items: + maxLength: 256 + minLength: 1 type: string + maxItems: 50 type: array type: object mounts: - description: Mounts specifies a list of mount points to be setup. + description: mounts specifies a list of mount points to be setup. items: description: MountPoints defines input for generated mounts in cloud-init. items: + maxLength: 512 + minLength: 1 type: string type: array + maxItems: 100 type: array ntp: - description: NTP specifies NTP configuration + description: ntp specifies NTP configuration properties: enabled: - description: Enabled specifies whether NTP should be enabled + description: enabled specifies whether NTP should be enabled type: boolean servers: - description: Servers specifies which NTP servers to use + description: servers specifies which NTP servers to use items: + maxLength: 512 + minLength: 1 type: string + maxItems: 100 type: array type: object postKubeadmCommands: - description: PostKubeadmCommands specifies extra commands to run after - kubeadm runs + description: |- + postKubeadmCommands specifies extra commands to run after kubeadm runs. + With cloud-init, this is appended to the runcmd module configuration, and is typically executed in + the cloud-final.service systemd unit. In Ignition, this is appended to /etc/kubeadm.sh. items: + maxLength: 10240 + minLength: 1 type: string + maxItems: 1000 type: array preKubeadmCommands: - description: PreKubeadmCommands specifies extra commands to run before - kubeadm runs + description: |- + preKubeadmCommands specifies extra commands to run before kubeadm runs. + With cloud-init, this is prepended to the runcmd module configuration, and is typically executed in + the cloud-final.service systemd unit. In Ignition, this is prepended to /etc/kubeadm.sh. items: + maxLength: 10240 + minLength: 1 type: string + maxItems: 1000 type: array useExperimentalRetryJoin: description: |- - UseExperimentalRetryJoin replaces a basic kubeadm command with a shell + useExperimentalRetryJoin replaces a basic kubeadm command with a shell script with retries for joins. - This is meant to be an experimental temporary workaround on some environments where joins fail due to timing (and other issues). The long term goal is to add retries to kubeadm proper and use that functionality. - This will add about 40KB to userdata - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. - Deprecated: This experimental fix is no longer needed and this field will be removed in a future release. When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml type: boolean users: - description: Users specifies extra users to add + description: users specifies extra users to add items: description: User defines the input for a generated user in cloud-init. properties: gecos: - description: Gecos specifies the gecos to use for the user + description: gecos specifies the gecos to use for the user + maxLength: 256 + minLength: 1 type: string groups: - description: Groups specifies the additional groups for the + description: groups specifies the additional groups for the user + maxLength: 256 + minLength: 1 type: string homeDir: - description: HomeDir specifies the home directory to use for + description: homeDir specifies the home directory to use for the user + maxLength: 256 + minLength: 1 type: string inactive: - description: Inactive specifies whether to mark the user as + description: inactive specifies whether to mark the user as inactive type: boolean lockPassword: - description: LockPassword specifies if password login should + description: lockPassword specifies if password login should be disabled type: boolean name: - description: Name specifies the user name + description: name specifies the user name + maxLength: 256 + minLength: 1 type: string passwd: - description: Passwd specifies a hashed password for the user + description: passwd specifies a hashed password for the user + maxLength: 256 + minLength: 1 type: string passwdFrom: - description: PasswdFrom is a referenced source of passwd to + description: passwdFrom is a referenced source of passwd to populate the passwd. properties: secret: - description: Secret represents a secret that should populate + description: secret represents a secret that should populate this password. properties: key: - description: Key is the key in the secret's data map + description: key is the key in the secret's data map for this value. + maxLength: 256 + minLength: 1 type: string name: - description: Name of the secret in the KubeadmBootstrapConfig's + description: name of the secret in the KubeadmBootstrapConfig's namespace to use. + maxLength: 253 + minLength: 1 type: string required: - key @@ -3749,73 +3911,90 @@ data: - secret type: object primaryGroup: - description: PrimaryGroup specifies the primary group for the + description: primaryGroup specifies the primary group for the user + maxLength: 256 + minLength: 1 type: string shell: - description: Shell specifies the user's shell + description: shell specifies the user's shell + maxLength: 256 + minLength: 1 type: string sshAuthorizedKeys: - description: SSHAuthorizedKeys specifies a list of ssh authorized + description: sshAuthorizedKeys specifies a list of ssh authorized keys for the user items: + maxLength: 2048 + minLength: 1 type: string + maxItems: 100 type: array sudo: - description: Sudo specifies a sudo role for the user + description: sudo specifies a sudo role for the user + maxLength: 256 + minLength: 1 type: string required: - name type: object + maxItems: 100 type: array verbosity: description: |- - Verbosity is the number for the kubeadm log level verbosity. + verbosity is the number for the kubeadm log level verbosity. It overrides the `--v` flag in kubeadm commands. format: int32 type: integer type: object status: - description: KubeadmConfigStatus defines the observed state of KubeadmConfig. + description: status is the observed state of KubeadmConfig. properties: conditions: - description: Conditions defines current service state of the KubeadmConfig. + description: conditions defines current service state of the KubeadmConfig. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. + maxLength: 256 + minLength: 1 type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime @@ -3824,24 +4003,105 @@ data: type: object type: array dataSecretName: - description: DataSecretName is the name of the secret that stores + description: dataSecretName is the name of the secret that stores the bootstrap data script. + maxLength: 253 + minLength: 1 type: string failureMessage: - description: FailureMessage will be set on non-retryable errors + description: |- + failureMessage will be set on non-retryable errors + + Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + maxLength: 10240 + minLength: 1 type: string failureReason: - description: FailureReason will be set on non-retryable errors + description: |- + failureReason will be set on non-retryable errors + + Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + maxLength: 256 + minLength: 1 type: string observedGeneration: - description: ObservedGeneration is the latest generation observed + description: observedGeneration is the latest generation observed by the controller. format: int64 type: integer ready: - description: Ready indicates the BootstrapData field is ready to be + description: ready indicates the BootstrapData field is ready to be consumed type: boolean + v1beta2: + description: v1beta2 groups all the fields that will be added or modified + in KubeadmConfig's status with the V1Beta2 version. + properties: + conditions: + description: |- + conditions represents the observations of a KubeadmConfig's current state. + Known condition types are Ready, DataSecretAvailable, CertificatesAvailable. + items: + description: Condition contains details for one aspect of the + current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object type: object type: object served: true @@ -3854,7 +4114,7 @@ data: metadata: annotations: cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 labels: cluster.x-k8s.io/provider: bootstrap-kubeadm cluster.x-k8s.io/v1beta1: v1beta1 @@ -3888,7 +4148,6 @@ data: description: |- KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates API. - Deprecated: This type will be removed in one of the next releases. properties: apiVersion: @@ -3909,18 +4168,16 @@ data: metadata: type: object spec: - description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate. + description: spec is the desired state of KubeadmConfigTemplate. properties: template: - description: KubeadmConfigTemplateResource defines the Template structure. + description: template defines the desired state of KubeadmConfigTemplate. properties: spec: - description: |- - KubeadmConfigSpec defines the desired state of KubeadmConfig. - Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined. + description: spec is the desired state of KubeadmConfig. properties: clusterConfiguration: - description: ClusterConfiguration along with InitConfiguration + description: clusterConfiguration along with InitConfiguration are the configurations necessary for the init command properties: apiServer: @@ -3936,10 +4193,8 @@ data: extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: ExtraArgs is an extra set of flags to + pass to the control plane component. type: object extraVolumes: description: ExtraVolumes is an extra set of host @@ -4017,10 +4272,8 @@ data: extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: ExtraArgs is an extra set of flags to + pass to the control plane component. type: object extraVolumes: description: ExtraVolumes is an extra set of host @@ -4208,10 +4461,8 @@ data: extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: ExtraArgs is an extra set of flags to + pass to the control plane component. type: object extraVolumes: description: ExtraVolumes is an extra set of host @@ -4255,47 +4506,47 @@ data: type: boolean type: object diskSetup: - description: DiskSetup specifies options for the creation + description: diskSetup specifies options for the creation of partition tables and file systems on devices. properties: filesystems: - description: Filesystems specifies the list of file systems + description: filesystems specifies the list of file systems to setup. items: description: Filesystem defines the file systems to be created. properties: device: - description: Device specifies the device name + description: device specifies the device name type: string extraOpts: - description: ExtraOpts defined extra options to + description: extraOpts defined extra options to add to the command for creating the file system. items: type: string type: array filesystem: - description: Filesystem specifies the file system + description: filesystem specifies the file system type. type: string label: - description: Label specifies the file system label + description: label specifies the file system label to be used. If set to None, no label is used. type: string overwrite: description: |- - Overwrite defines whether or not to overwrite any existing filesystem. + overwrite defines whether or not to overwrite any existing filesystem. If true, any pre-existing file system will be destroyed. Use with Caution. type: boolean partition: - description: 'Partition specifies the partition + description: 'partition specifies the partition to use. The valid options are: "auto|any", "auto", "any", "none", and , where NUM is the actual partition number.' type: string replaceFS: description: |- - ReplaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . + replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . NOTE: unless you define a label, this requires the use of the 'any' partition directive. type: string required: @@ -4305,29 +4556,29 @@ data: type: object type: array partitions: - description: Partitions specifies the list of the partitions + description: partitions specifies the list of the partitions to setup. items: description: Partition defines how to create and layout a partition. properties: device: - description: Device is the name of the device. + description: device is the name of the device. type: string layout: description: |- - Layout specifies the device layout. + layout specifies the device layout. If it is true, a single partition will be created for the entire device. When layout is false, it means don't partition or ignore existing partitioning. type: boolean overwrite: description: |- - Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. + overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. Use with caution. Default is 'false'. type: boolean tableType: description: |- - TableType specifies the tupe of partition table. The following are supported: + tableType specifies the tupe of partition table. The following are supported: 'mbr': default and setups a MS-DOS partition table 'gpt': setups a GPT partition table type: string @@ -4338,29 +4589,29 @@ data: type: array type: object files: - description: Files specifies extra files to be passed to user_data + description: files specifies extra files to be passed to user_data upon creation. items: description: File defines the input for generating write_files in cloud-init. properties: content: - description: Content is the actual content of the file. + description: content is the actual content of the file. type: string contentFrom: - description: ContentFrom is a referenced source of content + description: contentFrom is a referenced source of content to populate the file. properties: secret: - description: Secret represents a secret that should + description: secret represents a secret that should populate this file. properties: key: - description: Key is the key in the secret's + description: key is the key in the secret's data map for this value. type: string name: - description: Name of the secret in the KubeadmBootstrapConfig's + description: name of the secret in the KubeadmBootstrapConfig's namespace to use. type: string required: @@ -4371,7 +4622,7 @@ data: - secret type: object encoding: - description: Encoding specifies the encoding of the + description: encoding specifies the encoding of the file contents. enum: - base64 @@ -4379,15 +4630,15 @@ data: - gzip+base64 type: string owner: - description: Owner specifies the ownership of the file, + description: owner specifies the ownership of the file, e.g. "root:root". type: string path: - description: Path specifies the full path on disk where + description: path specifies the full path on disk where to store the file. type: string permissions: - description: Permissions specifies the permissions to + description: permissions specifies the permissions to assign to the file, e.g. "0640". type: string required: @@ -4395,13 +4646,13 @@ data: type: object type: array format: - description: Format specifies the output format of the bootstrap + description: format specifies the output format of the bootstrap data enum: - cloud-config type: string initConfiguration: - description: InitConfiguration along with ClusterConfiguration + description: initConfiguration along with ClusterConfiguration are the configurations necessary for the init command properties: apiVersion: @@ -4552,7 +4803,7 @@ data: type: object type: object joinConfiguration: - description: JoinConfiguration is the kubeadm configuration + description: joinConfiguration is the kubeadm configuration for the join command properties: apiVersion: @@ -4567,7 +4818,6 @@ data: CACertPath is the path to the SSL certificate authority used to secure comunications between node and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". - TODO: revisit when there is defaulting from k/k type: string controlPlane: description: |- @@ -4595,9 +4845,8 @@ data: type: object type: object discovery: - description: |- - Discovery specifies the options for the kubelet to use during the TLS Bootstrap process - TODO: revisit when there is defaulting from k/k + description: Discovery specifies the options for the kubelet + to use during the TLS Bootstrap process properties: bootstrapToken: description: |- @@ -4658,7 +4907,6 @@ data: TLSBootstrapToken is a token used for TLS bootstrapping. If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information - TODO: revisit when there is defaulting from k/k type: string type: object kind: @@ -4732,7 +4980,7 @@ data: type: object type: object mounts: - description: Mounts specifies a list of mount points to be + description: mounts specifies a list of mount points to be setup. items: description: MountPoints defines input for generated mounts @@ -4742,93 +4990,90 @@ data: type: array type: array ntp: - description: NTP specifies NTP configuration + description: ntp specifies NTP configuration properties: enabled: - description: Enabled specifies whether NTP should be enabled + description: enabled specifies whether NTP should be enabled type: boolean servers: - description: Servers specifies which NTP servers to use + description: servers specifies which NTP servers to use items: type: string type: array type: object postKubeadmCommands: - description: PostKubeadmCommands specifies extra commands + description: postKubeadmCommands specifies extra commands to run after kubeadm runs items: type: string type: array preKubeadmCommands: - description: PreKubeadmCommands specifies extra commands to + description: preKubeadmCommands specifies extra commands to run before kubeadm runs items: type: string type: array useExperimentalRetryJoin: description: |- - UseExperimentalRetryJoin replaces a basic kubeadm command with a shell + useExperimentalRetryJoin replaces a basic kubeadm command with a shell script with retries for joins. - This is meant to be an experimental temporary workaround on some environments where joins fail due to timing (and other issues). The long term goal is to add retries to kubeadm proper and use that functionality. - This will add about 40KB to userdata - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. type: boolean users: - description: Users specifies extra users to add + description: users specifies extra users to add items: description: User defines the input for a generated user in cloud-init. properties: gecos: - description: Gecos specifies the gecos to use for the + description: gecos specifies the gecos to use for the user type: string groups: - description: Groups specifies the additional groups + description: groups specifies the additional groups for the user type: string homeDir: - description: HomeDir specifies the home directory to + description: homeDir specifies the home directory to use for the user type: string inactive: - description: Inactive specifies whether to mark the + description: inactive specifies whether to mark the user as inactive type: boolean lockPassword: - description: LockPassword specifies if password login + description: lockPassword specifies if password login should be disabled type: boolean name: - description: Name specifies the user name + description: name specifies the user name type: string passwd: - description: Passwd specifies a hashed password for + description: passwd specifies a hashed password for the user type: string primaryGroup: - description: PrimaryGroup specifies the primary group + description: primaryGroup specifies the primary group for the user type: string shell: - description: Shell specifies the user's shell + description: shell specifies the user's shell type: string sshAuthorizedKeys: - description: SSHAuthorizedKeys specifies a list of ssh + description: sshAuthorizedKeys specifies a list of ssh authorized keys for the user items: type: string type: array sudo: - description: Sudo specifies a sudo role for the user + description: sudo specifies a sudo role for the user type: string required: - name @@ -4836,7 +5081,7 @@ data: type: array verbosity: description: |- - Verbosity is the number for the kubeadm log level verbosity. + verbosity is the number for the kubeadm log level verbosity. It overrides the `--v` flag in kubeadm commands. format: int32 type: integer @@ -4860,7 +5105,6 @@ data: description: |- KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates API. - Deprecated: This type will be removed in one of the next releases. properties: apiVersion: @@ -4881,26 +5125,24 @@ data: metadata: type: object spec: - description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate. + description: spec is the desired state of KubeadmConfigTemplate. properties: template: - description: KubeadmConfigTemplateResource defines the Template structure. + description: template defines the desired state of KubeadmConfigTemplate. properties: spec: - description: |- - KubeadmConfigSpec defines the desired state of KubeadmConfig. - Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined. + description: spec is the desired state of KubeadmConfig. properties: clusterConfiguration: - description: ClusterConfiguration along with InitConfiguration + description: clusterConfiguration along with InitConfiguration are the configurations necessary for the init command properties: apiServer: - description: APIServer contains extra settings for the + description: apiServer contains extra settings for the API server control plane component properties: certSANs: - description: CertSANs sets extra Subject Alternative + description: certSANs sets extra Subject Alternative Names for the API Server signing cert. items: type: string @@ -4908,13 +5150,11 @@ data: extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: extraArgs is an extra set of flags to + pass to the control plane component. type: object extraVolumes: - description: ExtraVolumes is an extra set of host + description: extraVolumes is an extra set of host volumes, mounted to the control plane component. items: description: |- @@ -4923,22 +5163,22 @@ data: properties: hostPath: description: |- - HostPath is the path in the host that will be mounted inside + hostPath is the path in the host that will be mounted inside the pod. type: string mountPath: - description: MountPath is the path inside the + description: mountPath is the path inside the pod where hostPath will be mounted. type: string name: - description: Name of the volume inside the pod + description: name of the volume inside the pod template. type: string pathType: - description: PathType is the type of the HostPath. + description: pathType is the type of the HostPath. type: string readOnly: - description: ReadOnly controls write access + description: readOnly controls write access to the volume type: boolean required: @@ -4948,7 +5188,7 @@ data: type: object type: array timeoutForControlPlane: - description: TimeoutForControlPlane controls the timeout + description: timeoutForControlPlane controls the timeout that we use for API server to appear type: string type: object @@ -4961,15 +5201,15 @@ data: type: string certificatesDir: description: |- - CertificatesDir specifies where to store or look for all required certificates. + certificatesDir specifies where to store or look for all required certificates. NB: if not provided, this will default to `/etc/kubernetes/pki` type: string clusterName: - description: The cluster name + description: clusterName is the cluster name type: string controlPlaneEndpoint: description: |- - ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it + controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint is specified but without a TCP port, @@ -4983,19 +5223,17 @@ data: NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. type: string controllerManager: - description: ControllerManager contains extra settings + description: controllerManager contains extra settings for the controller manager control plane component properties: extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: extraArgs is an extra set of flags to + pass to the control plane component. type: object extraVolumes: - description: ExtraVolumes is an extra set of host + description: extraVolumes is an extra set of host volumes, mounted to the control plane component. items: description: |- @@ -5004,22 +5242,22 @@ data: properties: hostPath: description: |- - HostPath is the path in the host that will be mounted inside + hostPath is the path in the host that will be mounted inside the pod. type: string mountPath: - description: MountPath is the path inside the + description: mountPath is the path inside the pod where hostPath will be mounted. type: string name: - description: Name of the volume inside the pod + description: name of the volume inside the pod template. type: string pathType: - description: PathType is the type of the HostPath. + description: pathType is the type of the HostPath. type: string readOnly: - description: ReadOnly controls write access + description: readOnly controls write access to the volume type: boolean required: @@ -5030,49 +5268,49 @@ data: type: array type: object dns: - description: DNS defines the options for the DNS add-on + description: dns defines the options for the DNS add-on installed in the cluster. properties: imageRepository: description: |- - ImageRepository sets the container registry to pull images from. + imageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead. type: string imageTag: description: |- - ImageTag allows to specify a tag for the image. + imageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. type: string type: object etcd: description: |- - Etcd holds configuration for etcd. + etcd holds configuration for etcd. NB: This value defaults to a Local (stacked) etcd properties: external: description: |- - External describes how to connect to an external etcd cluster + external describes how to connect to an external etcd cluster Local and External are mutually exclusive properties: caFile: description: |- - CAFile is an SSL Certificate Authority file used to secure etcd communication. + caFile is an SSL Certificate Authority file used to secure etcd communication. Required if using a TLS connection. type: string certFile: description: |- - CertFile is an SSL certification file used to secure etcd communication. + certFile is an SSL certification file used to secure etcd communication. Required if using a TLS connection. type: string endpoints: - description: Endpoints of etcd members. Required + description: endpoints of etcd members. Required for ExternalEtcd. items: type: string type: array keyFile: description: |- - KeyFile is an SSL key file used to secure etcd communication. + keyFile is an SSL key file used to secure etcd communication. Required if using a TLS connection. type: string required: @@ -5083,39 +5321,39 @@ data: type: object local: description: |- - Local provides configuration knobs for configuring the local etcd instance + local provides configuration knobs for configuring the local etcd instance Local and External are mutually exclusive properties: dataDir: description: |- - DataDir is the directory etcd will place its data. + dataDir is the directory etcd will place its data. Defaults to "/var/lib/etcd". type: string extraArgs: additionalProperties: type: string description: |- - ExtraArgs are extra arguments provided to the etcd binary + extraArgs are extra arguments provided to the etcd binary when run inside a static pod. type: object imageRepository: description: |- - ImageRepository sets the container registry to pull images from. + imageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead. type: string imageTag: description: |- - ImageTag allows to specify a tag for the image. + imageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. type: string peerCertSANs: - description: PeerCertSANs sets extra Subject Alternative + description: peerCertSANs sets extra Subject Alternative Names for the etcd peer signing cert. items: type: string type: array serverCertSANs: - description: ServerCertSANs sets extra Subject + description: serverCertSANs sets extra Subject Alternative Names for the etcd server signing cert. items: @@ -5126,11 +5364,11 @@ data: featureGates: additionalProperties: type: boolean - description: FeatureGates enabled by the user. + description: featureGates enabled by the user. type: object imageRepository: description: |- - ImageRepository sets the container registry to pull images from. + imageRepository sets the container registry to pull images from. If empty, `registry.k8s.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `registry.k8s.io` will be used for all the other images. @@ -5145,45 +5383,43 @@ data: type: string kubernetesVersion: description: |- - KubernetesVersion is the target version of the control plane. + kubernetesVersion is the target version of the control plane. NB: This value defaults to the Machine object spec.version type: string networking: description: |- - Networking holds configuration for the networking topology of the cluster. + networking holds configuration for the networking topology of the cluster. NB: This value defaults to the Cluster object spec.clusterNetwork. properties: dnsDomain: - description: DNSDomain is the dns domain used by k8s + description: dnsDomain is the dns domain used by k8s services. Defaults to "cluster.local". type: string podSubnet: description: |- - PodSubnet is the subnet used by pods. + podSubnet is the subnet used by pods. If unset, the API server will not allocate CIDR ranges for every node. Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set type: string serviceSubnet: description: |- - ServiceSubnet is the subnet used by k8s services. + serviceSubnet is the subnet used by k8s services. Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12" if that's unset. type: string type: object scheduler: - description: Scheduler contains extra settings for the + description: scheduler contains extra settings for the scheduler control plane component properties: extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: extraArgs is an extra set of flags to + pass to the control plane component. type: object extraVolumes: - description: ExtraVolumes is an extra set of host + description: extraVolumes is an extra set of host volumes, mounted to the control plane component. items: description: |- @@ -5192,22 +5428,22 @@ data: properties: hostPath: description: |- - HostPath is the path in the host that will be mounted inside + hostPath is the path in the host that will be mounted inside the pod. type: string mountPath: - description: MountPath is the path inside the + description: mountPath is the path inside the pod where hostPath will be mounted. type: string name: - description: Name of the volume inside the pod + description: name of the volume inside the pod template. type: string pathType: - description: PathType is the type of the HostPath. + description: pathType is the type of the HostPath. type: string readOnly: - description: ReadOnly controls write access + description: readOnly controls write access to the volume type: boolean required: @@ -5219,47 +5455,47 @@ data: type: object type: object diskSetup: - description: DiskSetup specifies options for the creation + description: diskSetup specifies options for the creation of partition tables and file systems on devices. properties: filesystems: - description: Filesystems specifies the list of file systems + description: filesystems specifies the list of file systems to setup. items: description: Filesystem defines the file systems to be created. properties: device: - description: Device specifies the device name + description: device specifies the device name type: string extraOpts: - description: ExtraOpts defined extra options to + description: extraOpts defined extra options to add to the command for creating the file system. items: type: string type: array filesystem: - description: Filesystem specifies the file system + description: filesystem specifies the file system type. type: string label: - description: Label specifies the file system label + description: label specifies the file system label to be used. If set to None, no label is used. type: string overwrite: description: |- - Overwrite defines whether or not to overwrite any existing filesystem. + overwrite defines whether or not to overwrite any existing filesystem. If true, any pre-existing file system will be destroyed. Use with Caution. type: boolean partition: - description: 'Partition specifies the partition + description: 'partition specifies the partition to use. The valid options are: "auto|any", "auto", "any", "none", and , where NUM is the actual partition number.' type: string replaceFS: description: |- - ReplaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . + replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . NOTE: unless you define a label, this requires the use of the 'any' partition directive. type: string required: @@ -5269,29 +5505,29 @@ data: type: object type: array partitions: - description: Partitions specifies the list of the partitions + description: partitions specifies the list of the partitions to setup. items: description: Partition defines how to create and layout a partition. properties: device: - description: Device is the name of the device. + description: device is the name of the device. type: string layout: description: |- - Layout specifies the device layout. + layout specifies the device layout. If it is true, a single partition will be created for the entire device. When layout is false, it means don't partition or ignore existing partitioning. type: boolean overwrite: description: |- - Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. + overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. Use with caution. Default is 'false'. type: boolean tableType: description: |- - TableType specifies the tupe of partition table. The following are supported: + tableType specifies the tupe of partition table. The following are supported: 'mbr': default and setups a MS-DOS partition table 'gpt': setups a GPT partition table type: string @@ -5302,29 +5538,29 @@ data: type: array type: object files: - description: Files specifies extra files to be passed to user_data + description: files specifies extra files to be passed to user_data upon creation. items: description: File defines the input for generating write_files in cloud-init. properties: content: - description: Content is the actual content of the file. + description: content is the actual content of the file. type: string contentFrom: - description: ContentFrom is a referenced source of content + description: contentFrom is a referenced source of content to populate the file. properties: secret: - description: Secret represents a secret that should + description: secret represents a secret that should populate this file. properties: key: - description: Key is the key in the secret's + description: key is the key in the secret's data map for this value. type: string name: - description: Name of the secret in the KubeadmBootstrapConfig's + description: name of the secret in the KubeadmBootstrapConfig's namespace to use. type: string required: @@ -5335,7 +5571,7 @@ data: - secret type: object encoding: - description: Encoding specifies the encoding of the + description: encoding specifies the encoding of the file contents. enum: - base64 @@ -5343,15 +5579,15 @@ data: - gzip+base64 type: string owner: - description: Owner specifies the ownership of the file, + description: owner specifies the ownership of the file, e.g. "root:root". type: string path: - description: Path specifies the full path on disk where + description: path specifies the full path on disk where to store the file. type: string permissions: - description: Permissions specifies the permissions to + description: permissions specifies the permissions to assign to the file, e.g. "0640". type: string required: @@ -5359,13 +5595,13 @@ data: type: object type: array format: - description: Format specifies the output format of the bootstrap + description: format specifies the output format of the bootstrap data enum: - cloud-config type: string initConfiguration: - description: InitConfiguration along with ClusterConfiguration + description: initConfiguration along with ClusterConfiguration are the configurations necessary for the init command properties: apiVersion: @@ -5377,7 +5613,7 @@ data: type: string bootstrapTokens: description: |- - BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. + bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature items: description: BootstrapToken describes one bootstrap @@ -5385,35 +5621,35 @@ data: properties: description: description: |- - Description sets a human-friendly message why this token exists and what it's used + description sets a human-friendly message why this token exists and what it's used for, so other administrators can know its purpose. type: string expires: description: |- - Expires specifies the timestamp when this token expires. Defaults to being set + expires specifies the timestamp when this token expires. Defaults to being set dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. format: date-time type: string groups: description: |- - Groups specifies the extra groups that this token will authenticate as when/if + groups specifies the extra groups that this token will authenticate as when/if used for authentication items: type: string type: array token: description: |- - Token is used for establishing bidirectional trust between nodes and control-planes. + token is used for establishing bidirectional trust between nodes and control-planes. Used for joining nodes in the cluster. type: string ttl: description: |- - TTL defines the time to live for this token. Defaults to 24h. + ttl defines the time to live for this token. Defaults to 24h. Expires and TTL are mutually exclusive. type: string usages: description: |- - Usages describes the ways in which this token can be used. Can by default be used + usages describes the ways in which this token can be used. Can by default be used for establishing bidirectional trust, but that can be changed here. items: type: string @@ -5432,7 +5668,7 @@ data: type: string localAPIEndpoint: description: |- - LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node + localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible @@ -5440,29 +5676,29 @@ data: fails you may set the desired value here. properties: advertiseAddress: - description: AdvertiseAddress sets the IP address + description: advertiseAddress sets the IP address for the API server to advertise. type: string bindPort: description: |- - BindPort sets the secure port for the API Server to bind to. + bindPort sets the secure port for the API Server to bind to. Defaults to 6443. format: int32 type: integer type: object nodeRegistration: description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. When used in the context of control plane nodes, NodeRegistration should remain consistent across both InitConfiguration and JoinConfiguration properties: criSocket: - description: CRISocket is used to retrieve container + description: criSocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use type: string ignorePreflightErrors: - description: IgnorePreflightErrors provides a slice + description: ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered. items: @@ -5472,19 +5708,19 @@ data: additionalProperties: type: string description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file + kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. type: object name: description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. This field is also used in the CommonName field of the kubelet's client certificate to the API server. Defaults to the hostname of the node if not provided. type: string taints: description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. items: @@ -5520,7 +5756,7 @@ data: type: object type: object joinConfiguration: - description: JoinConfiguration is the kubeadm configuration + description: joinConfiguration is the kubeadm configuration for the join command properties: apiVersion: @@ -5532,51 +5768,49 @@ data: type: string caCertPath: description: |- - CACertPath is the path to the SSL certificate authority used to + caCertPath is the path to the SSL certificate authority used to secure comunications between node and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". - TODO: revisit when there is defaulting from k/k type: string controlPlane: description: |- - ControlPlane defines the additional control plane instance to be deployed on the joining node. + controlPlane defines the additional control plane instance to be deployed on the joining node. If nil, no additional control plane instance will be deployed. properties: localAPIEndpoint: - description: LocalAPIEndpoint represents the endpoint + description: localAPIEndpoint represents the endpoint of the API server instance to be deployed on this node. properties: advertiseAddress: - description: AdvertiseAddress sets the IP address + description: advertiseAddress sets the IP address for the API server to advertise. type: string bindPort: description: |- - BindPort sets the secure port for the API Server to bind to. + bindPort sets the secure port for the API Server to bind to. Defaults to 6443. format: int32 type: integer type: object type: object discovery: - description: |- - Discovery specifies the options for the kubelet to use during the TLS Bootstrap process - TODO: revisit when there is defaulting from k/k + description: discovery specifies the options for the kubelet + to use during the TLS Bootstrap process properties: bootstrapToken: description: |- - BootstrapToken is used to set the options for bootstrap token based discovery + bootstrapToken is used to set the options for bootstrap token based discovery BootstrapToken and File are mutually exclusive properties: apiServerEndpoint: - description: APIServerEndpoint is an IP or domain + description: apiServerEndpoint is an IP or domain name to the API server from which info will be fetched. type: string caCertHashes: description: |- - CACertHashes specifies a set of public key pins to verify + caCertHashes specifies a set of public key pins to verify when token-based discovery is used. The root CA found during discovery must match one of these values. Specifying an empty set disables root CA pinning, which can be unsafe. Each hash is specified as ":", @@ -5589,12 +5823,12 @@ data: type: array token: description: |- - Token is a token used to validate cluster information + token is a token used to validate cluster information fetched from the control-plane. type: string unsafeSkipCAVerification: description: |- - UnsafeSkipCAVerification allows token-based discovery + unsafeSkipCAVerification allows token-based discovery without CA verification via CACertHashes. This can weaken the security of kubeadm since other nodes can impersonate the control-plane. type: boolean @@ -5603,11 +5837,11 @@ data: type: object file: description: |- - File is used to specify a file or URL to a kubeconfig file from which to load cluster information + file is used to specify a file or URL to a kubeconfig file from which to load cluster information BootstrapToken and File are mutually exclusive properties: kubeConfigPath: - description: KubeConfigPath is used to specify + description: kubeConfigPath is used to specify the actual file path or URL to the kubeconfig file from which to load cluster information type: string @@ -5615,11 +5849,11 @@ data: - kubeConfigPath type: object timeout: - description: Timeout modifies the discovery timeout + description: timeout modifies the discovery timeout type: string tlsBootstrapToken: description: |- - TLSBootstrapToken is a token used for TLS bootstrapping. + tlsBootstrapToken is a token used for TLS bootstrapping. If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information type: string @@ -5634,17 +5868,17 @@ data: type: string nodeRegistration: description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. When used in the context of control plane nodes, NodeRegistration should remain consistent across both InitConfiguration and JoinConfiguration properties: criSocket: - description: CRISocket is used to retrieve container + description: criSocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use type: string ignorePreflightErrors: - description: IgnorePreflightErrors provides a slice + description: ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered. items: @@ -5654,19 +5888,19 @@ data: additionalProperties: type: string description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file + kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. type: object name: description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. This field is also used in the CommonName field of the kubelet's client certificate to the API server. Defaults to the hostname of the node if not provided. type: string taints: description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. items: @@ -5702,7 +5936,7 @@ data: type: object type: object mounts: - description: Mounts specifies a list of mount points to be + description: mounts specifies a list of mount points to be setup. items: description: MountPoints defines input for generated mounts @@ -5712,93 +5946,90 @@ data: type: array type: array ntp: - description: NTP specifies NTP configuration + description: ntp specifies NTP configuration properties: enabled: - description: Enabled specifies whether NTP should be enabled + description: enabled specifies whether NTP should be enabled type: boolean servers: - description: Servers specifies which NTP servers to use + description: servers specifies which NTP servers to use items: type: string type: array type: object postKubeadmCommands: - description: PostKubeadmCommands specifies extra commands + description: postKubeadmCommands specifies extra commands to run after kubeadm runs items: type: string type: array preKubeadmCommands: - description: PreKubeadmCommands specifies extra commands to + description: preKubeadmCommands specifies extra commands to run before kubeadm runs items: type: string type: array useExperimentalRetryJoin: description: |- - UseExperimentalRetryJoin replaces a basic kubeadm command with a shell + useExperimentalRetryJoin replaces a basic kubeadm command with a shell script with retries for joins. - This is meant to be an experimental temporary workaround on some environments where joins fail due to timing (and other issues). The long term goal is to add retries to kubeadm proper and use that functionality. - This will add about 40KB to userdata - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. type: boolean users: - description: Users specifies extra users to add + description: users specifies extra users to add items: description: User defines the input for a generated user in cloud-init. properties: gecos: - description: Gecos specifies the gecos to use for the + description: gecos specifies the gecos to use for the user type: string groups: - description: Groups specifies the additional groups + description: groups specifies the additional groups for the user type: string homeDir: - description: HomeDir specifies the home directory to + description: homeDir specifies the home directory to use for the user type: string inactive: - description: Inactive specifies whether to mark the + description: inactive specifies whether to mark the user as inactive type: boolean lockPassword: - description: LockPassword specifies if password login + description: lockPassword specifies if password login should be disabled type: boolean name: - description: Name specifies the user name + description: name specifies the user name type: string passwd: - description: Passwd specifies a hashed password for + description: passwd specifies a hashed password for the user type: string primaryGroup: - description: PrimaryGroup specifies the primary group + description: primaryGroup specifies the primary group for the user type: string shell: - description: Shell specifies the user's shell + description: shell specifies the user's shell type: string sshAuthorizedKeys: - description: SSHAuthorizedKeys specifies a list of ssh + description: sshAuthorizedKeys specifies a list of ssh authorized keys for the user items: type: string type: array sudo: - description: Sudo specifies a sudo role for the user + description: sudo specifies a sudo role for the user type: string required: - name @@ -5806,7 +6037,7 @@ data: type: array verbosity: description: |- - Verbosity is the number for the kubeadm log level verbosity. + verbosity is the number for the kubeadm log level verbosity. It overrides the `--v` flag in kubeadm commands. format: int32 type: integer @@ -5848,21 +6079,21 @@ data: metadata: type: object spec: - description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate. + description: spec is the desired state of KubeadmConfigTemplate. properties: template: - description: KubeadmConfigTemplateResource defines the Template structure. + description: template defines the desired state of KubeadmConfigTemplate. properties: metadata: description: |- - Standard object's metadata. + metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata properties: annotations: additionalProperties: type: string description: |- - Annotations is an unstructured key value map stored with a resource that may be + annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations @@ -5871,42 +6102,52 @@ data: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels type: object type: object spec: - description: |- - KubeadmConfigSpec defines the desired state of KubeadmConfig. - Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined. + description: spec is the desired state of KubeadmConfig. properties: + bootCommands: + description: |- + bootCommands specifies extra commands to run very early in the boot process via the cloud-init bootcmd + module. bootcmd will run on every boot, 'cloud-init-per' command can be used to make bootcmd run exactly + once. This is typically run in the cloud-init.service systemd unit. This has no effect in Ignition. + items: + maxLength: 10240 + minLength: 1 + type: string + maxItems: 1000 + type: array clusterConfiguration: - description: ClusterConfiguration along with InitConfiguration + description: clusterConfiguration along with InitConfiguration are the configurations necessary for the init command properties: apiServer: - description: APIServer contains extra settings for the + description: apiServer contains extra settings for the API server control plane component properties: certSANs: - description: CertSANs sets extra Subject Alternative + description: certSANs sets extra Subject Alternative Names for the API Server signing cert. items: + maxLength: 253 + minLength: 1 type: string + maxItems: 100 type: array extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: extraArgs is an extra set of flags to + pass to the control plane component. type: object extraEnvs: description: |- - ExtraEnvs is an extra set of environment variables to pass to the control plane component. + extraEnvs is an extra set of environment variables to pass to the control plane component. Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. This option takes effect only on Kubernetes >=1.31.0. items: @@ -5946,9 +6187,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -6018,9 +6257,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -6034,9 +6271,10 @@ data: required: - name type: object + maxItems: 100 type: array extraVolumes: - description: ExtraVolumes is an extra set of host + description: extraVolumes is an extra set of host volumes, mounted to the control plane component. items: description: |- @@ -6045,22 +6283,28 @@ data: properties: hostPath: description: |- - HostPath is the path in the host that will be mounted inside + hostPath is the path in the host that will be mounted inside the pod. + maxLength: 512 + minLength: 1 type: string mountPath: - description: MountPath is the path inside the + description: mountPath is the path inside the pod where hostPath will be mounted. + maxLength: 512 + minLength: 1 type: string name: - description: Name of the volume inside the pod + description: name of the volume inside the pod template. + maxLength: 512 + minLength: 1 type: string pathType: - description: PathType is the type of the HostPath. + description: pathType is the type of the HostPath. type: string readOnly: - description: ReadOnly controls write access + description: readOnly controls write access to the volume type: boolean required: @@ -6068,9 +6312,10 @@ data: - mountPath - name type: object + maxItems: 100 type: array timeoutForControlPlane: - description: TimeoutForControlPlane controls the timeout + description: timeoutForControlPlane controls the timeout that we use for API server to appear type: string type: object @@ -6083,15 +6328,19 @@ data: type: string certificatesDir: description: |- - CertificatesDir specifies where to store or look for all required certificates. + certificatesDir specifies where to store or look for all required certificates. NB: if not provided, this will default to `/etc/kubernetes/pki` + maxLength: 512 + minLength: 1 type: string clusterName: - description: The cluster name + description: clusterName is the cluster name + maxLength: 63 + minLength: 1 type: string controlPlaneEndpoint: description: |- - ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it + controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint is specified but without a TCP port, @@ -6103,22 +6352,22 @@ data: e.g. in environments with enforced node recycling, the ControlPlaneEndpoint could be used for assigning a stable DNS to the control plane. NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. + maxLength: 512 + minLength: 1 type: string controllerManager: - description: ControllerManager contains extra settings + description: controllerManager contains extra settings for the controller manager control plane component properties: extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: extraArgs is an extra set of flags to + pass to the control plane component. type: object extraEnvs: description: |- - ExtraEnvs is an extra set of environment variables to pass to the control plane component. + extraEnvs is an extra set of environment variables to pass to the control plane component. Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. This option takes effect only on Kubernetes >=1.31.0. items: @@ -6158,9 +6407,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -6230,9 +6477,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -6246,9 +6491,10 @@ data: required: - name type: object + maxItems: 100 type: array extraVolumes: - description: ExtraVolumes is an extra set of host + description: extraVolumes is an extra set of host volumes, mounted to the control plane component. items: description: |- @@ -6257,22 +6503,28 @@ data: properties: hostPath: description: |- - HostPath is the path in the host that will be mounted inside + hostPath is the path in the host that will be mounted inside the pod. + maxLength: 512 + minLength: 1 type: string mountPath: - description: MountPath is the path inside the + description: mountPath is the path inside the pod where hostPath will be mounted. + maxLength: 512 + minLength: 1 type: string name: - description: Name of the volume inside the pod + description: name of the volume inside the pod template. + maxLength: 512 + minLength: 1 type: string pathType: - description: PathType is the type of the HostPath. + description: pathType is the type of the HostPath. type: string readOnly: - description: ReadOnly controls write access + description: readOnly controls write access to the volume type: boolean required: @@ -6280,53 +6532,67 @@ data: - mountPath - name type: object + maxItems: 100 type: array type: object dns: - description: DNS defines the options for the DNS add-on + description: dns defines the options for the DNS add-on installed in the cluster. properties: imageRepository: description: |- - ImageRepository sets the container registry to pull images from. + imageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead. + maxLength: 512 + minLength: 1 type: string imageTag: description: |- - ImageTag allows to specify a tag for the image. + imageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. + maxLength: 256 + minLength: 1 type: string type: object etcd: description: |- - Etcd holds configuration for etcd. + etcd holds configuration for etcd. NB: This value defaults to a Local (stacked) etcd properties: external: description: |- - External describes how to connect to an external etcd cluster + external describes how to connect to an external etcd cluster Local and External are mutually exclusive properties: caFile: description: |- - CAFile is an SSL Certificate Authority file used to secure etcd communication. + caFile is an SSL Certificate Authority file used to secure etcd communication. Required if using a TLS connection. + maxLength: 512 + minLength: 1 type: string certFile: description: |- - CertFile is an SSL certification file used to secure etcd communication. + certFile is an SSL certification file used to secure etcd communication. Required if using a TLS connection. + maxLength: 512 + minLength: 1 type: string endpoints: - description: Endpoints of etcd members. Required + description: endpoints of etcd members. Required for ExternalEtcd. items: + maxLength: 512 + minLength: 1 type: string + maxItems: 50 type: array keyFile: description: |- - KeyFile is an SSL key file used to secure etcd communication. + keyFile is an SSL key file used to secure etcd communication. Required if using a TLS connection. + maxLength: 512 + minLength: 1 type: string required: - caFile @@ -6336,24 +6602,26 @@ data: type: object local: description: |- - Local provides configuration knobs for configuring the local etcd instance + local provides configuration knobs for configuring the local etcd instance Local and External are mutually exclusive properties: dataDir: description: |- - DataDir is the directory etcd will place its data. + dataDir is the directory etcd will place its data. Defaults to "/var/lib/etcd". + maxLength: 512 + minLength: 1 type: string extraArgs: additionalProperties: type: string description: |- - ExtraArgs are extra arguments provided to the etcd binary + extraArgs are extra arguments provided to the etcd binary when run inside a static pod. type: object extraEnvs: description: |- - ExtraEnvs is an extra set of environment variables to pass to the control plane component. + extraEnvs is an extra set of environment variables to pass to the control plane component. Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. This option takes effect only on Kubernetes >=1.31.0. items: @@ -6394,9 +6662,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the @@ -6467,9 +6733,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the @@ -6483,40 +6747,51 @@ data: required: - name type: object + maxItems: 100 type: array imageRepository: description: |- - ImageRepository sets the container registry to pull images from. + imageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead. + maxLength: 512 + minLength: 1 type: string imageTag: description: |- - ImageTag allows to specify a tag for the image. + imageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. + maxLength: 256 + minLength: 1 type: string peerCertSANs: - description: PeerCertSANs sets extra Subject Alternative + description: peerCertSANs sets extra Subject Alternative Names for the etcd peer signing cert. items: + maxLength: 253 + minLength: 1 type: string + maxItems: 100 type: array serverCertSANs: - description: ServerCertSANs sets extra Subject + description: serverCertSANs sets extra Subject Alternative Names for the etcd server signing cert. items: + maxLength: 253 + minLength: 1 type: string + maxItems: 100 type: array type: object type: object featureGates: additionalProperties: type: boolean - description: FeatureGates enabled by the user. + description: featureGates enabled by the user. type: object imageRepository: description: |- - ImageRepository sets the container registry to pull images from. + imageRepository sets the container registry to pull images from. * If not set, the default registry of kubeadm will be used, i.e. * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 * k8s.gcr.io (old registry): all older versions @@ -6525,8 +6800,10 @@ data: a newer patch version with the new registry instead (i.e. >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0). * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) - `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components + `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `registry.k8s.io` will be used for all the other images. + maxLength: 512 + minLength: 1 type: string kind: description: |- @@ -6538,46 +6815,52 @@ data: type: string kubernetesVersion: description: |- - KubernetesVersion is the target version of the control plane. + kubernetesVersion is the target version of the control plane. NB: This value defaults to the Machine object spec.version + maxLength: 256 + minLength: 1 type: string networking: description: |- - Networking holds configuration for the networking topology of the cluster. + networking holds configuration for the networking topology of the cluster. NB: This value defaults to the Cluster object spec.clusterNetwork. properties: dnsDomain: - description: DNSDomain is the dns domain used by k8s + description: dnsDomain is the dns domain used by k8s services. Defaults to "cluster.local". + maxLength: 253 + minLength: 1 type: string podSubnet: description: |- - PodSubnet is the subnet used by pods. + podSubnet is the subnet used by pods. If unset, the API server will not allocate CIDR ranges for every node. Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set + maxLength: 1024 + minLength: 1 type: string serviceSubnet: description: |- - ServiceSubnet is the subnet used by k8s services. + serviceSubnet is the subnet used by k8s services. Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12" if that's unset. + maxLength: 1024 + minLength: 1 type: string type: object scheduler: - description: Scheduler contains extra settings for the + description: scheduler contains extra settings for the scheduler control plane component properties: extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: extraArgs is an extra set of flags to + pass to the control plane component. type: object extraEnvs: description: |- - ExtraEnvs is an extra set of environment variables to pass to the control plane component. + extraEnvs is an extra set of environment variables to pass to the control plane component. Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. This option takes effect only on Kubernetes >=1.31.0. items: @@ -6617,9 +6900,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -6689,9 +6970,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -6705,9 +6984,10 @@ data: required: - name type: object + maxItems: 100 type: array extraVolumes: - description: ExtraVolumes is an extra set of host + description: extraVolumes is an extra set of host volumes, mounted to the control plane component. items: description: |- @@ -6716,22 +6996,28 @@ data: properties: hostPath: description: |- - HostPath is the path in the host that will be mounted inside + hostPath is the path in the host that will be mounted inside the pod. + maxLength: 512 + minLength: 1 type: string mountPath: - description: MountPath is the path inside the + description: mountPath is the path inside the pod where hostPath will be mounted. + maxLength: 512 + minLength: 1 type: string name: - description: Name of the volume inside the pod + description: name of the volume inside the pod template. + maxLength: 512 + minLength: 1 type: string pathType: - description: PathType is the type of the HostPath. + description: pathType is the type of the HostPath. type: string readOnly: - description: ReadOnly controls write access + description: readOnly controls write access to the volume type: boolean required: @@ -6739,121 +7025,147 @@ data: - mountPath - name type: object + maxItems: 100 type: array type: object type: object diskSetup: - description: DiskSetup specifies options for the creation + description: diskSetup specifies options for the creation of partition tables and file systems on devices. properties: filesystems: - description: Filesystems specifies the list of file systems + description: filesystems specifies the list of file systems to setup. items: description: Filesystem defines the file systems to be created. properties: device: - description: Device specifies the device name + description: device specifies the device name + maxLength: 256 + minLength: 1 type: string extraOpts: - description: ExtraOpts defined extra options to + description: extraOpts defined extra options to add to the command for creating the file system. items: + maxLength: 256 + minLength: 1 type: string + maxItems: 100 type: array filesystem: - description: Filesystem specifies the file system + description: filesystem specifies the file system type. + maxLength: 128 + minLength: 1 type: string label: - description: Label specifies the file system label + description: label specifies the file system label to be used. If set to None, no label is used. + maxLength: 512 + minLength: 1 type: string overwrite: description: |- - Overwrite defines whether or not to overwrite any existing filesystem. + overwrite defines whether or not to overwrite any existing filesystem. If true, any pre-existing file system will be destroyed. Use with Caution. type: boolean partition: - description: 'Partition specifies the partition + description: 'partition specifies the partition to use. The valid options are: "auto|any", "auto", "any", "none", and , where NUM is the actual partition number.' + maxLength: 128 + minLength: 1 type: string replaceFS: description: |- - ReplaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . + replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . NOTE: unless you define a label, this requires the use of the 'any' partition directive. + maxLength: 128 + minLength: 1 type: string required: - device - filesystem - - label type: object + maxItems: 100 type: array partitions: - description: Partitions specifies the list of the partitions + description: partitions specifies the list of the partitions to setup. items: description: Partition defines how to create and layout a partition. properties: device: - description: Device is the name of the device. + description: device is the name of the device. + maxLength: 256 + minLength: 1 type: string layout: description: |- - Layout specifies the device layout. + layout specifies the device layout. If it is true, a single partition will be created for the entire device. When layout is false, it means don't partition or ignore existing partitioning. type: boolean overwrite: description: |- - Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. + overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. Use with caution. Default is 'false'. type: boolean tableType: description: |- - TableType specifies the tupe of partition table. The following are supported: + tableType specifies the tupe of partition table. The following are supported: 'mbr': default and setups a MS-DOS partition table 'gpt': setups a GPT partition table + enum: + - mbr + - gpt type: string required: - device - layout type: object + maxItems: 100 type: array type: object files: - description: Files specifies extra files to be passed to user_data + description: files specifies extra files to be passed to user_data upon creation. items: description: File defines the input for generating write_files in cloud-init. properties: append: - description: Append specifies whether to append Content + description: append specifies whether to append Content to existing file if Path exists. type: boolean content: - description: Content is the actual content of the file. + description: content is the actual content of the file. + maxLength: 10240 + minLength: 1 type: string contentFrom: - description: ContentFrom is a referenced source of content + description: contentFrom is a referenced source of content to populate the file. properties: secret: - description: Secret represents a secret that should + description: secret represents a secret that should populate this file. properties: key: - description: Key is the key in the secret's + description: key is the key in the secret's data map for this value. + maxLength: 256 + minLength: 1 type: string name: - description: Name of the secret in the KubeadmBootstrapConfig's + description: name of the secret in the KubeadmBootstrapConfig's namespace to use. + maxLength: 253 + minLength: 1 type: string required: - key @@ -6863,7 +7175,7 @@ data: - secret type: object encoding: - description: Encoding specifies the encoding of the + description: encoding specifies the encoding of the file contents. enum: - base64 @@ -6871,52 +7183,60 @@ data: - gzip+base64 type: string owner: - description: Owner specifies the ownership of the file, + description: owner specifies the ownership of the file, e.g. "root:root". + maxLength: 256 + minLength: 1 type: string path: - description: Path specifies the full path on disk where + description: path specifies the full path on disk where to store the file. + maxLength: 512 + minLength: 1 type: string permissions: - description: Permissions specifies the permissions to + description: permissions specifies the permissions to assign to the file, e.g. "0640". + maxLength: 16 + minLength: 1 type: string required: - path type: object + maxItems: 200 type: array format: - description: Format specifies the output format of the bootstrap + description: format specifies the output format of the bootstrap data enum: - cloud-config - ignition type: string ignition: - description: Ignition contains Ignition specific configuration. + description: ignition contains Ignition specific configuration. properties: containerLinuxConfig: - description: ContainerLinuxConfig contains CLC specific + description: containerLinuxConfig contains CLC specific configuration. properties: additionalConfig: description: |- - AdditionalConfig contains additional configuration to be merged with the Ignition + additionalConfig contains additional configuration to be merged with the Ignition configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging - The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + maxLength: 32768 + minLength: 1 type: string strict: - description: Strict controls if AdditionalConfig should + description: strict controls if AdditionalConfig should be strictly parsed. If so, warnings are treated as errors. type: boolean type: object type: object initConfiguration: - description: InitConfiguration along with ClusterConfiguration + description: initConfiguration along with ClusterConfiguration are the configurations necessary for the init command properties: apiVersion: @@ -6928,7 +7248,7 @@ data: type: string bootstrapTokens: description: |- - BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. + bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature items: description: BootstrapToken describes one bootstrap @@ -6936,42 +7256,51 @@ data: properties: description: description: |- - Description sets a human-friendly message why this token exists and what it's used + description sets a human-friendly message why this token exists and what it's used for, so other administrators can know its purpose. + maxLength: 512 + minLength: 1 type: string expires: description: |- - Expires specifies the timestamp when this token expires. Defaults to being set + expires specifies the timestamp when this token expires. Defaults to being set dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. format: date-time type: string groups: description: |- - Groups specifies the extra groups that this token will authenticate as when/if + groups specifies the extra groups that this token will authenticate as when/if used for authentication items: + maxLength: 256 + minLength: 1 type: string + maxItems: 100 type: array token: description: |- - Token is used for establishing bidirectional trust between nodes and control-planes. + token is used for establishing bidirectional trust between nodes and control-planes. Used for joining nodes in the cluster. type: string ttl: description: |- - TTL defines the time to live for this token. Defaults to 24h. + ttl defines the time to live for this token. Defaults to 24h. Expires and TTL are mutually exclusive. type: string usages: description: |- - Usages describes the ways in which this token can be used. Can by default be used + usages describes the ways in which this token can be used. Can by default be used for establishing bidirectional trust, but that can be changed here. items: + maxLength: 256 + minLength: 1 type: string + maxItems: 100 type: array required: - token type: object + maxItems: 100 type: array kind: description: |- @@ -6983,7 +7312,7 @@ data: type: string localAPIEndpoint: description: |- - LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node + localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible @@ -6991,37 +7320,44 @@ data: fails you may set the desired value here. properties: advertiseAddress: - description: AdvertiseAddress sets the IP address + description: advertiseAddress sets the IP address for the API server to advertise. + maxLength: 39 + minLength: 1 type: string bindPort: description: |- - BindPort sets the secure port for the API Server to bind to. + bindPort sets the secure port for the API Server to bind to. Defaults to 6443. format: int32 type: integer type: object nodeRegistration: description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. When used in the context of control plane nodes, NodeRegistration should remain consistent across both InitConfiguration and JoinConfiguration properties: criSocket: - description: CRISocket is used to retrieve container + description: criSocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use + maxLength: 512 + minLength: 1 type: string ignorePreflightErrors: - description: IgnorePreflightErrors provides a slice + description: ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered. items: + maxLength: 512 + minLength: 1 type: string + maxItems: 50 type: array imagePullPolicy: description: |- - ImagePullPolicy specifies the policy for image pulling + imagePullPolicy specifies the policy for image pulling during kubeadm "init" and "join" operations. The value of this field must be one of "Always", "IfNotPresent" or "Never". Defaults to "IfNotPresent". This can be used only @@ -7033,7 +7369,7 @@ data: type: string imagePullSerial: description: |- - ImagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. + imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. This option takes effect only on Kubernetes >=1.31.0. Default: true (defaulted in kubeadm) type: boolean @@ -7041,19 +7377,21 @@ data: additionalProperties: type: string description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file + kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. type: object name: description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. This field is also used in the CommonName field of the kubelet's client certificate to the API server. Defaults to the hostname of the node if not provided. + maxLength: 253 + minLength: 1 type: string taints: description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. items: @@ -7085,16 +7423,17 @@ data: - effect - key type: object + maxItems: 100 type: array type: object patches: description: |- - Patches contains options related to applying patches to components deployed by kubeadm during + patches contains options related to applying patches to components deployed by kubeadm during "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22 properties: directory: description: |- - Directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". + directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. @@ -7104,19 +7443,24 @@ data: These files can be written into the target directory via KubeadmConfig.Files which specifies additional files to be created on the machine, either with content inline or by referencing a secret. + maxLength: 512 + minLength: 1 type: string type: object skipPhases: description: |- - SkipPhases is a list of phases to skip during command execution. + skipPhases is a list of phases to skip during command execution. The list of phases can be obtained with the "kubeadm init --help" command. This option takes effect only on Kubernetes >=1.22.0. items: + maxLength: 256 + minLength: 1 type: string + maxItems: 50 type: array type: object joinConfiguration: - description: JoinConfiguration is the kubeadm configuration + description: joinConfiguration is the kubeadm configuration for the join command properties: apiVersion: @@ -7128,51 +7472,55 @@ data: type: string caCertPath: description: |- - CACertPath is the path to the SSL certificate authority used to + caCertPath is the path to the SSL certificate authority used to secure comunications between node and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". - TODO: revisit when there is defaulting from k/k + maxLength: 512 + minLength: 1 type: string controlPlane: description: |- - ControlPlane defines the additional control plane instance to be deployed on the joining node. + controlPlane defines the additional control plane instance to be deployed on the joining node. If nil, no additional control plane instance will be deployed. properties: localAPIEndpoint: - description: LocalAPIEndpoint represents the endpoint + description: localAPIEndpoint represents the endpoint of the API server instance to be deployed on this node. properties: advertiseAddress: - description: AdvertiseAddress sets the IP address + description: advertiseAddress sets the IP address for the API server to advertise. + maxLength: 39 + minLength: 1 type: string bindPort: description: |- - BindPort sets the secure port for the API Server to bind to. + bindPort sets the secure port for the API Server to bind to. Defaults to 6443. format: int32 type: integer type: object type: object discovery: - description: |- - Discovery specifies the options for the kubelet to use during the TLS Bootstrap process - TODO: revisit when there is defaulting from k/k + description: discovery specifies the options for the kubelet + to use during the TLS Bootstrap process properties: bootstrapToken: description: |- - BootstrapToken is used to set the options for bootstrap token based discovery + bootstrapToken is used to set the options for bootstrap token based discovery BootstrapToken and File are mutually exclusive properties: apiServerEndpoint: - description: APIServerEndpoint is an IP or domain + description: apiServerEndpoint is an IP or domain name to the API server from which info will be fetched. + maxLength: 512 + minLength: 1 type: string caCertHashes: description: |- - CACertHashes specifies a set of public key pins to verify + caCertHashes specifies a set of public key pins to verify when token-based discovery is used. The root CA found during discovery must match one of these values. Specifying an empty set disables root CA pinning, which can be unsafe. Each hash is specified as ":", @@ -7181,40 +7529,41 @@ data: ASN.1. These hashes can be calculated using, for example, OpenSSL: openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex items: + maxLength: 512 + minLength: 1 type: string + maxItems: 100 type: array token: description: |- - Token is a token used to validate cluster information + token is a token used to validate cluster information fetched from the control-plane. + maxLength: 512 + minLength: 1 type: string unsafeSkipCAVerification: description: |- - UnsafeSkipCAVerification allows token-based discovery + unsafeSkipCAVerification allows token-based discovery without CA verification via CACertHashes. This can weaken the security of kubeadm since other nodes can impersonate the control-plane. type: boolean - required: - - token type: object file: description: |- - File is used to specify a file or URL to a kubeconfig file from which to load cluster information + file is used to specify a file or URL to a kubeconfig file from which to load cluster information BootstrapToken and File are mutually exclusive properties: kubeConfig: description: |- - KubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information. + kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information. The file is generated at the path specified in KubeConfigPath. - Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint. Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret. properties: cluster: description: |- - Cluster contains information about how to communicate with the kubernetes cluster. - + cluster contains information about how to communicate with the kubernetes cluster. By default the following fields are automatically populated: - Server with the Cluster's ControlPlaneEndpoint. @@ -7222,91 +7571,106 @@ data: properties: certificateAuthorityData: description: |- - CertificateAuthorityData contains PEM-encoded certificate authority certificates. - + certificateAuthorityData contains PEM-encoded certificate authority certificates. Defaults to the Cluster's CA certificate if empty. format: byte + maxLength: 51200 + minLength: 1 type: string insecureSkipTLSVerify: - description: InsecureSkipTLSVerify skips + description: insecureSkipTLSVerify skips the validity check for the server's certificate. This will make your HTTPS connections insecure. type: boolean proxyURL: description: |- - ProxyURL is the URL to the proxy to be used for all requests made by this + proxyURL is the URL to the proxy to be used for all requests made by this client. URLs with "http", "https", and "socks5" schemes are supported. If this configuration is not provided or the empty string, the client attempts to construct a proxy configuration from http_proxy and https_proxy environment variables. If these environment variables are not set, the client does not attempt to proxy requests. - socks5 proxying does not currently support spdy streaming endpoints (exec, attach, port forward). + maxLength: 512 + minLength: 1 type: string server: description: |- - Server is the address of the kubernetes cluster (https://hostname:port). - + server is the address of the kubernetes cluster (https://hostname:port). Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint. + maxLength: 512 + minLength: 1 type: string tlsServerName: - description: TLSServerName is used to + description: tlsServerName is used to check server certificate. If TLSServerName is empty, the hostname used to contact the server is used. + maxLength: 512 + minLength: 1 type: string type: object user: description: |- - User contains information that describes identity information. + user contains information that describes identity information. This is used to tell the kubernetes cluster who you are. properties: authProvider: - description: AuthProvider specifies a + description: authProvider specifies a custom authentication plugin for the kubernetes cluster. properties: config: additionalProperties: type: string - description: Config holds the parameters + description: config holds the parameters for the authentication plugin. type: object name: - description: Name is the name of the + description: name is the name of the authentication plugin. + maxLength: 256 + minLength: 1 type: string required: - name type: object exec: - description: Exec specifies a custom exec-based + description: exec specifies a custom exec-based authentication plugin for the kubernetes cluster. properties: apiVersion: description: |- - Preferred input version of the ExecInfo. The returned ExecCredentials MUST use + apiVersion is preferred input version of the ExecInfo. The returned ExecCredentials MUST use the same encoding version as the input. Defaults to client.authentication.k8s.io/v1 if not set. + maxLength: 512 + minLength: 1 type: string args: - description: Arguments to pass to - the command when executing it. + description: args is the arguments + to pass to the command when executing + it. items: + maxLength: 512 + minLength: 1 type: string + maxItems: 100 type: array command: - description: Command to execute. + description: command to execute. + maxLength: 1024 + minLength: 1 type: string env: description: |- - Env defines additional environment variables to expose to the process. These + env defines additional environment variables to expose to the process. These are unioned with the host's environment, as well as variables client-go uses to pass argument to the plugin. items: @@ -7315,17 +7679,26 @@ data: credential plugin. properties: name: + description: name of the environment + variable + maxLength: 512 + minLength: 1 type: string value: + description: value of the environment + variable + maxLength: 512 + minLength: 1 type: string required: - name - value type: object + maxItems: 100 type: array provideClusterInfo: description: |- - ProvideClusterInfo determines whether or not to provide cluster information, + provideClusterInfo determines whether or not to provide cluster information, which could potentially contain very large CA data, to this exec plugin as a part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for @@ -7339,21 +7712,25 @@ data: - user type: object kubeConfigPath: - description: KubeConfigPath is used to specify + description: kubeConfigPath is used to specify the actual file path or URL to the kubeconfig file from which to load cluster information + maxLength: 512 + minLength: 1 type: string required: - kubeConfigPath type: object timeout: - description: Timeout modifies the discovery timeout + description: timeout modifies the discovery timeout type: string tlsBootstrapToken: description: |- - TLSBootstrapToken is a token used for TLS bootstrapping. + tlsBootstrapToken is a token used for TLS bootstrapping. If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information + maxLength: 512 + minLength: 1 type: string type: object kind: @@ -7366,25 +7743,30 @@ data: type: string nodeRegistration: description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. When used in the context of control plane nodes, NodeRegistration should remain consistent across both InitConfiguration and JoinConfiguration properties: criSocket: - description: CRISocket is used to retrieve container + description: criSocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use + maxLength: 512 + minLength: 1 type: string ignorePreflightErrors: - description: IgnorePreflightErrors provides a slice + description: ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered. items: + maxLength: 512 + minLength: 1 type: string + maxItems: 50 type: array imagePullPolicy: description: |- - ImagePullPolicy specifies the policy for image pulling + imagePullPolicy specifies the policy for image pulling during kubeadm "init" and "join" operations. The value of this field must be one of "Always", "IfNotPresent" or "Never". Defaults to "IfNotPresent". This can be used only @@ -7396,7 +7778,7 @@ data: type: string imagePullSerial: description: |- - ImagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. + imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. This option takes effect only on Kubernetes >=1.31.0. Default: true (defaulted in kubeadm) type: boolean @@ -7404,19 +7786,21 @@ data: additionalProperties: type: string description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file + kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. type: object name: description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. This field is also used in the CommonName field of the kubelet's client certificate to the API server. Defaults to the hostname of the node if not provided. + maxLength: 253 + minLength: 1 type: string taints: description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. items: @@ -7448,16 +7832,17 @@ data: - effect - key type: object + maxItems: 100 type: array type: object patches: description: |- - Patches contains options related to applying patches to components deployed by kubeadm during + patches contains options related to applying patches to components deployed by kubeadm during "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22 properties: directory: description: |- - Directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". + directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. @@ -7467,119 +7852,150 @@ data: These files can be written into the target directory via KubeadmConfig.Files which specifies additional files to be created on the machine, either with content inline or by referencing a secret. + maxLength: 512 + minLength: 1 type: string type: object skipPhases: description: |- - SkipPhases is a list of phases to skip during command execution. + skipPhases is a list of phases to skip during command execution. The list of phases can be obtained with the "kubeadm init --help" command. This option takes effect only on Kubernetes >=1.22.0. items: + maxLength: 256 + minLength: 1 type: string + maxItems: 50 type: array type: object mounts: - description: Mounts specifies a list of mount points to be + description: mounts specifies a list of mount points to be setup. items: description: MountPoints defines input for generated mounts in cloud-init. items: + maxLength: 512 + minLength: 1 type: string type: array + maxItems: 100 type: array ntp: - description: NTP specifies NTP configuration + description: ntp specifies NTP configuration properties: enabled: - description: Enabled specifies whether NTP should be enabled + description: enabled specifies whether NTP should be enabled type: boolean servers: - description: Servers specifies which NTP servers to use + description: servers specifies which NTP servers to use items: + maxLength: 512 + minLength: 1 type: string + maxItems: 100 type: array type: object postKubeadmCommands: - description: PostKubeadmCommands specifies extra commands - to run after kubeadm runs + description: |- + postKubeadmCommands specifies extra commands to run after kubeadm runs. + With cloud-init, this is appended to the runcmd module configuration, and is typically executed in + the cloud-final.service systemd unit. In Ignition, this is appended to /etc/kubeadm.sh. items: + maxLength: 10240 + minLength: 1 type: string + maxItems: 1000 type: array preKubeadmCommands: - description: PreKubeadmCommands specifies extra commands to - run before kubeadm runs + description: |- + preKubeadmCommands specifies extra commands to run before kubeadm runs. + With cloud-init, this is prepended to the runcmd module configuration, and is typically executed in + the cloud-final.service systemd unit. In Ignition, this is prepended to /etc/kubeadm.sh. items: + maxLength: 10240 + minLength: 1 type: string + maxItems: 1000 type: array useExperimentalRetryJoin: description: |- - UseExperimentalRetryJoin replaces a basic kubeadm command with a shell + useExperimentalRetryJoin replaces a basic kubeadm command with a shell script with retries for joins. - This is meant to be an experimental temporary workaround on some environments where joins fail due to timing (and other issues). The long term goal is to add retries to kubeadm proper and use that functionality. - This will add about 40KB to userdata - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. - Deprecated: This experimental fix is no longer needed and this field will be removed in a future release. When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml type: boolean users: - description: Users specifies extra users to add + description: users specifies extra users to add items: description: User defines the input for a generated user in cloud-init. properties: gecos: - description: Gecos specifies the gecos to use for the + description: gecos specifies the gecos to use for the user + maxLength: 256 + minLength: 1 type: string groups: - description: Groups specifies the additional groups + description: groups specifies the additional groups for the user + maxLength: 256 + minLength: 1 type: string homeDir: - description: HomeDir specifies the home directory to + description: homeDir specifies the home directory to use for the user + maxLength: 256 + minLength: 1 type: string inactive: - description: Inactive specifies whether to mark the + description: inactive specifies whether to mark the user as inactive type: boolean lockPassword: - description: LockPassword specifies if password login + description: lockPassword specifies if password login should be disabled type: boolean name: - description: Name specifies the user name + description: name specifies the user name + maxLength: 256 + minLength: 1 type: string passwd: - description: Passwd specifies a hashed password for + description: passwd specifies a hashed password for the user + maxLength: 256 + minLength: 1 type: string passwdFrom: - description: PasswdFrom is a referenced source of passwd + description: passwdFrom is a referenced source of passwd to populate the passwd. properties: secret: - description: Secret represents a secret that should + description: secret represents a secret that should populate this password. properties: key: - description: Key is the key in the secret's + description: key is the key in the secret's data map for this value. + maxLength: 256 + minLength: 1 type: string name: - description: Name of the secret in the KubeadmBootstrapConfig's + description: name of the secret in the KubeadmBootstrapConfig's namespace to use. + maxLength: 253 + minLength: 1 type: string required: - key @@ -7589,28 +8005,38 @@ data: - secret type: object primaryGroup: - description: PrimaryGroup specifies the primary group + description: primaryGroup specifies the primary group for the user + maxLength: 256 + minLength: 1 type: string shell: - description: Shell specifies the user's shell + description: shell specifies the user's shell + maxLength: 256 + minLength: 1 type: string sshAuthorizedKeys: - description: SSHAuthorizedKeys specifies a list of ssh + description: sshAuthorizedKeys specifies a list of ssh authorized keys for the user items: + maxLength: 2048 + minLength: 1 type: string + maxItems: 100 type: array sudo: - description: Sudo specifies a sudo role for the user + description: sudo specifies a sudo role for the user + maxLength: 256 + minLength: 1 type: string required: - name type: object + maxItems: 100 type: array verbosity: description: |- - Verbosity is the number for the kubeadm log level verbosity. + verbosity is the number for the kubeadm log level verbosity. It overrides the `--v` flag in kubeadm commands. format: int32 type: integer @@ -7679,6 +8105,32 @@ data: - patch - update - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resourceNames: + - kubeadmconfigs.bootstrap.cluster.x-k8s.io + - kubeadmconfigtemplates.bootstrap.cluster.x-k8s.io + resources: + - customresourcedefinitions + - customresourcedefinitions/status + verbs: + - patch + - update - apiGroups: - authentication.k8s.io resources: @@ -7695,6 +8147,7 @@ data: - bootstrap.cluster.x-k8s.io resources: - kubeadmconfigs + - kubeadmconfigs/finalizers - kubeadmconfigs/status verbs: - create @@ -7704,6 +8157,16 @@ data: - patch - update - watch + - apiGroups: + - bootstrap.cluster.x-k8s.io + resources: + - kubeadmconfigtemplates + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - cluster.x-k8s.io resources: @@ -7718,13 +8181,6 @@ data: - get - list - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -7796,7 +8252,7 @@ data: - --leader-elect - --diagnostics-address=${CAPI_DIAGNOSTICS_ADDRESS:=:8443} - --insecure-diagnostics=${CAPI_INSECURE_DIAGNOSTICS:=false} - - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=true},KubeadmBootstrapFormatIgnition=${EXP_KUBEADM_BOOTSTRAP_FORMAT_IGNITION:=false} + - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=true},KubeadmBootstrapFormatIgnition=${EXP_KUBEADM_BOOTSTRAP_FORMAT_IGNITION:=false},PriorityQueue=${EXP_PRIORITY_QUEUE:=false} - --bootstrap-token-ttl=${KUBEADM_BOOTSTRAP_TOKEN_TTL:=15m} command: - /manager @@ -7813,7 +8269,7 @@ data: valueFrom: fieldRef: fieldPath: metadata.uid - image: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.8.0 + image: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.10.4 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -8006,6 +8462,12 @@ data: apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 kind: Metadata releaseSeries: + - major: 1 + minor: 10 + contract: v1beta1 + - major: 1 + minor: 9 + contract: v1beta1 - major: 1 minor: 8 contract: v1beta1 @@ -8038,6 +8500,6 @@ metadata: labels: provider.cluster.x-k8s.io/name: kubeadm provider.cluster.x-k8s.io/type: bootstrap - provider.cluster.x-k8s.io/version: v1.8.0 - name: bootstrap-kubeadm-v1.8.0 + provider.cluster.x-k8s.io/version: v1.10.4 + name: bootstrap-kubeadm-v1.10.4 namespace: capi-kubeadm-bootstrap-system diff --git a/test/e2e/resources/bootstrap-kubeadm-v1.11.0.yaml b/test/e2e/resources/bootstrap-kubeadm-v1.11.0.yaml new file mode 100644 index 000000000..dc1b7403c --- /dev/null +++ b/test/e2e/resources/bootstrap-kubeadm-v1.11.0.yaml @@ -0,0 +1,9240 @@ +apiVersion: v1 +data: + components: | + apiVersion: v1 + kind: Namespace + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + control-plane: controller-manager + name: capi-kubeadm-bootstrap-system + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert + controller-gen.kubebuilder.io/version: v0.18.0 + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + cluster.x-k8s.io/v1beta1: v1beta1 + cluster.x-k8s.io/v1beta2: v1beta2 + name: kubeadmconfigs.bootstrap.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: bootstrap.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: KubeadmConfig + listKind: KubeadmConfigList + plural: kubeadmconfigs + singular: kubeadmconfig + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster + jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name'] + name: Cluster + type: string + - description: Time duration since creation of KubeadmConfig + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1beta1 + schema: + openAPIV3Schema: + description: KubeadmConfig is the Schema for the kubeadmconfigs API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the desired state of KubeadmConfig. + properties: + bootCommands: + description: |- + bootCommands specifies extra commands to run very early in the boot process via the cloud-init bootcmd + module. bootcmd will run on every boot, 'cloud-init-per' command can be used to make bootcmd run exactly + once. This is typically run in the cloud-init.service systemd unit. This has no effect in Ignition. + items: + maxLength: 10240 + minLength: 1 + type: string + maxItems: 1000 + type: array + clusterConfiguration: + description: clusterConfiguration along with InitConfiguration are + the configurations necessary for the init command + properties: + apiServer: + description: apiServer contains extra settings for the API server + control plane component + properties: + certSANs: + description: certSANs sets extra Subject Alternative Names + for the API Server signing cert. + items: + maxLength: 253 + minLength: 1 + type: string + maxItems: 100 + type: array + extraArgs: + additionalProperties: + type: string + description: extraArgs is an extra set of flags to pass to + the control plane component. + type: object + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to the control plane component. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + type: array + extraVolumes: + description: extraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: |- + HostPathMount contains elements describing volumes that are mounted from the + host. + properties: + hostPath: + description: |- + hostPath is the path in the host that will be mounted inside + the pod. + maxLength: 512 + minLength: 1 + type: string + mountPath: + description: mountPath is the path inside the pod where + hostPath will be mounted. + maxLength: 512 + minLength: 1 + type: string + name: + description: name of the volume inside the pod template. + maxLength: 512 + minLength: 1 + type: string + pathType: + description: pathType is the type of the HostPath. + type: string + readOnly: + description: readOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + maxItems: 100 + type: array + timeoutForControlPlane: + description: timeoutForControlPlane controls the timeout that + we use for API server to appear + type: string + type: object + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + certificatesDir: + description: |- + certificatesDir specifies where to store or look for all required certificates. + NB: if not provided, this will default to `/etc/kubernetes/pki` + maxLength: 512 + minLength: 1 + type: string + clusterName: + description: clusterName is the cluster name + maxLength: 63 + minLength: 1 + type: string + controlPlaneEndpoint: + description: |- + controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it + can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. + In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort + are used; in case the ControlPlaneEndpoint is specified but without a TCP port, + the BindPort is used. + Possible usages are: + e.g. In a cluster with more than one control plane instances, this field should be + assigned the address of the external load balancer in front of the + control plane instances. + e.g. in environments with enforced node recycling, the ControlPlaneEndpoint + could be used for assigning a stable DNS to the control plane. + NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. + maxLength: 512 + minLength: 1 + type: string + controllerManager: + description: controllerManager contains extra settings for the + controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: extraArgs is an extra set of flags to pass to + the control plane component. + type: object + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to the control plane component. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + type: array + extraVolumes: + description: extraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: |- + HostPathMount contains elements describing volumes that are mounted from the + host. + properties: + hostPath: + description: |- + hostPath is the path in the host that will be mounted inside + the pod. + maxLength: 512 + minLength: 1 + type: string + mountPath: + description: mountPath is the path inside the pod where + hostPath will be mounted. + maxLength: 512 + minLength: 1 + type: string + name: + description: name of the volume inside the pod template. + maxLength: 512 + minLength: 1 + type: string + pathType: + description: pathType is the type of the HostPath. + type: string + readOnly: + description: readOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + maxItems: 100 + type: array + type: object + dns: + description: dns defines the options for the DNS add-on installed + in the cluster. + properties: + imageRepository: + description: |- + imageRepository sets the container registry to pull images from. + if not set, the ImageRepository defined in ClusterConfiguration will be used instead. + maxLength: 512 + minLength: 1 + type: string + imageTag: + description: |- + imageTag allows to specify a tag for the image. + In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. + maxLength: 256 + minLength: 1 + type: string + type: object + etcd: + description: |- + etcd holds configuration for etcd. + NB: This value defaults to a Local (stacked) etcd + properties: + external: + description: |- + external describes how to connect to an external etcd cluster + Local and External are mutually exclusive + properties: + caFile: + description: |- + caFile is an SSL Certificate Authority file used to secure etcd communication. + Required if using a TLS connection. + maxLength: 512 + minLength: 1 + type: string + certFile: + description: |- + certFile is an SSL certification file used to secure etcd communication. + Required if using a TLS connection. + maxLength: 512 + minLength: 1 + type: string + endpoints: + description: endpoints of etcd members. Required for ExternalEtcd. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 50 + type: array + keyFile: + description: |- + keyFile is an SSL key file used to secure etcd communication. + Required if using a TLS connection. + maxLength: 512 + minLength: 1 + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: |- + local provides configuration knobs for configuring the local etcd instance + Local and External are mutually exclusive + properties: + dataDir: + description: |- + dataDir is the directory etcd will place its data. + Defaults to "/var/lib/etcd". + maxLength: 512 + minLength: 1 + type: string + extraArgs: + additionalProperties: + type: string + description: |- + extraArgs are extra arguments provided to the etcd binary + when run inside a static pod. + type: object + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to the control plane component. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + type: array + imageRepository: + description: |- + imageRepository sets the container registry to pull images from. + if not set, the ImageRepository defined in ClusterConfiguration will be used instead. + maxLength: 512 + minLength: 1 + type: string + imageTag: + description: |- + imageTag allows to specify a tag for the image. + In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. + maxLength: 256 + minLength: 1 + type: string + peerCertSANs: + description: peerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + maxLength: 253 + minLength: 1 + type: string + maxItems: 100 + type: array + serverCertSANs: + description: serverCertSANs sets extra Subject Alternative + Names for the etcd server signing cert. + items: + maxLength: 253 + minLength: 1 + type: string + maxItems: 100 + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: featureGates enabled by the user. + type: object + imageRepository: + description: |- + imageRepository sets the container registry to pull images from. + * If not set, the default registry of kubeadm will be used, i.e. + * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 + * k8s.gcr.io (old registry): all older versions + Please note that when imageRepository is not set we don't allow upgrades to + versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use + a newer patch version with the new registry instead (i.e. >= v1.22.17, + >= v1.23.15, >= v1.24.9, >= v1.25.0). + * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) + `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components + and for kube-proxy, while `registry.k8s.io` will be used for all the other images. + maxLength: 512 + minLength: 1 + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + kubernetesVersion: + description: |- + kubernetesVersion is the target version of the control plane. + NB: This value defaults to the Machine object spec.version + maxLength: 256 + minLength: 1 + type: string + networking: + description: |- + networking holds configuration for the networking topology of the cluster. + NB: This value defaults to the Cluster object spec.clusterNetwork. + properties: + dnsDomain: + description: dnsDomain is the dns domain used by k8s services. + Defaults to "cluster.local". + maxLength: 253 + minLength: 1 + type: string + podSubnet: + description: |- + podSubnet is the subnet used by pods. + If unset, the API server will not allocate CIDR ranges for every node. + Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set + maxLength: 1024 + minLength: 1 + type: string + serviceSubnet: + description: |- + serviceSubnet is the subnet used by k8s services. + Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or + to "10.96.0.0/12" if that's unset. + maxLength: 1024 + minLength: 1 + type: string + type: object + scheduler: + description: scheduler contains extra settings for the scheduler + control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: extraArgs is an extra set of flags to pass to + the control plane component. + type: object + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to the control plane component. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + type: array + extraVolumes: + description: extraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: |- + HostPathMount contains elements describing volumes that are mounted from the + host. + properties: + hostPath: + description: |- + hostPath is the path in the host that will be mounted inside + the pod. + maxLength: 512 + minLength: 1 + type: string + mountPath: + description: mountPath is the path inside the pod where + hostPath will be mounted. + maxLength: 512 + minLength: 1 + type: string + name: + description: name of the volume inside the pod template. + maxLength: 512 + minLength: 1 + type: string + pathType: + description: pathType is the type of the HostPath. + type: string + readOnly: + description: readOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + maxItems: 100 + type: array + type: object + type: object + diskSetup: + description: diskSetup specifies options for the creation of partition + tables and file systems on devices. + properties: + filesystems: + description: filesystems specifies the list of file systems to + setup. + items: + description: Filesystem defines the file systems to be created. + properties: + device: + description: device specifies the device name + maxLength: 256 + minLength: 1 + type: string + extraOpts: + description: extraOpts defined extra options to add to the + command for creating the file system. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + type: array + filesystem: + description: filesystem specifies the file system type. + maxLength: 128 + minLength: 1 + type: string + label: + description: label specifies the file system label to be + used. If set to None, no label is used. + maxLength: 512 + minLength: 1 + type: string + overwrite: + description: |- + overwrite defines whether or not to overwrite any existing filesystem. + If true, any pre-existing file system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'partition specifies the partition to use. + The valid options are: "auto|any", "auto", "any", "none", + and , where NUM is the actual partition number.' + maxLength: 128 + minLength: 1 + type: string + replaceFS: + description: |- + replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . + NOTE: unless you define a label, this requires the use of the 'any' partition directive. + maxLength: 128 + minLength: 1 + type: string + required: + - device + - filesystem + type: object + maxItems: 100 + type: array + partitions: + description: partitions specifies the list of the partitions to + setup. + items: + description: Partition defines how to create and layout a partition. + properties: + device: + description: device is the name of the device. + maxLength: 256 + minLength: 1 + type: string + layout: + description: |- + layout specifies the device layout. + If it is true, a single partition will be created for the entire device. + When layout is false, it means don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: |- + overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. + Use with caution. Default is 'false'. + type: boolean + tableType: + description: |- + tableType specifies the tupe of partition table. The following are supported: + 'mbr': default and setups a MS-DOS partition table + 'gpt': setups a GPT partition table + enum: + - mbr + - gpt + type: string + required: + - device + - layout + type: object + maxItems: 100 + type: array + type: object + files: + description: files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files in + cloud-init. + properties: + append: + description: append specifies whether to append Content to existing + file if Path exists. + type: boolean + content: + description: content is the actual content of the file. + maxLength: 10240 + minLength: 1 + type: string + contentFrom: + description: contentFrom is a referenced source of content to + populate the file. + properties: + secret: + description: secret represents a secret that should populate + this file. + properties: + key: + description: key is the key in the secret's data map + for this value. + maxLength: 256 + minLength: 1 + type: string + name: + description: name of the secret in the KubeadmBootstrapConfig's + namespace to use. + maxLength: 253 + minLength: 1 + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: encoding specifies the encoding of the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: owner specifies the ownership of the file, e.g. + "root:root". + maxLength: 256 + minLength: 1 + type: string + path: + description: path specifies the full path on disk where to store + the file. + maxLength: 512 + minLength: 1 + type: string + permissions: + description: permissions specifies the permissions to assign + to the file, e.g. "0640". + maxLength: 16 + minLength: 1 + type: string + required: + - path + type: object + maxItems: 200 + type: array + format: + description: format specifies the output format of the bootstrap data + enum: + - cloud-config + - ignition + type: string + ignition: + description: ignition contains Ignition specific configuration. + properties: + containerLinuxConfig: + description: containerLinuxConfig contains CLC specific configuration. + properties: + additionalConfig: + description: |- + additionalConfig contains additional configuration to be merged with the Ignition + configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging + + The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + maxLength: 32768 + minLength: 1 + type: string + strict: + description: strict controls if AdditionalConfig should be + strictly parsed. If so, warnings are treated as errors. + type: boolean + type: object + type: object + initConfiguration: + description: initConfiguration along with ClusterConfiguration are + the configurations necessary for the init command + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + bootstrapTokens: + description: |- + bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. + This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap token, stored + as a Secret in the cluster. + properties: + description: + description: |- + description sets a human-friendly message why this token exists and what it's used + for, so other administrators can know its purpose. + maxLength: 512 + minLength: 1 + type: string + expires: + description: |- + expires specifies the timestamp when this token expires. Defaults to being set + dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. + format: date-time + type: string + groups: + description: |- + groups specifies the extra groups that this token will authenticate as when/if + used for authentication + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + type: array + token: + description: |- + token is used for establishing bidirectional trust between nodes and control-planes. + Used for joining nodes in the cluster. + type: string + ttl: + description: |- + ttl defines the time to live for this token. Defaults to 24h. + Expires and TTL are mutually exclusive. + type: string + usages: + description: |- + usages describes the ways in which this token can be used. Can by default be used + for establishing bidirectional trust, but that can be changed here. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + type: array + required: + - token + type: object + maxItems: 100 + type: array + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + localAPIEndpoint: + description: |- + localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node + In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint + is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This + configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible + on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process + fails you may set the desired value here. + properties: + advertiseAddress: + description: advertiseAddress sets the IP address for the + API server to advertise. + maxLength: 39 + minLength: 1 + type: string + bindPort: + description: |- + bindPort sets the secure port for the API Server to bind to. + Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: |- + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: criSocket is used to retrieve container runtime + info. This information will be annotated to the Node API + object, for later re-use + maxLength: 512 + minLength: 1 + type: string + ignorePreflightErrors: + description: ignorePreflightErrors provides a slice of pre-flight + errors to be ignored when the current node is registered. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 50 + type: array + imagePullPolicy: + description: |- + imagePullPolicy specifies the policy for image pulling + during kubeadm "init" and "join" operations. The value of + this field must be one of "Always", "IfNotPresent" or + "Never". Defaults to "IfNotPresent". This can be used only + with Kubernetes version equal to 1.22 and later. + enum: + - Always + - IfNotPresent + - Never + type: string + imagePullSerial: + description: |- + imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. + This option takes effect only on Kubernetes >=1.31.0. + Default: true (defaulted in kubeadm) + type: boolean + kubeletExtraArgs: + additionalProperties: + type: string + description: |- + kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file + kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. + type: object + name: + description: |- + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field of the kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + maxLength: 253 + minLength: 1 + type: string + taints: + description: |- + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an + empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. + items: + description: |- + The node this Taint is attached to has the "effect" on + any pod that does not tolerate the Taint. + properties: + effect: + description: |- + Required. The effect of the taint on pods + that do not tolerate the taint. + Valid effects are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: |- + TimeAdded represents the time at which the taint was added. + It is only written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint + key. + type: string + required: + - effect + - key + type: object + maxItems: 100 + type: array + type: object + patches: + description: |- + patches contains options related to applying patches to components deployed by kubeadm during + "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22 + properties: + directory: + description: |- + directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of + "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one + of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. + The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". + "suffix" is an optional string that can be used to determine which patches are applied + first alpha-numerically. + These files can be written into the target directory via KubeadmConfig.Files which + specifies additional files to be created on the machine, either with content inline or + by referencing a secret. + maxLength: 512 + minLength: 1 + type: string + type: object + skipPhases: + description: |- + skipPhases is a list of phases to skip during command execution. + The list of phases can be obtained with the "kubeadm init --help" command. + This option takes effect only on Kubernetes >=1.22.0. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 50 + type: array + type: object + joinConfiguration: + description: joinConfiguration is the kubeadm configuration for the + join command + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + caCertPath: + description: |- + caCertPath is the path to the SSL certificate authority used to + secure comunications between node and control-plane. + Defaults to "/etc/kubernetes/pki/ca.crt". + maxLength: 512 + minLength: 1 + type: string + controlPlane: + description: |- + controlPlane defines the additional control plane instance to be deployed on the joining node. + If nil, no additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: localAPIEndpoint represents the endpoint of the + API server instance to be deployed on this node. + properties: + advertiseAddress: + description: advertiseAddress sets the IP address for + the API server to advertise. + maxLength: 39 + minLength: 1 + type: string + bindPort: + description: |- + bindPort sets the secure port for the API Server to bind to. + Defaults to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: discovery specifies the options for the kubelet to + use during the TLS Bootstrap process + properties: + bootstrapToken: + description: |- + bootstrapToken is used to set the options for bootstrap token based discovery + BootstrapToken and File are mutually exclusive + properties: + apiServerEndpoint: + description: apiServerEndpoint is an IP or domain name + to the API server from which info will be fetched. + maxLength: 512 + minLength: 1 + type: string + caCertHashes: + description: |- + caCertHashes specifies a set of public key pins to verify + when token-based discovery is used. The root CA found during discovery + must match one of these values. Specifying an empty set disables root CA + pinning, which can be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". This is a hex-encoded + SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded + ASN.1. These hashes can be calculated using, for example, OpenSSL: + openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 100 + type: array + token: + description: |- + token is a token used to validate cluster information + fetched from the control-plane. + maxLength: 512 + minLength: 1 + type: string + unsafeSkipCAVerification: + description: |- + unsafeSkipCAVerification allows token-based discovery + without CA verification via CACertHashes. This can weaken + the security of kubeadm since other nodes can impersonate the control-plane. + type: boolean + type: object + file: + description: |- + file is used to specify a file or URL to a kubeconfig file from which to load cluster information + BootstrapToken and File are mutually exclusive + properties: + kubeConfig: + description: |- + kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information. + The file is generated at the path specified in KubeConfigPath. + + Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint. + Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret. + properties: + cluster: + description: |- + cluster contains information about how to communicate with the kubernetes cluster. + + By default the following fields are automatically populated: + - Server with the Cluster's ControlPlaneEndpoint. + - CertificateAuthorityData with the Cluster's CA certificate. + properties: + certificateAuthorityData: + description: |- + certificateAuthorityData contains PEM-encoded certificate authority certificates. + + Defaults to the Cluster's CA certificate if empty. + format: byte + maxLength: 51200 + minLength: 1 + type: string + insecureSkipTLSVerify: + description: insecureSkipTLSVerify skips the validity + check for the server's certificate. This will + make your HTTPS connections insecure. + type: boolean + proxyURL: + description: |- + proxyURL is the URL to the proxy to be used for all requests made by this + client. URLs with "http", "https", and "socks5" schemes are supported. If + this configuration is not provided or the empty string, the client + attempts to construct a proxy configuration from http_proxy and + https_proxy environment variables. If these environment variables are not + set, the client does not attempt to proxy requests. + + socks5 proxying does not currently support spdy streaming endpoints (exec, + attach, port forward). + maxLength: 512 + minLength: 1 + type: string + server: + description: |- + server is the address of the kubernetes cluster (https://hostname:port). + + Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint. + maxLength: 512 + minLength: 1 + type: string + tlsServerName: + description: tlsServerName is used to check server + certificate. If TLSServerName is empty, the + hostname used to contact the server is used. + maxLength: 512 + minLength: 1 + type: string + type: object + user: + description: |- + user contains information that describes identity information. + This is used to tell the kubernetes cluster who you are. + properties: + authProvider: + description: authProvider specifies a custom authentication + plugin for the kubernetes cluster. + properties: + config: + additionalProperties: + type: string + description: config holds the parameters for + the authentication plugin. + type: object + name: + description: name is the name of the authentication + plugin. + maxLength: 256 + minLength: 1 + type: string + required: + - name + type: object + exec: + description: exec specifies a custom exec-based + authentication plugin for the kubernetes cluster. + properties: + apiVersion: + description: |- + apiVersion is preferred input version of the ExecInfo. The returned ExecCredentials MUST use + the same encoding version as the input. + Defaults to client.authentication.k8s.io/v1 if not set. + maxLength: 512 + minLength: 1 + type: string + args: + description: args is the arguments to pass + to the command when executing it. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 100 + type: array + command: + description: command to execute. + maxLength: 1024 + minLength: 1 + type: string + env: + description: |- + env defines additional environment variables to expose to the process. These + are unioned with the host's environment, as well as variables client-go uses + to pass argument to the plugin. + items: + description: |- + KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based + credential plugin. + properties: + name: + description: name of the environment + variable + maxLength: 512 + minLength: 1 + type: string + value: + description: value of the environment + variable + maxLength: 512 + minLength: 1 + type: string + required: + - name + - value + type: object + maxItems: 100 + type: array + provideClusterInfo: + description: |- + provideClusterInfo determines whether or not to provide cluster information, + which could potentially contain very large CA data, to this exec plugin as a + part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set + to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for + reading this environment variable. + type: boolean + required: + - command + type: object + type: object + required: + - user + type: object + kubeConfigPath: + description: kubeConfigPath is used to specify the actual + file path or URL to the kubeconfig file from which to + load cluster information + maxLength: 512 + minLength: 1 + type: string + required: + - kubeConfigPath + type: object + timeout: + description: timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: |- + tlsBootstrapToken is a token used for TLS bootstrapping. + If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. + If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information + maxLength: 512 + minLength: 1 + type: string + type: object + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + nodeRegistration: + description: |- + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: criSocket is used to retrieve container runtime + info. This information will be annotated to the Node API + object, for later re-use + maxLength: 512 + minLength: 1 + type: string + ignorePreflightErrors: + description: ignorePreflightErrors provides a slice of pre-flight + errors to be ignored when the current node is registered. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 50 + type: array + imagePullPolicy: + description: |- + imagePullPolicy specifies the policy for image pulling + during kubeadm "init" and "join" operations. The value of + this field must be one of "Always", "IfNotPresent" or + "Never". Defaults to "IfNotPresent". This can be used only + with Kubernetes version equal to 1.22 and later. + enum: + - Always + - IfNotPresent + - Never + type: string + imagePullSerial: + description: |- + imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. + This option takes effect only on Kubernetes >=1.31.0. + Default: true (defaulted in kubeadm) + type: boolean + kubeletExtraArgs: + additionalProperties: + type: string + description: |- + kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file + kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. + type: object + name: + description: |- + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field of the kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + maxLength: 253 + minLength: 1 + type: string + taints: + description: |- + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an + empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. + items: + description: |- + The node this Taint is attached to has the "effect" on + any pod that does not tolerate the Taint. + properties: + effect: + description: |- + Required. The effect of the taint on pods + that do not tolerate the taint. + Valid effects are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: |- + TimeAdded represents the time at which the taint was added. + It is only written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint + key. + type: string + required: + - effect + - key + type: object + maxItems: 100 + type: array + type: object + patches: + description: |- + patches contains options related to applying patches to components deployed by kubeadm during + "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22 + properties: + directory: + description: |- + directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of + "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one + of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. + The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". + "suffix" is an optional string that can be used to determine which patches are applied + first alpha-numerically. + These files can be written into the target directory via KubeadmConfig.Files which + specifies additional files to be created on the machine, either with content inline or + by referencing a secret. + maxLength: 512 + minLength: 1 + type: string + type: object + skipPhases: + description: |- + skipPhases is a list of phases to skip during command execution. + The list of phases can be obtained with the "kubeadm init --help" command. + This option takes effect only on Kubernetes >=1.22.0. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 50 + type: array + type: object + mounts: + description: mounts specifies a list of mount points to be setup. + items: + description: MountPoints defines input for generated mounts in cloud-init. + items: + maxLength: 512 + minLength: 1 + type: string + type: array + maxItems: 100 + type: array + ntp: + description: ntp specifies NTP configuration + properties: + enabled: + description: enabled specifies whether NTP should be enabled + type: boolean + servers: + description: servers specifies which NTP servers to use + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 100 + type: array + type: object + postKubeadmCommands: + description: |- + postKubeadmCommands specifies extra commands to run after kubeadm runs. + With cloud-init, this is appended to the runcmd module configuration, and is typically executed in + the cloud-final.service systemd unit. In Ignition, this is appended to /etc/kubeadm.sh. + items: + maxLength: 10240 + minLength: 1 + type: string + maxItems: 1000 + type: array + preKubeadmCommands: + description: |- + preKubeadmCommands specifies extra commands to run before kubeadm runs. + With cloud-init, this is prepended to the runcmd module configuration, and is typically executed in + the cloud-final.service systemd unit. In Ignition, this is prepended to /etc/kubeadm.sh. + items: + maxLength: 10240 + minLength: 1 + type: string + maxItems: 1000 + type: array + useExperimentalRetryJoin: + description: |- + useExperimentalRetryJoin replaces a basic kubeadm command with a shell + script with retries for joins. + + This is meant to be an experimental temporary workaround on some environments + where joins fail due to timing (and other issues). The long term goal is to add retries to + kubeadm proper and use that functionality. + + This will add about 40KB to userdata + + For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. + + Deprecated: This experimental fix is no longer needed and this field will be removed in a future release. + When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml + type: boolean + users: + description: users specifies extra users to add + items: + description: User defines the input for a generated user in cloud-init. + properties: + gecos: + description: gecos specifies the gecos to use for the user + maxLength: 256 + minLength: 1 + type: string + groups: + description: groups specifies the additional groups for the + user + maxLength: 256 + minLength: 1 + type: string + homeDir: + description: homeDir specifies the home directory to use for + the user + maxLength: 256 + minLength: 1 + type: string + inactive: + description: inactive specifies whether to mark the user as + inactive + type: boolean + lockPassword: + description: lockPassword specifies if password login should + be disabled + type: boolean + name: + description: name specifies the user name + maxLength: 256 + minLength: 1 + type: string + passwd: + description: passwd specifies a hashed password for the user + maxLength: 256 + minLength: 1 + type: string + passwdFrom: + description: passwdFrom is a referenced source of passwd to + populate the passwd. + properties: + secret: + description: secret represents a secret that should populate + this password. + properties: + key: + description: key is the key in the secret's data map + for this value. + maxLength: 256 + minLength: 1 + type: string + name: + description: name of the secret in the KubeadmBootstrapConfig's + namespace to use. + maxLength: 253 + minLength: 1 + type: string + required: + - key + - name + type: object + required: + - secret + type: object + primaryGroup: + description: primaryGroup specifies the primary group for the + user + maxLength: 256 + minLength: 1 + type: string + shell: + description: shell specifies the user's shell + maxLength: 256 + minLength: 1 + type: string + sshAuthorizedKeys: + description: sshAuthorizedKeys specifies a list of ssh authorized + keys for the user + items: + maxLength: 2048 + minLength: 1 + type: string + maxItems: 100 + type: array + sudo: + description: sudo specifies a sudo role for the user + maxLength: 256 + minLength: 1 + type: string + required: + - name + type: object + maxItems: 100 + type: array + verbosity: + description: |- + verbosity is the number for the kubeadm log level verbosity. + It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + status: + description: status is the observed state of KubeadmConfig. + properties: + conditions: + description: conditions defines current service state of the KubeadmConfig. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + dataSecretName: + description: dataSecretName is the name of the secret that stores + the bootstrap data script. + maxLength: 253 + minLength: 1 + type: string + failureMessage: + description: |- + failureMessage will be set on non-retryable errors + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + maxLength: 10240 + minLength: 1 + type: string + failureReason: + description: |- + failureReason will be set on non-retryable errors + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + maxLength: 256 + minLength: 1 + type: string + observedGeneration: + description: observedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: ready indicates the BootstrapData field is ready to be + consumed + type: boolean + v1beta2: + description: v1beta2 groups all the fields that will be added or modified + in KubeadmConfig's status with the V1Beta2 version. + properties: + conditions: + description: |- + conditions represents the observations of a KubeadmConfig's current state. + Known condition types are Ready, DataSecretAvailable, CertificatesAvailable. + items: + description: Condition contains details for one aspect of the + current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name'] + name: Cluster + type: string + - description: Reconciliation paused + jsonPath: .status.conditions[?(@.type=="Paused")].status + name: Paused + priority: 10 + type: string + - description: Boostrap secret is created + jsonPath: .status.initialization.dataSecretCreated + name: Data secret created + type: string + - description: Time duration since creation of KubeadmConfig + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: KubeadmConfig is the Schema for the kubeadmconfigs API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the desired state of KubeadmConfig. + minProperties: 1 + properties: + bootCommands: + description: |- + bootCommands specifies extra commands to run very early in the boot process via the cloud-init bootcmd + module. bootcmd will run on every boot, 'cloud-init-per' command can be used to make bootcmd run exactly + once. This is typically run in the cloud-init.service systemd unit. This has no effect in Ignition. + items: + maxLength: 10240 + minLength: 1 + type: string + maxItems: 1000 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + clusterConfiguration: + description: clusterConfiguration along with InitConfiguration are + the configurations necessary for the init command + minProperties: 1 + properties: + apiServer: + description: apiServer contains extra settings for the API server + control plane component + minProperties: 1 + properties: + certSANs: + description: certSANs sets extra Subject Alternative Names + for the API Server signing cert. + items: + maxLength: 253 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + extraArgs: + description: |- + extraArgs is a list of args to pass to the control plane component. + The arg name must match the command line flag name except without leading dash(es). + Extra arguments will override existing default arguments set by kubeadm. + items: + description: Arg represents an argument with a name and + a value. + properties: + name: + description: name is the Name of the extraArg. + maxLength: 256 + minLength: 1 + type: string + value: + description: value is the Value of the extraArg. + maxLength: 1024 + minLength: 0 + type: string + required: + - name + - value + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + - value + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: extraArgs name must be unique + rule: self.all(x, self.exists_one(y, x.name == y.name)) + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to the control plane component. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + extraVolumes: + description: extraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: |- + HostPathMount contains elements describing volumes that are mounted from the + host. + properties: + hostPath: + description: |- + hostPath is the path in the host that will be mounted inside + the pod. + maxLength: 512 + minLength: 1 + type: string + mountPath: + description: mountPath is the path inside the pod where + hostPath will be mounted. + maxLength: 512 + minLength: 1 + type: string + name: + description: name of the volume inside the pod template. + maxLength: 512 + minLength: 1 + type: string + pathType: + description: pathType is the type of the HostPath. + type: string + readOnly: + description: readOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + caCertificateValidityPeriodDays: + description: |- + caCertificateValidityPeriodDays specifies the validity period for CA certificates generated by Cluster API. + If not specified, Cluster API will use a default of 3650 days (10 years). + This field cannot be modified. + format: int32 + maximum: 36500 + minimum: 1 + type: integer + certificateValidityPeriodDays: + description: |- + certificateValidityPeriodDays specifies the validity period for non-CA certificates generated by kubeadm. + If not specified, kubeadm will use a default of 365 days (1 year). + This field is only supported with Kubernetes v1.31 or above. + format: int32 + maximum: 1095 + minimum: 1 + type: integer + certificatesDir: + description: |- + certificatesDir specifies where to store or look for all required certificates. + NB: if not provided, this will default to `/etc/kubernetes/pki` + maxLength: 512 + minLength: 1 + type: string + controlPlaneEndpoint: + description: |- + controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it + can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. + In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort + are used; in case the ControlPlaneEndpoint is specified but without a TCP port, + the BindPort is used. + Possible usages are: + e.g. In a cluster with more than one control plane instances, this field should be + assigned the address of the external load balancer in front of the + control plane instances. + e.g. in environments with enforced node recycling, the ControlPlaneEndpoint + could be used for assigning a stable DNS to the control plane. + NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. + maxLength: 512 + minLength: 1 + type: string + controllerManager: + description: controllerManager contains extra settings for the + controller manager control plane component + minProperties: 1 + properties: + extraArgs: + description: |- + extraArgs is a list of args to pass to the control plane component. + The arg name must match the command line flag name except without leading dash(es). + Extra arguments will override existing default arguments set by kubeadm. + items: + description: Arg represents an argument with a name and + a value. + properties: + name: + description: name is the Name of the extraArg. + maxLength: 256 + minLength: 1 + type: string + value: + description: value is the Value of the extraArg. + maxLength: 1024 + minLength: 0 + type: string + required: + - name + - value + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + - value + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: extraArgs name must be unique + rule: self.all(x, self.exists_one(y, x.name == y.name)) + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to the control plane component. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + extraVolumes: + description: extraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: |- + HostPathMount contains elements describing volumes that are mounted from the + host. + properties: + hostPath: + description: |- + hostPath is the path in the host that will be mounted inside + the pod. + maxLength: 512 + minLength: 1 + type: string + mountPath: + description: mountPath is the path inside the pod where + hostPath will be mounted. + maxLength: 512 + minLength: 1 + type: string + name: + description: name of the volume inside the pod template. + maxLength: 512 + minLength: 1 + type: string + pathType: + description: pathType is the type of the HostPath. + type: string + readOnly: + description: readOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + dns: + description: dns defines the options for the DNS add-on installed + in the cluster. + minProperties: 1 + properties: + imageRepository: + description: |- + imageRepository sets the container registry to pull images from. + if not set, the ImageRepository defined in ClusterConfiguration will be used instead. + maxLength: 512 + minLength: 1 + type: string + imageTag: + description: |- + imageTag allows to specify a tag for the image. + In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. + maxLength: 256 + minLength: 1 + type: string + type: object + etcd: + description: |- + etcd holds configuration for etcd. + NB: This value defaults to a Local (stacked) etcd + minProperties: 1 + properties: + external: + description: |- + external describes how to connect to an external etcd cluster + Local and External are mutually exclusive + properties: + caFile: + description: |- + caFile is an SSL Certificate Authority file used to secure etcd communication. + Required if using a TLS connection. + maxLength: 512 + minLength: 1 + type: string + certFile: + description: |- + certFile is an SSL certification file used to secure etcd communication. + Required if using a TLS connection. + maxLength: 512 + minLength: 1 + type: string + endpoints: + description: endpoints of etcd members. Required for ExternalEtcd. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + keyFile: + description: |- + keyFile is an SSL key file used to secure etcd communication. + Required if using a TLS connection. + maxLength: 512 + minLength: 1 + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: |- + local provides configuration knobs for configuring the local etcd instance + Local and External are mutually exclusive + minProperties: 1 + properties: + dataDir: + description: |- + dataDir is the directory etcd will place its data. + Defaults to "/var/lib/etcd". + maxLength: 512 + minLength: 1 + type: string + extraArgs: + description: |- + extraArgs is a list of args to pass to etcd. + The arg name must match the command line flag name except without leading dash(es). + Extra arguments will override existing default arguments set by kubeadm. + items: + description: Arg represents an argument with a name + and a value. + properties: + name: + description: name is the Name of the extraArg. + maxLength: 256 + minLength: 1 + type: string + value: + description: value is the Value of the extraArg. + maxLength: 1024 + minLength: 0 + type: string + required: + - name + - value + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + - value + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: extraArgs name must be unique + rule: self.all(x, self.exists_one(y, x.name == y.name)) + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to etcd. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + imageRepository: + description: |- + imageRepository sets the container registry to pull images from. + if not set, the ImageRepository defined in ClusterConfiguration will be used instead. + maxLength: 512 + minLength: 1 + type: string + imageTag: + description: |- + imageTag allows to specify a tag for the image. + In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. + maxLength: 256 + minLength: 1 + type: string + peerCertSANs: + description: peerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + maxLength: 253 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + serverCertSANs: + description: serverCertSANs sets extra Subject Alternative + Names for the etcd server signing cert. + items: + maxLength: 253 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: featureGates enabled by the user. + type: object + imageRepository: + description: |- + imageRepository sets the container registry to pull images from. + * If not set, the default registry of kubeadm will be used, i.e. + * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 + * k8s.gcr.io (old registry): all older versions + Please note that when imageRepository is not set we don't allow upgrades to + versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use + a newer patch version with the new registry instead (i.e. >= v1.22.17, + >= v1.23.15, >= v1.24.9, >= v1.25.0). + * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) + `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components + and for kube-proxy, while `registry.k8s.io` will be used for all the other images. + maxLength: 512 + minLength: 1 + type: string + scheduler: + description: scheduler contains extra settings for the scheduler + control plane component + minProperties: 1 + properties: + extraArgs: + description: |- + extraArgs is a list of args to pass to the control plane component. + The arg name must match the command line flag name except without leading dash(es). + Extra arguments will override existing default arguments set by kubeadm. + items: + description: Arg represents an argument with a name and + a value. + properties: + name: + description: name is the Name of the extraArg. + maxLength: 256 + minLength: 1 + type: string + value: + description: value is the Value of the extraArg. + maxLength: 1024 + minLength: 0 + type: string + required: + - name + - value + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + - value + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: extraArgs name must be unique + rule: self.all(x, self.exists_one(y, x.name == y.name)) + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to the control plane component. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + extraVolumes: + description: extraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: |- + HostPathMount contains elements describing volumes that are mounted from the + host. + properties: + hostPath: + description: |- + hostPath is the path in the host that will be mounted inside + the pod. + maxLength: 512 + minLength: 1 + type: string + mountPath: + description: mountPath is the path inside the pod where + hostPath will be mounted. + maxLength: 512 + minLength: 1 + type: string + name: + description: name of the volume inside the pod template. + maxLength: 512 + minLength: 1 + type: string + pathType: + description: pathType is the type of the HostPath. + type: string + readOnly: + description: readOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + type: object + diskSetup: + description: diskSetup specifies options for the creation of partition + tables and file systems on devices. + minProperties: 1 + properties: + filesystems: + description: filesystems specifies the list of file systems to + setup. + items: + description: Filesystem defines the file systems to be created. + properties: + device: + description: device specifies the device name + maxLength: 256 + minLength: 1 + type: string + extraOpts: + description: extraOpts defined extra options to add to the + command for creating the file system. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + type: array + x-kubernetes-list-type: atomic + filesystem: + description: filesystem specifies the file system type. + maxLength: 128 + minLength: 1 + type: string + label: + description: label specifies the file system label to be + used. If set to None, no label is used. + maxLength: 512 + minLength: 1 + type: string + overwrite: + description: |- + overwrite defines whether or not to overwrite any existing filesystem. + If true, any pre-existing file system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'partition specifies the partition to use. + The valid options are: "auto|any", "auto", "any", "none", + and , where NUM is the actual partition number.' + maxLength: 128 + minLength: 1 + type: string + replaceFS: + description: |- + replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . + NOTE: unless you define a label, this requires the use of the 'any' partition directive. + maxLength: 128 + minLength: 1 + type: string + required: + - device + - filesystem + type: object + maxItems: 100 + type: array + x-kubernetes-list-type: atomic + partitions: + description: partitions specifies the list of the partitions to + setup. + items: + description: Partition defines how to create and layout a partition. + properties: + device: + description: device is the name of the device. + maxLength: 256 + minLength: 1 + type: string + layout: + description: |- + layout specifies the device layout. + If it is true, a single partition will be created for the entire device. + When layout is false, it means don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: |- + overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. + Use with caution. Default is 'false'. + type: boolean + tableType: + description: |- + tableType specifies the tupe of partition table. The following are supported: + 'mbr': default and setups a MS-DOS partition table + 'gpt': setups a GPT partition table + enum: + - mbr + - gpt + type: string + required: + - device + - layout + type: object + maxItems: 100 + type: array + x-kubernetes-list-type: atomic + type: object + files: + description: files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files in + cloud-init. + properties: + append: + description: append specifies whether to append Content to existing + file if Path exists. + type: boolean + content: + description: content is the actual content of the file. + maxLength: 10240 + minLength: 1 + type: string + contentFrom: + description: contentFrom is a referenced source of content to + populate the file. + properties: + secret: + description: secret represents a secret that should populate + this file. + properties: + key: + description: key is the key in the secret's data map + for this value. + maxLength: 256 + minLength: 1 + type: string + name: + description: name of the secret in the KubeadmBootstrapConfig's + namespace to use. + maxLength: 253 + minLength: 1 + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: encoding specifies the encoding of the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: owner specifies the ownership of the file, e.g. + "root:root". + maxLength: 256 + minLength: 1 + type: string + path: + description: path specifies the full path on disk where to store + the file. + maxLength: 512 + minLength: 1 + type: string + permissions: + description: permissions specifies the permissions to assign + to the file, e.g. "0640". + maxLength: 16 + minLength: 1 + type: string + required: + - path + type: object + maxItems: 200 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + format: + description: |- + format specifies the output format of the bootstrap data. + Defaults to cloud-config if not set. + enum: + - cloud-config + - ignition + type: string + ignition: + description: ignition contains Ignition specific configuration. + minProperties: 1 + properties: + containerLinuxConfig: + description: containerLinuxConfig contains CLC specific configuration. + minProperties: 1 + properties: + additionalConfig: + description: |- + additionalConfig contains additional configuration to be merged with the Ignition + configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging + + The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + maxLength: 32768 + minLength: 1 + type: string + strict: + description: strict controls if AdditionalConfig should be + strictly parsed. If so, warnings are treated as errors. + type: boolean + type: object + type: object + initConfiguration: + description: initConfiguration along with ClusterConfiguration are + the configurations necessary for the init command + minProperties: 1 + properties: + bootstrapTokens: + description: |- + bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. + This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap token, stored + as a Secret in the cluster. + properties: + description: + description: |- + description sets a human-friendly message why this token exists and what it's used + for, so other administrators can know its purpose. + maxLength: 512 + minLength: 1 + type: string + expires: + description: |- + expires specifies the timestamp when this token expires. Defaults to being set + dynamically at runtime based on the ttlSeconds. Expires and ttlSeconds are mutually exclusive. + format: date-time + type: string + groups: + description: |- + groups specifies the extra groups that this token will authenticate as when/if + used for authentication + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + token: + description: |- + token is used for establishing bidirectional trust between nodes and control-planes. + Used for joining nodes in the cluster. + maxLength: 23 + minLength: 1 + type: string + ttlSeconds: + description: |- + ttlSeconds defines the time to live for this token. Defaults to 24h. + Expires and ttlSeconds are mutually exclusive. + format: int32 + minimum: 0 + type: integer + usages: + description: |- + usages describes the ways in which this token can be used. Can by default be used + for establishing bidirectional trust, but that can be changed here. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + required: + - token + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + localAPIEndpoint: + description: |- + localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node + In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint + is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This + configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible + on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process + fails you may set the desired value here. + minProperties: 1 + properties: + advertiseAddress: + description: advertiseAddress sets the IP address for the + API server to advertise. + maxLength: 39 + minLength: 1 + type: string + bindPort: + description: |- + bindPort sets the secure port for the API Server to bind to. + Defaults to 6443. + format: int32 + minimum: 1 + type: integer + type: object + nodeRegistration: + description: |- + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + minProperties: 1 + properties: + criSocket: + description: criSocket is used to retrieve container runtime + info. This information will be annotated to the Node API + object, for later re-use + maxLength: 512 + minLength: 1 + type: string + ignorePreflightErrors: + description: |- + ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered, e.g. 'IsPrivilegedUser,Swap'. + Value 'all' ignores errors from all checks. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + imagePullPolicy: + description: |- + imagePullPolicy specifies the policy for image pulling + during kubeadm "init" and "join" operations. The value of + this field must be one of "Always", "IfNotPresent" or + "Never". Defaults to "IfNotPresent" if not set. + enum: + - Always + - IfNotPresent + - Never + type: string + imagePullSerial: + description: |- + imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. + This option takes effect only on Kubernetes >=1.31.0. + Default: true (defaulted in kubeadm) + type: boolean + kubeletExtraArgs: + description: |- + kubeletExtraArgs is a list of args to pass to kubelet. + The arg name must match the command line flag name except without leading dash(es). + Extra arguments will override existing default arguments set by kubeadm. + items: + description: Arg represents an argument with a name and + a value. + properties: + name: + description: name is the Name of the extraArg. + maxLength: 256 + minLength: 1 + type: string + value: + description: value is the Value of the extraArg. + maxLength: 1024 + minLength: 0 + type: string + required: + - name + - value + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + - value + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: kubeletExtraArgs name must be unique + rule: self.all(x, self.exists_one(y, x.name == y.name)) + name: + description: |- + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field of the kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + maxLength: 253 + minLength: 1 + type: string + taints: + description: |- + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an + empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. + items: + description: |- + The node this Taint is attached to has the "effect" on + any pod that does not tolerate the Taint. + properties: + effect: + description: |- + Required. The effect of the taint on pods + that do not tolerate the taint. + Valid effects are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: |- + TimeAdded represents the time at which the taint was added. + It is only written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint + key. + type: string + required: + - effect + - key + type: object + maxItems: 100 + minItems: 0 + type: array + type: object + patches: + description: |- + patches contains options related to applying patches to components deployed by kubeadm during + "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22 + minProperties: 1 + properties: + directory: + description: |- + directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of + "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one + of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. + The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". + "suffix" is an optional string that can be used to determine which patches are applied + first alpha-numerically. + These files can be written into the target directory via KubeadmConfig.Files which + specifies additional files to be created on the machine, either with content inline or + by referencing a secret. + maxLength: 512 + minLength: 1 + type: string + type: object + skipPhases: + description: |- + skipPhases is a list of phases to skip during command execution. + The list of phases can be obtained with the "kubeadm init --help" command. + This option takes effect only on Kubernetes >=1.22.0. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + timeouts: + description: timeouts holds various timeouts that apply to kubeadm + commands. + minProperties: 1 + properties: + controlPlaneComponentHealthCheckSeconds: + description: |- + controlPlaneComponentHealthCheckSeconds is the amount of time to wait for a control plane + component, such as the API server, to be healthy during "kubeadm init" and "kubeadm join". + If not set, it defaults to 4m (240s). + format: int32 + minimum: 0 + type: integer + discoverySeconds: + description: |- + discoverySeconds is the amount of time to wait for kubeadm to validate the API server identity + for a joining node. + If not set, it defaults to 5m (300s). + format: int32 + minimum: 0 + type: integer + etcdAPICallSeconds: + description: |- + etcdAPICallSeconds is the amount of time to wait for the kubeadm etcd client to complete a request to + the etcd cluster. + If not set, it defaults to 2m (120s). + format: int32 + minimum: 0 + type: integer + kubeletHealthCheckSeconds: + description: |- + kubeletHealthCheckSeconds is the amount of time to wait for the kubelet to be healthy + during "kubeadm init" and "kubeadm join". + If not set, it defaults to 4m (240s). + format: int32 + minimum: 0 + type: integer + kubernetesAPICallSeconds: + description: |- + kubernetesAPICallSeconds is the amount of time to wait for the kubeadm client to complete a request to + the API server. This applies to all types of methods (GET, POST, etc). + If not set, it defaults to 1m (60s). + format: int32 + minimum: 0 + type: integer + tlsBootstrapSeconds: + description: |- + tlsBootstrapSeconds is the amount of time to wait for the kubelet to complete TLS bootstrap + for a joining node. + If not set, it defaults to 5m (300s). + format: int32 + minimum: 0 + type: integer + type: object + type: object + joinConfiguration: + description: joinConfiguration is the kubeadm configuration for the + join command + minProperties: 1 + properties: + caCertPath: + description: |- + caCertPath is the path to the SSL certificate authority used to + secure communications between node and control-plane. + Defaults to "/etc/kubernetes/pki/ca.crt". + maxLength: 512 + minLength: 1 + type: string + controlPlane: + description: |- + controlPlane defines the additional control plane instance to be deployed on the joining node. + If nil, no additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: localAPIEndpoint represents the endpoint of the + API server instance to be deployed on this node. + minProperties: 1 + properties: + advertiseAddress: + description: advertiseAddress sets the IP address for + the API server to advertise. + maxLength: 39 + minLength: 1 + type: string + bindPort: + description: |- + bindPort sets the secure port for the API Server to bind to. + Defaults to 6443. + format: int32 + minimum: 1 + type: integer + type: object + type: object + discovery: + description: discovery specifies the options for the kubelet to + use during the TLS Bootstrap process + minProperties: 1 + properties: + bootstrapToken: + description: |- + bootstrapToken is used to set the options for bootstrap token based discovery + BootstrapToken and File are mutually exclusive + minProperties: 1 + properties: + apiServerEndpoint: + description: apiServerEndpoint is an IP or domain name + to the API server from which info will be fetched. + maxLength: 512 + minLength: 1 + type: string + caCertHashes: + description: |- + caCertHashes specifies a set of public key pins to verify + when token-based discovery is used. The root CA found during discovery + must match one of these values. Specifying an empty set disables root CA + pinning, which can be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". This is a hex-encoded + SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded + ASN.1. These hashes can be calculated using, for example, OpenSSL: + openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + token: + description: |- + token is a token used to validate cluster information + fetched from the control-plane. + maxLength: 512 + minLength: 1 + type: string + unsafeSkipCAVerification: + description: |- + unsafeSkipCAVerification allows token-based discovery + without CA verification via CACertHashes. This can weaken + the security of kubeadm since other nodes can impersonate the control-plane. + type: boolean + type: object + file: + description: |- + file is used to specify a file or URL to a kubeconfig file from which to load cluster information + BootstrapToken and File are mutually exclusive + properties: + kubeConfig: + description: |- + kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information. + The file is generated at the path specified in KubeConfigPath. + + Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint. + Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret. + properties: + cluster: + description: |- + cluster contains information about how to communicate with the kubernetes cluster. + + By default the following fields are automatically populated: + - Server with the Cluster's ControlPlaneEndpoint. + - CertificateAuthorityData with the Cluster's CA certificate. + minProperties: 1 + properties: + certificateAuthorityData: + description: |- + certificateAuthorityData contains PEM-encoded certificate authority certificates. + + Defaults to the Cluster's CA certificate if empty. + format: byte + maxLength: 51200 + minLength: 1 + type: string + insecureSkipTLSVerify: + description: insecureSkipTLSVerify skips the validity + check for the server's certificate. This will + make your HTTPS connections insecure. + type: boolean + proxyURL: + description: |- + proxyURL is the URL to the proxy to be used for all requests made by this + client. URLs with "http", "https", and "socks5" schemes are supported. If + this configuration is not provided or the empty string, the client + attempts to construct a proxy configuration from http_proxy and + https_proxy environment variables. If these environment variables are not + set, the client does not attempt to proxy requests. + + socks5 proxying does not currently support spdy streaming endpoints (exec, + attach, port forward). + maxLength: 512 + minLength: 1 + type: string + server: + description: |- + server is the address of the kubernetes cluster (https://hostname:port). + + Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint. + maxLength: 512 + minLength: 1 + type: string + tlsServerName: + description: tlsServerName is used to check server + certificate. If TLSServerName is empty, the + hostname used to contact the server is used. + maxLength: 512 + minLength: 1 + type: string + type: object + user: + description: |- + user contains information that describes identity information. + This is used to tell the kubernetes cluster who you are. + minProperties: 1 + properties: + authProvider: + description: authProvider specifies a custom authentication + plugin for the kubernetes cluster. + properties: + config: + additionalProperties: + type: string + description: config holds the parameters for + the authentication plugin. + type: object + name: + description: name is the name of the authentication + plugin. + maxLength: 256 + minLength: 1 + type: string + required: + - name + type: object + exec: + description: exec specifies a custom exec-based + authentication plugin for the kubernetes cluster. + properties: + apiVersion: + description: |- + apiVersion is preferred input version of the ExecInfo. The returned ExecCredentials MUST use + the same encoding version as the input. + Defaults to client.authentication.k8s.io/v1 if not set. + maxLength: 512 + minLength: 1 + type: string + args: + description: args is the arguments to pass + to the command when executing it. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + command: + description: command to execute. + maxLength: 1024 + minLength: 1 + type: string + env: + description: |- + env defines additional environment variables to expose to the process. These + are unioned with the host's environment, as well as variables client-go uses + to pass argument to the plugin. + items: + description: |- + KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based + credential plugin. + properties: + name: + description: name of the environment + variable + maxLength: 512 + minLength: 1 + type: string + value: + description: value of the environment + variable + maxLength: 512 + minLength: 1 + type: string + required: + - name + - value + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + provideClusterInfo: + description: |- + provideClusterInfo determines whether or not to provide cluster information, + which could potentially contain very large CA data, to this exec plugin as a + part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set + to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for + reading this environment variable. + type: boolean + required: + - command + type: object + type: object + required: + - user + type: object + kubeConfigPath: + description: kubeConfigPath is used to specify the actual + file path or URL to the kubeconfig file from which to + load cluster information + maxLength: 512 + minLength: 1 + type: string + required: + - kubeConfigPath + type: object + tlsBootstrapToken: + description: |- + tlsBootstrapToken is a token used for TLS bootstrapping. + If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. + If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information + maxLength: 512 + minLength: 1 + type: string + type: object + nodeRegistration: + description: |- + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + minProperties: 1 + properties: + criSocket: + description: criSocket is used to retrieve container runtime + info. This information will be annotated to the Node API + object, for later re-use + maxLength: 512 + minLength: 1 + type: string + ignorePreflightErrors: + description: |- + ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered, e.g. 'IsPrivilegedUser,Swap'. + Value 'all' ignores errors from all checks. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + imagePullPolicy: + description: |- + imagePullPolicy specifies the policy for image pulling + during kubeadm "init" and "join" operations. The value of + this field must be one of "Always", "IfNotPresent" or + "Never". Defaults to "IfNotPresent" if not set. + enum: + - Always + - IfNotPresent + - Never + type: string + imagePullSerial: + description: |- + imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. + This option takes effect only on Kubernetes >=1.31.0. + Default: true (defaulted in kubeadm) + type: boolean + kubeletExtraArgs: + description: |- + kubeletExtraArgs is a list of args to pass to kubelet. + The arg name must match the command line flag name except without leading dash(es). + Extra arguments will override existing default arguments set by kubeadm. + items: + description: Arg represents an argument with a name and + a value. + properties: + name: + description: name is the Name of the extraArg. + maxLength: 256 + minLength: 1 + type: string + value: + description: value is the Value of the extraArg. + maxLength: 1024 + minLength: 0 + type: string + required: + - name + - value + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + - value + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: kubeletExtraArgs name must be unique + rule: self.all(x, self.exists_one(y, x.name == y.name)) + name: + description: |- + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field of the kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + maxLength: 253 + minLength: 1 + type: string + taints: + description: |- + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an + empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. + items: + description: |- + The node this Taint is attached to has the "effect" on + any pod that does not tolerate the Taint. + properties: + effect: + description: |- + Required. The effect of the taint on pods + that do not tolerate the taint. + Valid effects are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: |- + TimeAdded represents the time at which the taint was added. + It is only written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint + key. + type: string + required: + - effect + - key + type: object + maxItems: 100 + minItems: 0 + type: array + type: object + patches: + description: |- + patches contains options related to applying patches to components deployed by kubeadm during + "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22 + minProperties: 1 + properties: + directory: + description: |- + directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of + "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one + of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. + The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". + "suffix" is an optional string that can be used to determine which patches are applied + first alpha-numerically. + These files can be written into the target directory via KubeadmConfig.Files which + specifies additional files to be created on the machine, either with content inline or + by referencing a secret. + maxLength: 512 + minLength: 1 + type: string + type: object + skipPhases: + description: |- + skipPhases is a list of phases to skip during command execution. + The list of phases can be obtained with the "kubeadm init --help" command. + This option takes effect only on Kubernetes >=1.22.0. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + timeouts: + description: timeouts holds various timeouts that apply to kubeadm + commands. + minProperties: 1 + properties: + controlPlaneComponentHealthCheckSeconds: + description: |- + controlPlaneComponentHealthCheckSeconds is the amount of time to wait for a control plane + component, such as the API server, to be healthy during "kubeadm init" and "kubeadm join". + If not set, it defaults to 4m (240s). + format: int32 + minimum: 0 + type: integer + discoverySeconds: + description: |- + discoverySeconds is the amount of time to wait for kubeadm to validate the API server identity + for a joining node. + If not set, it defaults to 5m (300s). + format: int32 + minimum: 0 + type: integer + etcdAPICallSeconds: + description: |- + etcdAPICallSeconds is the amount of time to wait for the kubeadm etcd client to complete a request to + the etcd cluster. + If not set, it defaults to 2m (120s). + format: int32 + minimum: 0 + type: integer + kubeletHealthCheckSeconds: + description: |- + kubeletHealthCheckSeconds is the amount of time to wait for the kubelet to be healthy + during "kubeadm init" and "kubeadm join". + If not set, it defaults to 4m (240s). + format: int32 + minimum: 0 + type: integer + kubernetesAPICallSeconds: + description: |- + kubernetesAPICallSeconds is the amount of time to wait for the kubeadm client to complete a request to + the API server. This applies to all types of methods (GET, POST, etc). + If not set, it defaults to 1m (60s). + format: int32 + minimum: 0 + type: integer + tlsBootstrapSeconds: + description: |- + tlsBootstrapSeconds is the amount of time to wait for the kubelet to complete TLS bootstrap + for a joining node. + If not set, it defaults to 5m (300s). + format: int32 + minimum: 0 + type: integer + type: object + type: object + mounts: + description: mounts specifies a list of mount points to be setup. + items: + description: MountPoints defines input for generated mounts in cloud-init. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + ntp: + description: ntp specifies NTP configuration + minProperties: 1 + properties: + enabled: + description: enabled specifies whether NTP should be enabled + type: boolean + servers: + description: servers specifies which NTP servers to use + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 100 + type: array + x-kubernetes-list-type: atomic + type: object + postKubeadmCommands: + description: |- + postKubeadmCommands specifies extra commands to run after kubeadm runs. + With cloud-init, this is appended to the runcmd module configuration, and is typically executed in + the cloud-final.service systemd unit. In Ignition, this is appended to /etc/kubeadm.sh. + items: + maxLength: 10240 + minLength: 1 + type: string + maxItems: 1000 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + preKubeadmCommands: + description: |- + preKubeadmCommands specifies extra commands to run before kubeadm runs. + With cloud-init, this is prepended to the runcmd module configuration, and is typically executed in + the cloud-final.service systemd unit. In Ignition, this is prepended to /etc/kubeadm.sh. + items: + maxLength: 10240 + minLength: 1 + type: string + maxItems: 1000 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + users: + description: users specifies extra users to add + items: + description: User defines the input for a generated user in cloud-init. + properties: + gecos: + description: gecos specifies the gecos to use for the user + maxLength: 256 + minLength: 1 + type: string + groups: + description: groups specifies the additional groups for the + user + maxLength: 256 + minLength: 1 + type: string + homeDir: + description: homeDir specifies the home directory to use for + the user + maxLength: 256 + minLength: 1 + type: string + inactive: + description: inactive specifies whether to mark the user as + inactive + type: boolean + lockPassword: + description: lockPassword specifies if password login should + be disabled + type: boolean + name: + description: name specifies the user name + maxLength: 256 + minLength: 1 + type: string + passwd: + description: passwd specifies a hashed password for the user + maxLength: 256 + minLength: 1 + type: string + passwdFrom: + description: passwdFrom is a referenced source of passwd to + populate the passwd. + properties: + secret: + description: secret represents a secret that should populate + this password. + properties: + key: + description: key is the key in the secret's data map + for this value. + maxLength: 256 + minLength: 1 + type: string + name: + description: name of the secret in the KubeadmBootstrapConfig's + namespace to use. + maxLength: 253 + minLength: 1 + type: string + required: + - key + - name + type: object + required: + - secret + type: object + primaryGroup: + description: primaryGroup specifies the primary group for the + user + maxLength: 256 + minLength: 1 + type: string + shell: + description: shell specifies the user's shell + maxLength: 256 + minLength: 1 + type: string + sshAuthorizedKeys: + description: sshAuthorizedKeys specifies a list of ssh authorized + keys for the user + items: + maxLength: 2048 + minLength: 1 + type: string + maxItems: 100 + type: array + x-kubernetes-list-type: atomic + sudo: + description: sudo specifies a sudo role for the user + maxLength: 256 + minLength: 1 + type: string + required: + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + verbosity: + description: |- + verbosity is the number for the kubeadm log level verbosity. + It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + status: + description: status is the observed state of KubeadmConfig. + minProperties: 1 + properties: + conditions: + description: |- + conditions represents the observations of a KubeadmConfig's current state. + Known condition types are Ready, DataSecretAvailable, CertificatesAvailable. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + dataSecretName: + description: dataSecretName is the name of the secret that stores + the bootstrap data script. + maxLength: 253 + minLength: 1 + type: string + deprecated: + description: deprecated groups all the status fields that are deprecated + and will be removed when all the nested field are removed. + properties: + v1beta1: + description: v1beta1 groups all the status fields that are deprecated + and will be removed when support for v1beta1 will be dropped. + properties: + conditions: + description: |- + conditions defines current service state of the KubeadmConfig. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + items: + description: Condition defines an observation of a Cluster + API resource operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, + Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: |- + failureMessage will be set on non-retryable errors + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + maxLength: 10240 + minLength: 1 + type: string + failureReason: + description: |- + failureReason will be set on non-retryable errors + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + maxLength: 256 + minLength: 1 + type: string + type: object + type: object + initialization: + description: |- + initialization provides observations of the KubeadmConfig initialization process. + NOTE: Fields in this struct are part of the Cluster API contract and are used to orchestrate initial Machine provisioning. + minProperties: 1 + properties: + dataSecretCreated: + description: |- + dataSecretCreated is true when the Machine's boostrap secret is created. + NOTE: this field is part of the Cluster API contract, and it is used to orchestrate initial Machine provisioning. + type: boolean + type: object + observedGeneration: + description: observedGeneration is the latest generation observed + by the controller. + format: int64 + minimum: 1 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert + controller-gen.kubebuilder.io/version: v0.18.0 + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + cluster.x-k8s.io/v1beta1: v1beta1 + cluster.x-k8s.io/v1beta2: v1beta2 + name: kubeadmconfigtemplates.bootstrap.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: bootstrap.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: KubeadmConfigTemplate + listKind: KubeadmConfigTemplateList + plural: kubeadmconfigtemplates + singular: kubeadmconfigtemplate + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of KubeadmConfigTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1beta1 + schema: + openAPIV3Schema: + description: KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the desired state of KubeadmConfigTemplate. + properties: + template: + description: template defines the desired state of KubeadmConfigTemplate. + properties: + metadata: + description: |- + metadata is the standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: spec is the desired state of KubeadmConfig. + properties: + bootCommands: + description: |- + bootCommands specifies extra commands to run very early in the boot process via the cloud-init bootcmd + module. bootcmd will run on every boot, 'cloud-init-per' command can be used to make bootcmd run exactly + once. This is typically run in the cloud-init.service systemd unit. This has no effect in Ignition. + items: + maxLength: 10240 + minLength: 1 + type: string + maxItems: 1000 + type: array + clusterConfiguration: + description: clusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: apiServer contains extra settings for the + API server control plane component + properties: + certSANs: + description: certSANs sets extra Subject Alternative + Names for the API Server signing cert. + items: + maxLength: 253 + minLength: 1 + type: string + maxItems: 100 + type: array + extraArgs: + additionalProperties: + type: string + description: extraArgs is an extra set of flags to + pass to the control plane component. + type: object + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to the control plane component. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + type: array + extraVolumes: + description: extraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: |- + HostPathMount contains elements describing volumes that are mounted from the + host. + properties: + hostPath: + description: |- + hostPath is the path in the host that will be mounted inside + the pod. + maxLength: 512 + minLength: 1 + type: string + mountPath: + description: mountPath is the path inside the + pod where hostPath will be mounted. + maxLength: 512 + minLength: 1 + type: string + name: + description: name of the volume inside the pod + template. + maxLength: 512 + minLength: 1 + type: string + pathType: + description: pathType is the type of the HostPath. + type: string + readOnly: + description: readOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + maxItems: 100 + type: array + timeoutForControlPlane: + description: timeoutForControlPlane controls the timeout + that we use for API server to appear + type: string + type: object + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + certificatesDir: + description: |- + certificatesDir specifies where to store or look for all required certificates. + NB: if not provided, this will default to `/etc/kubernetes/pki` + maxLength: 512 + minLength: 1 + type: string + clusterName: + description: clusterName is the cluster name + maxLength: 63 + minLength: 1 + type: string + controlPlaneEndpoint: + description: |- + controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it + can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. + In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort + are used; in case the ControlPlaneEndpoint is specified but without a TCP port, + the BindPort is used. + Possible usages are: + e.g. In a cluster with more than one control plane instances, this field should be + assigned the address of the external load balancer in front of the + control plane instances. + e.g. in environments with enforced node recycling, the ControlPlaneEndpoint + could be used for assigning a stable DNS to the control plane. + NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. + maxLength: 512 + minLength: 1 + type: string + controllerManager: + description: controllerManager contains extra settings + for the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: extraArgs is an extra set of flags to + pass to the control plane component. + type: object + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to the control plane component. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + type: array + extraVolumes: + description: extraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: |- + HostPathMount contains elements describing volumes that are mounted from the + host. + properties: + hostPath: + description: |- + hostPath is the path in the host that will be mounted inside + the pod. + maxLength: 512 + minLength: 1 + type: string + mountPath: + description: mountPath is the path inside the + pod where hostPath will be mounted. + maxLength: 512 + minLength: 1 + type: string + name: + description: name of the volume inside the pod + template. + maxLength: 512 + minLength: 1 + type: string + pathType: + description: pathType is the type of the HostPath. + type: string + readOnly: + description: readOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + maxItems: 100 + type: array + type: object + dns: + description: dns defines the options for the DNS add-on + installed in the cluster. + properties: + imageRepository: + description: |- + imageRepository sets the container registry to pull images from. + if not set, the ImageRepository defined in ClusterConfiguration will be used instead. + maxLength: 512 + minLength: 1 + type: string + imageTag: + description: |- + imageTag allows to specify a tag for the image. + In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. + maxLength: 256 + minLength: 1 + type: string + type: object + etcd: + description: |- + etcd holds configuration for etcd. + NB: This value defaults to a Local (stacked) etcd + properties: + external: + description: |- + external describes how to connect to an external etcd cluster + Local and External are mutually exclusive + properties: + caFile: + description: |- + caFile is an SSL Certificate Authority file used to secure etcd communication. + Required if using a TLS connection. + maxLength: 512 + minLength: 1 + type: string + certFile: + description: |- + certFile is an SSL certification file used to secure etcd communication. + Required if using a TLS connection. + maxLength: 512 + minLength: 1 + type: string + endpoints: + description: endpoints of etcd members. Required + for ExternalEtcd. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 50 + type: array + keyFile: + description: |- + keyFile is an SSL key file used to secure etcd communication. + Required if using a TLS connection. + maxLength: 512 + minLength: 1 + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: |- + local provides configuration knobs for configuring the local etcd instance + Local and External are mutually exclusive + properties: + dataDir: + description: |- + dataDir is the directory etcd will place its data. + Defaults to "/var/lib/etcd". + maxLength: 512 + minLength: 1 + type: string + extraArgs: + additionalProperties: + type: string + description: |- + extraArgs are extra arguments provided to the etcd binary + when run inside a static pod. + type: object + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to the control plane component. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + type: array + imageRepository: + description: |- + imageRepository sets the container registry to pull images from. + if not set, the ImageRepository defined in ClusterConfiguration will be used instead. + maxLength: 512 + minLength: 1 + type: string + imageTag: + description: |- + imageTag allows to specify a tag for the image. + In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. + maxLength: 256 + minLength: 1 + type: string + peerCertSANs: + description: peerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + maxLength: 253 + minLength: 1 + type: string + maxItems: 100 + type: array + serverCertSANs: + description: serverCertSANs sets extra Subject + Alternative Names for the etcd server signing + cert. + items: + maxLength: 253 + minLength: 1 + type: string + maxItems: 100 + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: featureGates enabled by the user. + type: object + imageRepository: + description: |- + imageRepository sets the container registry to pull images from. + * If not set, the default registry of kubeadm will be used, i.e. + * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 + * k8s.gcr.io (old registry): all older versions + Please note that when imageRepository is not set we don't allow upgrades to + versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use + a newer patch version with the new registry instead (i.e. >= v1.22.17, + >= v1.23.15, >= v1.24.9, >= v1.25.0). + * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) + `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components + and for kube-proxy, while `registry.k8s.io` will be used for all the other images. + maxLength: 512 + minLength: 1 + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + kubernetesVersion: + description: |- + kubernetesVersion is the target version of the control plane. + NB: This value defaults to the Machine object spec.version + maxLength: 256 + minLength: 1 + type: string + networking: + description: |- + networking holds configuration for the networking topology of the cluster. + NB: This value defaults to the Cluster object spec.clusterNetwork. + properties: + dnsDomain: + description: dnsDomain is the dns domain used by k8s + services. Defaults to "cluster.local". + maxLength: 253 + minLength: 1 + type: string + podSubnet: + description: |- + podSubnet is the subnet used by pods. + If unset, the API server will not allocate CIDR ranges for every node. + Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set + maxLength: 1024 + minLength: 1 + type: string + serviceSubnet: + description: |- + serviceSubnet is the subnet used by k8s services. + Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or + to "10.96.0.0/12" if that's unset. + maxLength: 1024 + minLength: 1 + type: string + type: object + scheduler: + description: scheduler contains extra settings for the + scheduler control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: extraArgs is an extra set of flags to + pass to the control plane component. + type: object + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to the control plane component. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + type: array + extraVolumes: + description: extraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: |- + HostPathMount contains elements describing volumes that are mounted from the + host. + properties: + hostPath: + description: |- + hostPath is the path in the host that will be mounted inside + the pod. + maxLength: 512 + minLength: 1 + type: string + mountPath: + description: mountPath is the path inside the + pod where hostPath will be mounted. + maxLength: 512 + minLength: 1 + type: string + name: + description: name of the volume inside the pod + template. + maxLength: 512 + minLength: 1 + type: string + pathType: + description: pathType is the type of the HostPath. + type: string + readOnly: + description: readOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + maxItems: 100 + type: array + type: object + type: object + diskSetup: + description: diskSetup specifies options for the creation + of partition tables and file systems on devices. + properties: + filesystems: + description: filesystems specifies the list of file systems + to setup. + items: + description: Filesystem defines the file systems to + be created. + properties: + device: + description: device specifies the device name + maxLength: 256 + minLength: 1 + type: string + extraOpts: + description: extraOpts defined extra options to + add to the command for creating the file system. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + type: array + filesystem: + description: filesystem specifies the file system + type. + maxLength: 128 + minLength: 1 + type: string + label: + description: label specifies the file system label + to be used. If set to None, no label is used. + maxLength: 512 + minLength: 1 + type: string + overwrite: + description: |- + overwrite defines whether or not to overwrite any existing filesystem. + If true, any pre-existing file system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'partition specifies the partition + to use. The valid options are: "auto|any", "auto", + "any", "none", and , where NUM is the actual + partition number.' + maxLength: 128 + minLength: 1 + type: string + replaceFS: + description: |- + replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . + NOTE: unless you define a label, this requires the use of the 'any' partition directive. + maxLength: 128 + minLength: 1 + type: string + required: + - device + - filesystem + type: object + maxItems: 100 + type: array + partitions: + description: partitions specifies the list of the partitions + to setup. + items: + description: Partition defines how to create and layout + a partition. + properties: + device: + description: device is the name of the device. + maxLength: 256 + minLength: 1 + type: string + layout: + description: |- + layout specifies the device layout. + If it is true, a single partition will be created for the entire device. + When layout is false, it means don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: |- + overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. + Use with caution. Default is 'false'. + type: boolean + tableType: + description: |- + tableType specifies the tupe of partition table. The following are supported: + 'mbr': default and setups a MS-DOS partition table + 'gpt': setups a GPT partition table + enum: + - mbr + - gpt + type: string + required: + - device + - layout + type: object + maxItems: 100 + type: array + type: object + files: + description: files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + append: + description: append specifies whether to append Content + to existing file if Path exists. + type: boolean + content: + description: content is the actual content of the file. + maxLength: 10240 + minLength: 1 + type: string + contentFrom: + description: contentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: secret represents a secret that should + populate this file. + properties: + key: + description: key is the key in the secret's + data map for this value. + maxLength: 256 + minLength: 1 + type: string + name: + description: name of the secret in the KubeadmBootstrapConfig's + namespace to use. + maxLength: 253 + minLength: 1 + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: encoding specifies the encoding of the + file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: owner specifies the ownership of the file, + e.g. "root:root". + maxLength: 256 + minLength: 1 + type: string + path: + description: path specifies the full path on disk where + to store the file. + maxLength: 512 + minLength: 1 + type: string + permissions: + description: permissions specifies the permissions to + assign to the file, e.g. "0640". + maxLength: 16 + minLength: 1 + type: string + required: + - path + type: object + maxItems: 200 + type: array + format: + description: format specifies the output format of the bootstrap + data + enum: + - cloud-config + - ignition + type: string + ignition: + description: ignition contains Ignition specific configuration. + properties: + containerLinuxConfig: + description: containerLinuxConfig contains CLC specific + configuration. + properties: + additionalConfig: + description: |- + additionalConfig contains additional configuration to be merged with the Ignition + configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging + + The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + maxLength: 32768 + minLength: 1 + type: string + strict: + description: strict controls if AdditionalConfig should + be strictly parsed. If so, warnings are treated + as errors. + type: boolean + type: object + type: object + initConfiguration: + description: initConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + bootstrapTokens: + description: |- + bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. + This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap + token, stored as a Secret in the cluster. + properties: + description: + description: |- + description sets a human-friendly message why this token exists and what it's used + for, so other administrators can know its purpose. + maxLength: 512 + minLength: 1 + type: string + expires: + description: |- + expires specifies the timestamp when this token expires. Defaults to being set + dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. + format: date-time + type: string + groups: + description: |- + groups specifies the extra groups that this token will authenticate as when/if + used for authentication + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + type: array + token: + description: |- + token is used for establishing bidirectional trust between nodes and control-planes. + Used for joining nodes in the cluster. + type: string + ttl: + description: |- + ttl defines the time to live for this token. Defaults to 24h. + Expires and TTL are mutually exclusive. + type: string + usages: + description: |- + usages describes the ways in which this token can be used. Can by default be used + for establishing bidirectional trust, but that can be changed here. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + type: array + required: + - token + type: object + maxItems: 100 + type: array + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + localAPIEndpoint: + description: |- + localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node + In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint + is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This + configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible + on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process + fails you may set the desired value here. + properties: + advertiseAddress: + description: advertiseAddress sets the IP address + for the API server to advertise. + maxLength: 39 + minLength: 1 + type: string + bindPort: + description: |- + bindPort sets the secure port for the API Server to bind to. + Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: |- + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: criSocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + maxLength: 512 + minLength: 1 + type: string + ignorePreflightErrors: + description: ignorePreflightErrors provides a slice + of pre-flight errors to be ignored when the current + node is registered. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 50 + type: array + imagePullPolicy: + description: |- + imagePullPolicy specifies the policy for image pulling + during kubeadm "init" and "join" operations. The value of + this field must be one of "Always", "IfNotPresent" or + "Never". Defaults to "IfNotPresent". This can be used only + with Kubernetes version equal to 1.22 and later. + enum: + - Always + - IfNotPresent + - Never + type: string + imagePullSerial: + description: |- + imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. + This option takes effect only on Kubernetes >=1.31.0. + Default: true (defaulted in kubeadm) + type: boolean + kubeletExtraArgs: + additionalProperties: + type: string + description: |- + kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file + kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. + type: object + name: + description: |- + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field of the kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + maxLength: 253 + minLength: 1 + type: string + taints: + description: |- + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an + empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. + items: + description: |- + The node this Taint is attached to has the "effect" on + any pod that does not tolerate the Taint. + properties: + effect: + description: |- + Required. The effect of the taint on pods + that do not tolerate the taint. + Valid effects are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: |- + TimeAdded represents the time at which the taint was added. + It is only written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to + the taint key. + type: string + required: + - effect + - key + type: object + maxItems: 100 + type: array + type: object + patches: + description: |- + patches contains options related to applying patches to components deployed by kubeadm during + "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22 + properties: + directory: + description: |- + directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of + "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one + of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. + The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". + "suffix" is an optional string that can be used to determine which patches are applied + first alpha-numerically. + These files can be written into the target directory via KubeadmConfig.Files which + specifies additional files to be created on the machine, either with content inline or + by referencing a secret. + maxLength: 512 + minLength: 1 + type: string + type: object + skipPhases: + description: |- + skipPhases is a list of phases to skip during command execution. + The list of phases can be obtained with the "kubeadm init --help" command. + This option takes effect only on Kubernetes >=1.22.0. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 50 + type: array + type: object + joinConfiguration: + description: joinConfiguration is the kubeadm configuration + for the join command + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + caCertPath: + description: |- + caCertPath is the path to the SSL certificate authority used to + secure comunications between node and control-plane. + Defaults to "/etc/kubernetes/pki/ca.crt". + maxLength: 512 + minLength: 1 + type: string + controlPlane: + description: |- + controlPlane defines the additional control plane instance to be deployed on the joining node. + If nil, no additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: localAPIEndpoint represents the endpoint + of the API server instance to be deployed on this + node. + properties: + advertiseAddress: + description: advertiseAddress sets the IP address + for the API server to advertise. + maxLength: 39 + minLength: 1 + type: string + bindPort: + description: |- + bindPort sets the secure port for the API Server to bind to. + Defaults to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: discovery specifies the options for the kubelet + to use during the TLS Bootstrap process + properties: + bootstrapToken: + description: |- + bootstrapToken is used to set the options for bootstrap token based discovery + BootstrapToken and File are mutually exclusive + properties: + apiServerEndpoint: + description: apiServerEndpoint is an IP or domain + name to the API server from which info will + be fetched. + maxLength: 512 + minLength: 1 + type: string + caCertHashes: + description: |- + caCertHashes specifies a set of public key pins to verify + when token-based discovery is used. The root CA found during discovery + must match one of these values. Specifying an empty set disables root CA + pinning, which can be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". This is a hex-encoded + SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded + ASN.1. These hashes can be calculated using, for example, OpenSSL: + openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 100 + type: array + token: + description: |- + token is a token used to validate cluster information + fetched from the control-plane. + maxLength: 512 + minLength: 1 + type: string + unsafeSkipCAVerification: + description: |- + unsafeSkipCAVerification allows token-based discovery + without CA verification via CACertHashes. This can weaken + the security of kubeadm since other nodes can impersonate the control-plane. + type: boolean + type: object + file: + description: |- + file is used to specify a file or URL to a kubeconfig file from which to load cluster information + BootstrapToken and File are mutually exclusive + properties: + kubeConfig: + description: |- + kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information. + The file is generated at the path specified in KubeConfigPath. + + Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint. + Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret. + properties: + cluster: + description: |- + cluster contains information about how to communicate with the kubernetes cluster. + + By default the following fields are automatically populated: + - Server with the Cluster's ControlPlaneEndpoint. + - CertificateAuthorityData with the Cluster's CA certificate. + properties: + certificateAuthorityData: + description: |- + certificateAuthorityData contains PEM-encoded certificate authority certificates. + + Defaults to the Cluster's CA certificate if empty. + format: byte + maxLength: 51200 + minLength: 1 + type: string + insecureSkipTLSVerify: + description: insecureSkipTLSVerify skips + the validity check for the server's + certificate. This will make your HTTPS + connections insecure. + type: boolean + proxyURL: + description: |- + proxyURL is the URL to the proxy to be used for all requests made by this + client. URLs with "http", "https", and "socks5" schemes are supported. If + this configuration is not provided or the empty string, the client + attempts to construct a proxy configuration from http_proxy and + https_proxy environment variables. If these environment variables are not + set, the client does not attempt to proxy requests. + + socks5 proxying does not currently support spdy streaming endpoints (exec, + attach, port forward). + maxLength: 512 + minLength: 1 + type: string + server: + description: |- + server is the address of the kubernetes cluster (https://hostname:port). + + Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint. + maxLength: 512 + minLength: 1 + type: string + tlsServerName: + description: tlsServerName is used to + check server certificate. If TLSServerName + is empty, the hostname used to contact + the server is used. + maxLength: 512 + minLength: 1 + type: string + type: object + user: + description: |- + user contains information that describes identity information. + This is used to tell the kubernetes cluster who you are. + properties: + authProvider: + description: authProvider specifies a + custom authentication plugin for the + kubernetes cluster. + properties: + config: + additionalProperties: + type: string + description: config holds the parameters + for the authentication plugin. + type: object + name: + description: name is the name of the + authentication plugin. + maxLength: 256 + minLength: 1 + type: string + required: + - name + type: object + exec: + description: exec specifies a custom exec-based + authentication plugin for the kubernetes + cluster. + properties: + apiVersion: + description: |- + apiVersion is preferred input version of the ExecInfo. The returned ExecCredentials MUST use + the same encoding version as the input. + Defaults to client.authentication.k8s.io/v1 if not set. + maxLength: 512 + minLength: 1 + type: string + args: + description: args is the arguments + to pass to the command when executing + it. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 100 + type: array + command: + description: command to execute. + maxLength: 1024 + minLength: 1 + type: string + env: + description: |- + env defines additional environment variables to expose to the process. These + are unioned with the host's environment, as well as variables client-go uses + to pass argument to the plugin. + items: + description: |- + KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based + credential plugin. + properties: + name: + description: name of the environment + variable + maxLength: 512 + minLength: 1 + type: string + value: + description: value of the environment + variable + maxLength: 512 + minLength: 1 + type: string + required: + - name + - value + type: object + maxItems: 100 + type: array + provideClusterInfo: + description: |- + provideClusterInfo determines whether or not to provide cluster information, + which could potentially contain very large CA data, to this exec plugin as a + part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set + to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for + reading this environment variable. + type: boolean + required: + - command + type: object + type: object + required: + - user + type: object + kubeConfigPath: + description: kubeConfigPath is used to specify + the actual file path or URL to the kubeconfig + file from which to load cluster information + maxLength: 512 + minLength: 1 + type: string + required: + - kubeConfigPath + type: object + timeout: + description: timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: |- + tlsBootstrapToken is a token used for TLS bootstrapping. + If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. + If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information + maxLength: 512 + minLength: 1 + type: string + type: object + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + nodeRegistration: + description: |- + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: criSocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + maxLength: 512 + minLength: 1 + type: string + ignorePreflightErrors: + description: ignorePreflightErrors provides a slice + of pre-flight errors to be ignored when the current + node is registered. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 50 + type: array + imagePullPolicy: + description: |- + imagePullPolicy specifies the policy for image pulling + during kubeadm "init" and "join" operations. The value of + this field must be one of "Always", "IfNotPresent" or + "Never". Defaults to "IfNotPresent". This can be used only + with Kubernetes version equal to 1.22 and later. + enum: + - Always + - IfNotPresent + - Never + type: string + imagePullSerial: + description: |- + imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. + This option takes effect only on Kubernetes >=1.31.0. + Default: true (defaulted in kubeadm) + type: boolean + kubeletExtraArgs: + additionalProperties: + type: string + description: |- + kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file + kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. + type: object + name: + description: |- + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field of the kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + maxLength: 253 + minLength: 1 + type: string + taints: + description: |- + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an + empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. + items: + description: |- + The node this Taint is attached to has the "effect" on + any pod that does not tolerate the Taint. + properties: + effect: + description: |- + Required. The effect of the taint on pods + that do not tolerate the taint. + Valid effects are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: |- + TimeAdded represents the time at which the taint was added. + It is only written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to + the taint key. + type: string + required: + - effect + - key + type: object + maxItems: 100 + type: array + type: object + patches: + description: |- + patches contains options related to applying patches to components deployed by kubeadm during + "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22 + properties: + directory: + description: |- + directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of + "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one + of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. + The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". + "suffix" is an optional string that can be used to determine which patches are applied + first alpha-numerically. + These files can be written into the target directory via KubeadmConfig.Files which + specifies additional files to be created on the machine, either with content inline or + by referencing a secret. + maxLength: 512 + minLength: 1 + type: string + type: object + skipPhases: + description: |- + skipPhases is a list of phases to skip during command execution. + The list of phases can be obtained with the "kubeadm init --help" command. + This option takes effect only on Kubernetes >=1.22.0. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 50 + type: array + type: object + mounts: + description: mounts specifies a list of mount points to be + setup. + items: + description: MountPoints defines input for generated mounts + in cloud-init. + items: + maxLength: 512 + minLength: 1 + type: string + type: array + maxItems: 100 + type: array + ntp: + description: ntp specifies NTP configuration + properties: + enabled: + description: enabled specifies whether NTP should be enabled + type: boolean + servers: + description: servers specifies which NTP servers to use + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 100 + type: array + type: object + postKubeadmCommands: + description: |- + postKubeadmCommands specifies extra commands to run after kubeadm runs. + With cloud-init, this is appended to the runcmd module configuration, and is typically executed in + the cloud-final.service systemd unit. In Ignition, this is appended to /etc/kubeadm.sh. + items: + maxLength: 10240 + minLength: 1 + type: string + maxItems: 1000 + type: array + preKubeadmCommands: + description: |- + preKubeadmCommands specifies extra commands to run before kubeadm runs. + With cloud-init, this is prepended to the runcmd module configuration, and is typically executed in + the cloud-final.service systemd unit. In Ignition, this is prepended to /etc/kubeadm.sh. + items: + maxLength: 10240 + minLength: 1 + type: string + maxItems: 1000 + type: array + useExperimentalRetryJoin: + description: |- + useExperimentalRetryJoin replaces a basic kubeadm command with a shell + script with retries for joins. + + This is meant to be an experimental temporary workaround on some environments + where joins fail due to timing (and other issues). The long term goal is to add retries to + kubeadm proper and use that functionality. + + This will add about 40KB to userdata + + For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. + + Deprecated: This experimental fix is no longer needed and this field will be removed in a future release. + When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml + type: boolean + users: + description: users specifies extra users to add + items: + description: User defines the input for a generated user + in cloud-init. + properties: + gecos: + description: gecos specifies the gecos to use for the + user + maxLength: 256 + minLength: 1 + type: string + groups: + description: groups specifies the additional groups + for the user + maxLength: 256 + minLength: 1 + type: string + homeDir: + description: homeDir specifies the home directory to + use for the user + maxLength: 256 + minLength: 1 + type: string + inactive: + description: inactive specifies whether to mark the + user as inactive + type: boolean + lockPassword: + description: lockPassword specifies if password login + should be disabled + type: boolean + name: + description: name specifies the user name + maxLength: 256 + minLength: 1 + type: string + passwd: + description: passwd specifies a hashed password for + the user + maxLength: 256 + minLength: 1 + type: string + passwdFrom: + description: passwdFrom is a referenced source of passwd + to populate the passwd. + properties: + secret: + description: secret represents a secret that should + populate this password. + properties: + key: + description: key is the key in the secret's + data map for this value. + maxLength: 256 + minLength: 1 + type: string + name: + description: name of the secret in the KubeadmBootstrapConfig's + namespace to use. + maxLength: 253 + minLength: 1 + type: string + required: + - key + - name + type: object + required: + - secret + type: object + primaryGroup: + description: primaryGroup specifies the primary group + for the user + maxLength: 256 + minLength: 1 + type: string + shell: + description: shell specifies the user's shell + maxLength: 256 + minLength: 1 + type: string + sshAuthorizedKeys: + description: sshAuthorizedKeys specifies a list of ssh + authorized keys for the user + items: + maxLength: 2048 + minLength: 1 + type: string + maxItems: 100 + type: array + sudo: + description: sudo specifies a sudo role for the user + maxLength: 256 + minLength: 1 + type: string + required: + - name + type: object + maxItems: 100 + type: array + verbosity: + description: |- + verbosity is the number for the kubeadm log level verbosity. + It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + type: object + required: + - template + type: object + type: object + served: true + storage: false + subresources: {} + - additionalPrinterColumns: + - description: Name of the ClusterClass owning this template + jsonPath: .metadata.ownerReferences[?(@.kind=="ClusterClass")].name + name: ClusterClass + type: string + - description: Name of the Cluster owning this template + jsonPath: .metadata.ownerReferences[?(@.kind=="Cluster")].name + name: Cluster + type: string + - description: Time duration since creation of KubeadmConfigTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the desired state of KubeadmConfigTemplate. + properties: + template: + description: template defines the desired state of KubeadmConfigTemplate. + minProperties: 1 + properties: + metadata: + description: |- + metadata is the standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + minProperties: 1 + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: spec is the desired state of KubeadmConfig. + minProperties: 1 + properties: + bootCommands: + description: |- + bootCommands specifies extra commands to run very early in the boot process via the cloud-init bootcmd + module. bootcmd will run on every boot, 'cloud-init-per' command can be used to make bootcmd run exactly + once. This is typically run in the cloud-init.service systemd unit. This has no effect in Ignition. + items: + maxLength: 10240 + minLength: 1 + type: string + maxItems: 1000 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + clusterConfiguration: + description: clusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + minProperties: 1 + properties: + apiServer: + description: apiServer contains extra settings for the + API server control plane component + minProperties: 1 + properties: + certSANs: + description: certSANs sets extra Subject Alternative + Names for the API Server signing cert. + items: + maxLength: 253 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + extraArgs: + description: |- + extraArgs is a list of args to pass to the control plane component. + The arg name must match the command line flag name except without leading dash(es). + Extra arguments will override existing default arguments set by kubeadm. + items: + description: Arg represents an argument with a name + and a value. + properties: + name: + description: name is the Name of the extraArg. + maxLength: 256 + minLength: 1 + type: string + value: + description: value is the Value of the extraArg. + maxLength: 1024 + minLength: 0 + type: string + required: + - name + - value + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + - value + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: extraArgs name must be unique + rule: self.all(x, self.exists_one(y, x.name == y.name)) + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to the control plane component. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + extraVolumes: + description: extraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: |- + HostPathMount contains elements describing volumes that are mounted from the + host. + properties: + hostPath: + description: |- + hostPath is the path in the host that will be mounted inside + the pod. + maxLength: 512 + minLength: 1 + type: string + mountPath: + description: mountPath is the path inside the + pod where hostPath will be mounted. + maxLength: 512 + minLength: 1 + type: string + name: + description: name of the volume inside the pod + template. + maxLength: 512 + minLength: 1 + type: string + pathType: + description: pathType is the type of the HostPath. + type: string + readOnly: + description: readOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + caCertificateValidityPeriodDays: + description: |- + caCertificateValidityPeriodDays specifies the validity period for CA certificates generated by Cluster API. + If not specified, Cluster API will use a default of 3650 days (10 years). + This field cannot be modified. + format: int32 + maximum: 36500 + minimum: 1 + type: integer + certificateValidityPeriodDays: + description: |- + certificateValidityPeriodDays specifies the validity period for non-CA certificates generated by kubeadm. + If not specified, kubeadm will use a default of 365 days (1 year). + This field is only supported with Kubernetes v1.31 or above. + format: int32 + maximum: 1095 + minimum: 1 + type: integer + certificatesDir: + description: |- + certificatesDir specifies where to store or look for all required certificates. + NB: if not provided, this will default to `/etc/kubernetes/pki` + maxLength: 512 + minLength: 1 + type: string + controlPlaneEndpoint: + description: |- + controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it + can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. + In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort + are used; in case the ControlPlaneEndpoint is specified but without a TCP port, + the BindPort is used. + Possible usages are: + e.g. In a cluster with more than one control plane instances, this field should be + assigned the address of the external load balancer in front of the + control plane instances. + e.g. in environments with enforced node recycling, the ControlPlaneEndpoint + could be used for assigning a stable DNS to the control plane. + NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. + maxLength: 512 + minLength: 1 + type: string + controllerManager: + description: controllerManager contains extra settings + for the controller manager control plane component + minProperties: 1 + properties: + extraArgs: + description: |- + extraArgs is a list of args to pass to the control plane component. + The arg name must match the command line flag name except without leading dash(es). + Extra arguments will override existing default arguments set by kubeadm. + items: + description: Arg represents an argument with a name + and a value. + properties: + name: + description: name is the Name of the extraArg. + maxLength: 256 + minLength: 1 + type: string + value: + description: value is the Value of the extraArg. + maxLength: 1024 + minLength: 0 + type: string + required: + - name + - value + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + - value + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: extraArgs name must be unique + rule: self.all(x, self.exists_one(y, x.name == y.name)) + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to the control plane component. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + extraVolumes: + description: extraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: |- + HostPathMount contains elements describing volumes that are mounted from the + host. + properties: + hostPath: + description: |- + hostPath is the path in the host that will be mounted inside + the pod. + maxLength: 512 + minLength: 1 + type: string + mountPath: + description: mountPath is the path inside the + pod where hostPath will be mounted. + maxLength: 512 + minLength: 1 + type: string + name: + description: name of the volume inside the pod + template. + maxLength: 512 + minLength: 1 + type: string + pathType: + description: pathType is the type of the HostPath. + type: string + readOnly: + description: readOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + dns: + description: dns defines the options for the DNS add-on + installed in the cluster. + minProperties: 1 + properties: + imageRepository: + description: |- + imageRepository sets the container registry to pull images from. + if not set, the ImageRepository defined in ClusterConfiguration will be used instead. + maxLength: 512 + minLength: 1 + type: string + imageTag: + description: |- + imageTag allows to specify a tag for the image. + In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. + maxLength: 256 + minLength: 1 + type: string + type: object + etcd: + description: |- + etcd holds configuration for etcd. + NB: This value defaults to a Local (stacked) etcd + minProperties: 1 + properties: + external: + description: |- + external describes how to connect to an external etcd cluster + Local and External are mutually exclusive + properties: + caFile: + description: |- + caFile is an SSL Certificate Authority file used to secure etcd communication. + Required if using a TLS connection. + maxLength: 512 + minLength: 1 + type: string + certFile: + description: |- + certFile is an SSL certification file used to secure etcd communication. + Required if using a TLS connection. + maxLength: 512 + minLength: 1 + type: string + endpoints: + description: endpoints of etcd members. Required + for ExternalEtcd. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + keyFile: + description: |- + keyFile is an SSL key file used to secure etcd communication. + Required if using a TLS connection. + maxLength: 512 + minLength: 1 + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: |- + local provides configuration knobs for configuring the local etcd instance + Local and External are mutually exclusive + minProperties: 1 + properties: + dataDir: + description: |- + dataDir is the directory etcd will place its data. + Defaults to "/var/lib/etcd". + maxLength: 512 + minLength: 1 + type: string + extraArgs: + description: |- + extraArgs is a list of args to pass to etcd. + The arg name must match the command line flag name except without leading dash(es). + Extra arguments will override existing default arguments set by kubeadm. + items: + description: Arg represents an argument with + a name and a value. + properties: + name: + description: name is the Name of the extraArg. + maxLength: 256 + minLength: 1 + type: string + value: + description: value is the Value of the extraArg. + maxLength: 1024 + minLength: 0 + type: string + required: + - name + - value + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + - value + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: extraArgs name must be unique + rule: self.all(x, self.exists_one(y, x.name + == y.name)) + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to etcd. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + imageRepository: + description: |- + imageRepository sets the container registry to pull images from. + if not set, the ImageRepository defined in ClusterConfiguration will be used instead. + maxLength: 512 + minLength: 1 + type: string + imageTag: + description: |- + imageTag allows to specify a tag for the image. + In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. + maxLength: 256 + minLength: 1 + type: string + peerCertSANs: + description: peerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + maxLength: 253 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + serverCertSANs: + description: serverCertSANs sets extra Subject + Alternative Names for the etcd server signing + cert. + items: + maxLength: 253 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: featureGates enabled by the user. + type: object + imageRepository: + description: |- + imageRepository sets the container registry to pull images from. + * If not set, the default registry of kubeadm will be used, i.e. + * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 + * k8s.gcr.io (old registry): all older versions + Please note that when imageRepository is not set we don't allow upgrades to + versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use + a newer patch version with the new registry instead (i.e. >= v1.22.17, + >= v1.23.15, >= v1.24.9, >= v1.25.0). + * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) + `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components + and for kube-proxy, while `registry.k8s.io` will be used for all the other images. + maxLength: 512 + minLength: 1 + type: string + scheduler: + description: scheduler contains extra settings for the + scheduler control plane component + minProperties: 1 + properties: + extraArgs: + description: |- + extraArgs is a list of args to pass to the control plane component. + The arg name must match the command line flag name except without leading dash(es). + Extra arguments will override existing default arguments set by kubeadm. + items: + description: Arg represents an argument with a name + and a value. + properties: + name: + description: name is the Name of the extraArg. + maxLength: 256 + minLength: 1 + type: string + value: + description: value is the Value of the extraArg. + maxLength: 1024 + minLength: 0 + type: string + required: + - name + - value + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + - value + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: extraArgs name must be unique + rule: self.all(x, self.exists_one(y, x.name == y.name)) + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to the control plane component. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + extraVolumes: + description: extraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: |- + HostPathMount contains elements describing volumes that are mounted from the + host. + properties: + hostPath: + description: |- + hostPath is the path in the host that will be mounted inside + the pod. + maxLength: 512 + minLength: 1 + type: string + mountPath: + description: mountPath is the path inside the + pod where hostPath will be mounted. + maxLength: 512 + minLength: 1 + type: string + name: + description: name of the volume inside the pod + template. + maxLength: 512 + minLength: 1 + type: string + pathType: + description: pathType is the type of the HostPath. + type: string + readOnly: + description: readOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + type: object + diskSetup: + description: diskSetup specifies options for the creation + of partition tables and file systems on devices. + minProperties: 1 + properties: + filesystems: + description: filesystems specifies the list of file systems + to setup. + items: + description: Filesystem defines the file systems to + be created. + properties: + device: + description: device specifies the device name + maxLength: 256 + minLength: 1 + type: string + extraOpts: + description: extraOpts defined extra options to + add to the command for creating the file system. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + type: array + x-kubernetes-list-type: atomic + filesystem: + description: filesystem specifies the file system + type. + maxLength: 128 + minLength: 1 + type: string + label: + description: label specifies the file system label + to be used. If set to None, no label is used. + maxLength: 512 + minLength: 1 + type: string + overwrite: + description: |- + overwrite defines whether or not to overwrite any existing filesystem. + If true, any pre-existing file system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'partition specifies the partition + to use. The valid options are: "auto|any", "auto", + "any", "none", and , where NUM is the actual + partition number.' + maxLength: 128 + minLength: 1 + type: string + replaceFS: + description: |- + replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . + NOTE: unless you define a label, this requires the use of the 'any' partition directive. + maxLength: 128 + minLength: 1 + type: string + required: + - device + - filesystem + type: object + maxItems: 100 + type: array + x-kubernetes-list-type: atomic + partitions: + description: partitions specifies the list of the partitions + to setup. + items: + description: Partition defines how to create and layout + a partition. + properties: + device: + description: device is the name of the device. + maxLength: 256 + minLength: 1 + type: string + layout: + description: |- + layout specifies the device layout. + If it is true, a single partition will be created for the entire device. + When layout is false, it means don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: |- + overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. + Use with caution. Default is 'false'. + type: boolean + tableType: + description: |- + tableType specifies the tupe of partition table. The following are supported: + 'mbr': default and setups a MS-DOS partition table + 'gpt': setups a GPT partition table + enum: + - mbr + - gpt + type: string + required: + - device + - layout + type: object + maxItems: 100 + type: array + x-kubernetes-list-type: atomic + type: object + files: + description: files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + append: + description: append specifies whether to append Content + to existing file if Path exists. + type: boolean + content: + description: content is the actual content of the file. + maxLength: 10240 + minLength: 1 + type: string + contentFrom: + description: contentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: secret represents a secret that should + populate this file. + properties: + key: + description: key is the key in the secret's + data map for this value. + maxLength: 256 + minLength: 1 + type: string + name: + description: name of the secret in the KubeadmBootstrapConfig's + namespace to use. + maxLength: 253 + minLength: 1 + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: encoding specifies the encoding of the + file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: owner specifies the ownership of the file, + e.g. "root:root". + maxLength: 256 + minLength: 1 + type: string + path: + description: path specifies the full path on disk where + to store the file. + maxLength: 512 + minLength: 1 + type: string + permissions: + description: permissions specifies the permissions to + assign to the file, e.g. "0640". + maxLength: 16 + minLength: 1 + type: string + required: + - path + type: object + maxItems: 200 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + format: + description: |- + format specifies the output format of the bootstrap data. + Defaults to cloud-config if not set. + enum: + - cloud-config + - ignition + type: string + ignition: + description: ignition contains Ignition specific configuration. + minProperties: 1 + properties: + containerLinuxConfig: + description: containerLinuxConfig contains CLC specific + configuration. + minProperties: 1 + properties: + additionalConfig: + description: |- + additionalConfig contains additional configuration to be merged with the Ignition + configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging + + The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + maxLength: 32768 + minLength: 1 + type: string + strict: + description: strict controls if AdditionalConfig should + be strictly parsed. If so, warnings are treated + as errors. + type: boolean + type: object + type: object + initConfiguration: + description: initConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + minProperties: 1 + properties: + bootstrapTokens: + description: |- + bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. + This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap + token, stored as a Secret in the cluster. + properties: + description: + description: |- + description sets a human-friendly message why this token exists and what it's used + for, so other administrators can know its purpose. + maxLength: 512 + minLength: 1 + type: string + expires: + description: |- + expires specifies the timestamp when this token expires. Defaults to being set + dynamically at runtime based on the ttlSeconds. Expires and ttlSeconds are mutually exclusive. + format: date-time + type: string + groups: + description: |- + groups specifies the extra groups that this token will authenticate as when/if + used for authentication + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + token: + description: |- + token is used for establishing bidirectional trust between nodes and control-planes. + Used for joining nodes in the cluster. + maxLength: 23 + minLength: 1 + type: string + ttlSeconds: + description: |- + ttlSeconds defines the time to live for this token. Defaults to 24h. + Expires and ttlSeconds are mutually exclusive. + format: int32 + minimum: 0 + type: integer + usages: + description: |- + usages describes the ways in which this token can be used. Can by default be used + for establishing bidirectional trust, but that can be changed here. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + required: + - token + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + localAPIEndpoint: + description: |- + localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node + In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint + is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This + configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible + on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process + fails you may set the desired value here. + minProperties: 1 + properties: + advertiseAddress: + description: advertiseAddress sets the IP address + for the API server to advertise. + maxLength: 39 + minLength: 1 + type: string + bindPort: + description: |- + bindPort sets the secure port for the API Server to bind to. + Defaults to 6443. + format: int32 + minimum: 1 + type: integer + type: object + nodeRegistration: + description: |- + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + minProperties: 1 + properties: + criSocket: + description: criSocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + maxLength: 512 + minLength: 1 + type: string + ignorePreflightErrors: + description: |- + ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered, e.g. 'IsPrivilegedUser,Swap'. + Value 'all' ignores errors from all checks. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + imagePullPolicy: + description: |- + imagePullPolicy specifies the policy for image pulling + during kubeadm "init" and "join" operations. The value of + this field must be one of "Always", "IfNotPresent" or + "Never". Defaults to "IfNotPresent" if not set. + enum: + - Always + - IfNotPresent + - Never + type: string + imagePullSerial: + description: |- + imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. + This option takes effect only on Kubernetes >=1.31.0. + Default: true (defaulted in kubeadm) + type: boolean + kubeletExtraArgs: + description: |- + kubeletExtraArgs is a list of args to pass to kubelet. + The arg name must match the command line flag name except without leading dash(es). + Extra arguments will override existing default arguments set by kubeadm. + items: + description: Arg represents an argument with a name + and a value. + properties: + name: + description: name is the Name of the extraArg. + maxLength: 256 + minLength: 1 + type: string + value: + description: value is the Value of the extraArg. + maxLength: 1024 + minLength: 0 + type: string + required: + - name + - value + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + - value + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: kubeletExtraArgs name must be unique + rule: self.all(x, self.exists_one(y, x.name == y.name)) + name: + description: |- + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field of the kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + maxLength: 253 + minLength: 1 + type: string + taints: + description: |- + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an + empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. + items: + description: |- + The node this Taint is attached to has the "effect" on + any pod that does not tolerate the Taint. + properties: + effect: + description: |- + Required. The effect of the taint on pods + that do not tolerate the taint. + Valid effects are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: |- + TimeAdded represents the time at which the taint was added. + It is only written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to + the taint key. + type: string + required: + - effect + - key + type: object + maxItems: 100 + minItems: 0 + type: array + type: object + patches: + description: |- + patches contains options related to applying patches to components deployed by kubeadm during + "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22 + minProperties: 1 + properties: + directory: + description: |- + directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of + "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one + of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. + The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". + "suffix" is an optional string that can be used to determine which patches are applied + first alpha-numerically. + These files can be written into the target directory via KubeadmConfig.Files which + specifies additional files to be created on the machine, either with content inline or + by referencing a secret. + maxLength: 512 + minLength: 1 + type: string + type: object + skipPhases: + description: |- + skipPhases is a list of phases to skip during command execution. + The list of phases can be obtained with the "kubeadm init --help" command. + This option takes effect only on Kubernetes >=1.22.0. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + timeouts: + description: timeouts holds various timeouts that apply + to kubeadm commands. + minProperties: 1 + properties: + controlPlaneComponentHealthCheckSeconds: + description: |- + controlPlaneComponentHealthCheckSeconds is the amount of time to wait for a control plane + component, such as the API server, to be healthy during "kubeadm init" and "kubeadm join". + If not set, it defaults to 4m (240s). + format: int32 + minimum: 0 + type: integer + discoverySeconds: + description: |- + discoverySeconds is the amount of time to wait for kubeadm to validate the API server identity + for a joining node. + If not set, it defaults to 5m (300s). + format: int32 + minimum: 0 + type: integer + etcdAPICallSeconds: + description: |- + etcdAPICallSeconds is the amount of time to wait for the kubeadm etcd client to complete a request to + the etcd cluster. + If not set, it defaults to 2m (120s). + format: int32 + minimum: 0 + type: integer + kubeletHealthCheckSeconds: + description: |- + kubeletHealthCheckSeconds is the amount of time to wait for the kubelet to be healthy + during "kubeadm init" and "kubeadm join". + If not set, it defaults to 4m (240s). + format: int32 + minimum: 0 + type: integer + kubernetesAPICallSeconds: + description: |- + kubernetesAPICallSeconds is the amount of time to wait for the kubeadm client to complete a request to + the API server. This applies to all types of methods (GET, POST, etc). + If not set, it defaults to 1m (60s). + format: int32 + minimum: 0 + type: integer + tlsBootstrapSeconds: + description: |- + tlsBootstrapSeconds is the amount of time to wait for the kubelet to complete TLS bootstrap + for a joining node. + If not set, it defaults to 5m (300s). + format: int32 + minimum: 0 + type: integer + type: object + type: object + joinConfiguration: + description: joinConfiguration is the kubeadm configuration + for the join command + minProperties: 1 + properties: + caCertPath: + description: |- + caCertPath is the path to the SSL certificate authority used to + secure communications between node and control-plane. + Defaults to "/etc/kubernetes/pki/ca.crt". + maxLength: 512 + minLength: 1 + type: string + controlPlane: + description: |- + controlPlane defines the additional control plane instance to be deployed on the joining node. + If nil, no additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: localAPIEndpoint represents the endpoint + of the API server instance to be deployed on this + node. + minProperties: 1 + properties: + advertiseAddress: + description: advertiseAddress sets the IP address + for the API server to advertise. + maxLength: 39 + minLength: 1 + type: string + bindPort: + description: |- + bindPort sets the secure port for the API Server to bind to. + Defaults to 6443. + format: int32 + minimum: 1 + type: integer + type: object + type: object + discovery: + description: discovery specifies the options for the kubelet + to use during the TLS Bootstrap process + minProperties: 1 + properties: + bootstrapToken: + description: |- + bootstrapToken is used to set the options for bootstrap token based discovery + BootstrapToken and File are mutually exclusive + minProperties: 1 + properties: + apiServerEndpoint: + description: apiServerEndpoint is an IP or domain + name to the API server from which info will + be fetched. + maxLength: 512 + minLength: 1 + type: string + caCertHashes: + description: |- + caCertHashes specifies a set of public key pins to verify + when token-based discovery is used. The root CA found during discovery + must match one of these values. Specifying an empty set disables root CA + pinning, which can be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". This is a hex-encoded + SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded + ASN.1. These hashes can be calculated using, for example, OpenSSL: + openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + token: + description: |- + token is a token used to validate cluster information + fetched from the control-plane. + maxLength: 512 + minLength: 1 + type: string + unsafeSkipCAVerification: + description: |- + unsafeSkipCAVerification allows token-based discovery + without CA verification via CACertHashes. This can weaken + the security of kubeadm since other nodes can impersonate the control-plane. + type: boolean + type: object + file: + description: |- + file is used to specify a file or URL to a kubeconfig file from which to load cluster information + BootstrapToken and File are mutually exclusive + properties: + kubeConfig: + description: |- + kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information. + The file is generated at the path specified in KubeConfigPath. + + Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint. + Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret. + properties: + cluster: + description: |- + cluster contains information about how to communicate with the kubernetes cluster. + + By default the following fields are automatically populated: + - Server with the Cluster's ControlPlaneEndpoint. + - CertificateAuthorityData with the Cluster's CA certificate. + minProperties: 1 + properties: + certificateAuthorityData: + description: |- + certificateAuthorityData contains PEM-encoded certificate authority certificates. + + Defaults to the Cluster's CA certificate if empty. + format: byte + maxLength: 51200 + minLength: 1 + type: string + insecureSkipTLSVerify: + description: insecureSkipTLSVerify skips + the validity check for the server's + certificate. This will make your HTTPS + connections insecure. + type: boolean + proxyURL: + description: |- + proxyURL is the URL to the proxy to be used for all requests made by this + client. URLs with "http", "https", and "socks5" schemes are supported. If + this configuration is not provided or the empty string, the client + attempts to construct a proxy configuration from http_proxy and + https_proxy environment variables. If these environment variables are not + set, the client does not attempt to proxy requests. + + socks5 proxying does not currently support spdy streaming endpoints (exec, + attach, port forward). + maxLength: 512 + minLength: 1 + type: string + server: + description: |- + server is the address of the kubernetes cluster (https://hostname:port). + + Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint. + maxLength: 512 + minLength: 1 + type: string + tlsServerName: + description: tlsServerName is used to + check server certificate. If TLSServerName + is empty, the hostname used to contact + the server is used. + maxLength: 512 + minLength: 1 + type: string + type: object + user: + description: |- + user contains information that describes identity information. + This is used to tell the kubernetes cluster who you are. + minProperties: 1 + properties: + authProvider: + description: authProvider specifies a + custom authentication plugin for the + kubernetes cluster. + properties: + config: + additionalProperties: + type: string + description: config holds the parameters + for the authentication plugin. + type: object + name: + description: name is the name of the + authentication plugin. + maxLength: 256 + minLength: 1 + type: string + required: + - name + type: object + exec: + description: exec specifies a custom exec-based + authentication plugin for the kubernetes + cluster. + properties: + apiVersion: + description: |- + apiVersion is preferred input version of the ExecInfo. The returned ExecCredentials MUST use + the same encoding version as the input. + Defaults to client.authentication.k8s.io/v1 if not set. + maxLength: 512 + minLength: 1 + type: string + args: + description: args is the arguments + to pass to the command when executing + it. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + command: + description: command to execute. + maxLength: 1024 + minLength: 1 + type: string + env: + description: |- + env defines additional environment variables to expose to the process. These + are unioned with the host's environment, as well as variables client-go uses + to pass argument to the plugin. + items: + description: |- + KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based + credential plugin. + properties: + name: + description: name of the environment + variable + maxLength: 512 + minLength: 1 + type: string + value: + description: value of the environment + variable + maxLength: 512 + minLength: 1 + type: string + required: + - name + - value + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + provideClusterInfo: + description: |- + provideClusterInfo determines whether or not to provide cluster information, + which could potentially contain very large CA data, to this exec plugin as a + part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set + to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for + reading this environment variable. + type: boolean + required: + - command + type: object + type: object + required: + - user + type: object + kubeConfigPath: + description: kubeConfigPath is used to specify + the actual file path or URL to the kubeconfig + file from which to load cluster information + maxLength: 512 + minLength: 1 + type: string + required: + - kubeConfigPath + type: object + tlsBootstrapToken: + description: |- + tlsBootstrapToken is a token used for TLS bootstrapping. + If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. + If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information + maxLength: 512 + minLength: 1 + type: string + type: object + nodeRegistration: + description: |- + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + minProperties: 1 + properties: + criSocket: + description: criSocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + maxLength: 512 + minLength: 1 + type: string + ignorePreflightErrors: + description: |- + ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered, e.g. 'IsPrivilegedUser,Swap'. + Value 'all' ignores errors from all checks. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + imagePullPolicy: + description: |- + imagePullPolicy specifies the policy for image pulling + during kubeadm "init" and "join" operations. The value of + this field must be one of "Always", "IfNotPresent" or + "Never". Defaults to "IfNotPresent" if not set. + enum: + - Always + - IfNotPresent + - Never + type: string + imagePullSerial: + description: |- + imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. + This option takes effect only on Kubernetes >=1.31.0. + Default: true (defaulted in kubeadm) + type: boolean + kubeletExtraArgs: + description: |- + kubeletExtraArgs is a list of args to pass to kubelet. + The arg name must match the command line flag name except without leading dash(es). + Extra arguments will override existing default arguments set by kubeadm. + items: + description: Arg represents an argument with a name + and a value. + properties: + name: + description: name is the Name of the extraArg. + maxLength: 256 + minLength: 1 + type: string + value: + description: value is the Value of the extraArg. + maxLength: 1024 + minLength: 0 + type: string + required: + - name + - value + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + - value + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: kubeletExtraArgs name must be unique + rule: self.all(x, self.exists_one(y, x.name == y.name)) + name: + description: |- + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field of the kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + maxLength: 253 + minLength: 1 + type: string + taints: + description: |- + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an + empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. + items: + description: |- + The node this Taint is attached to has the "effect" on + any pod that does not tolerate the Taint. + properties: + effect: + description: |- + Required. The effect of the taint on pods + that do not tolerate the taint. + Valid effects are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: |- + TimeAdded represents the time at which the taint was added. + It is only written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to + the taint key. + type: string + required: + - effect + - key + type: object + maxItems: 100 + minItems: 0 + type: array + type: object + patches: + description: |- + patches contains options related to applying patches to components deployed by kubeadm during + "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22 + minProperties: 1 + properties: + directory: + description: |- + directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of + "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one + of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. + The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". + "suffix" is an optional string that can be used to determine which patches are applied + first alpha-numerically. + These files can be written into the target directory via KubeadmConfig.Files which + specifies additional files to be created on the machine, either with content inline or + by referencing a secret. + maxLength: 512 + minLength: 1 + type: string + type: object + skipPhases: + description: |- + skipPhases is a list of phases to skip during command execution. + The list of phases can be obtained with the "kubeadm init --help" command. + This option takes effect only on Kubernetes >=1.22.0. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + timeouts: + description: timeouts holds various timeouts that apply + to kubeadm commands. + minProperties: 1 + properties: + controlPlaneComponentHealthCheckSeconds: + description: |- + controlPlaneComponentHealthCheckSeconds is the amount of time to wait for a control plane + component, such as the API server, to be healthy during "kubeadm init" and "kubeadm join". + If not set, it defaults to 4m (240s). + format: int32 + minimum: 0 + type: integer + discoverySeconds: + description: |- + discoverySeconds is the amount of time to wait for kubeadm to validate the API server identity + for a joining node. + If not set, it defaults to 5m (300s). + format: int32 + minimum: 0 + type: integer + etcdAPICallSeconds: + description: |- + etcdAPICallSeconds is the amount of time to wait for the kubeadm etcd client to complete a request to + the etcd cluster. + If not set, it defaults to 2m (120s). + format: int32 + minimum: 0 + type: integer + kubeletHealthCheckSeconds: + description: |- + kubeletHealthCheckSeconds is the amount of time to wait for the kubelet to be healthy + during "kubeadm init" and "kubeadm join". + If not set, it defaults to 4m (240s). + format: int32 + minimum: 0 + type: integer + kubernetesAPICallSeconds: + description: |- + kubernetesAPICallSeconds is the amount of time to wait for the kubeadm client to complete a request to + the API server. This applies to all types of methods (GET, POST, etc). + If not set, it defaults to 1m (60s). + format: int32 + minimum: 0 + type: integer + tlsBootstrapSeconds: + description: |- + tlsBootstrapSeconds is the amount of time to wait for the kubelet to complete TLS bootstrap + for a joining node. + If not set, it defaults to 5m (300s). + format: int32 + minimum: 0 + type: integer + type: object + type: object + mounts: + description: mounts specifies a list of mount points to be + setup. + items: + description: MountPoints defines input for generated mounts + in cloud-init. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + ntp: + description: ntp specifies NTP configuration + minProperties: 1 + properties: + enabled: + description: enabled specifies whether NTP should be enabled + type: boolean + servers: + description: servers specifies which NTP servers to use + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 100 + type: array + x-kubernetes-list-type: atomic + type: object + postKubeadmCommands: + description: |- + postKubeadmCommands specifies extra commands to run after kubeadm runs. + With cloud-init, this is appended to the runcmd module configuration, and is typically executed in + the cloud-final.service systemd unit. In Ignition, this is appended to /etc/kubeadm.sh. + items: + maxLength: 10240 + minLength: 1 + type: string + maxItems: 1000 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + preKubeadmCommands: + description: |- + preKubeadmCommands specifies extra commands to run before kubeadm runs. + With cloud-init, this is prepended to the runcmd module configuration, and is typically executed in + the cloud-final.service systemd unit. In Ignition, this is prepended to /etc/kubeadm.sh. + items: + maxLength: 10240 + minLength: 1 + type: string + maxItems: 1000 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + users: + description: users specifies extra users to add + items: + description: User defines the input for a generated user + in cloud-init. + properties: + gecos: + description: gecos specifies the gecos to use for the + user + maxLength: 256 + minLength: 1 + type: string + groups: + description: groups specifies the additional groups + for the user + maxLength: 256 + minLength: 1 + type: string + homeDir: + description: homeDir specifies the home directory to + use for the user + maxLength: 256 + minLength: 1 + type: string + inactive: + description: inactive specifies whether to mark the + user as inactive + type: boolean + lockPassword: + description: lockPassword specifies if password login + should be disabled + type: boolean + name: + description: name specifies the user name + maxLength: 256 + minLength: 1 + type: string + passwd: + description: passwd specifies a hashed password for + the user + maxLength: 256 + minLength: 1 + type: string + passwdFrom: + description: passwdFrom is a referenced source of passwd + to populate the passwd. + properties: + secret: + description: secret represents a secret that should + populate this password. + properties: + key: + description: key is the key in the secret's + data map for this value. + maxLength: 256 + minLength: 1 + type: string + name: + description: name of the secret in the KubeadmBootstrapConfig's + namespace to use. + maxLength: 253 + minLength: 1 + type: string + required: + - key + - name + type: object + required: + - secret + type: object + primaryGroup: + description: primaryGroup specifies the primary group + for the user + maxLength: 256 + minLength: 1 + type: string + shell: + description: shell specifies the user's shell + maxLength: 256 + minLength: 1 + type: string + sshAuthorizedKeys: + description: sshAuthorizedKeys specifies a list of ssh + authorized keys for the user + items: + maxLength: 2048 + minLength: 1 + type: string + maxItems: 100 + type: array + x-kubernetes-list-type: atomic + sudo: + description: sudo specifies a sudo role for the user + maxLength: 256 + minLength: 1 + type: string + required: + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + verbosity: + description: |- + verbosity is the number for the kubeadm log level verbosity. + It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + type: object + required: + - template + type: object + type: object + served: true + storage: true + subresources: {} + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-manager + namespace: capi-kubeadm-bootstrap-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-leader-election-role + namespace: capi-kubeadm-bootstrap-system + rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-manager-role + rules: + - apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resourceNames: + - kubeadmconfigs.bootstrap.cluster.x-k8s.io + - kubeadmconfigtemplates.bootstrap.cluster.x-k8s.io + resources: + - customresourcedefinitions + - customresourcedefinitions/status + verbs: + - patch + - update + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - bootstrap.cluster.x-k8s.io + resources: + - kubeadmconfigs + - kubeadmconfigs/finalizers + - kubeadmconfigs/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - bootstrap.cluster.x-k8s.io + resources: + - kubeadmconfigtemplates + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + - machinepools + - machinepools/status + - machines + - machines/status + - machinesets + verbs: + - get + - list + - watch + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-leader-election-rolebinding + namespace: capi-kubeadm-bootstrap-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capi-kubeadm-bootstrap-leader-election-role + subjects: + - kind: ServiceAccount + name: capi-kubeadm-bootstrap-manager + namespace: capi-kubeadm-bootstrap-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-manager-rolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capi-kubeadm-bootstrap-manager-role + subjects: + - kind: ServiceAccount + name: capi-kubeadm-bootstrap-manager + namespace: capi-kubeadm-bootstrap-system + --- + apiVersion: v1 + kind: Service + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system + spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: bootstrap-kubeadm + --- + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + control-plane: controller-manager + name: capi-kubeadm-bootstrap-controller-manager + namespace: capi-kubeadm-bootstrap-system + spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + control-plane: controller-manager + template: + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + control-plane: controller-manager + spec: + containers: + - args: + - --leader-elect + - --diagnostics-address=${CAPI_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${CAPI_INSECURE_DIAGNOSTICS:=false} + - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=true},KubeadmBootstrapFormatIgnition=${EXP_KUBEADM_BOOTSTRAP_FORMAT_IGNITION:=false},PriorityQueue=${EXP_PRIORITY_QUEUE:=false} + - --bootstrap-token-ttl=${KUBEADM_BOOTSTRAP_TOKEN_TTL:=15m} + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + image: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.11.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: capi-kubeadm-bootstrap-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + secretName: capi-kubeadm-bootstrap-webhook-service-cert + --- + apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-serving-cert + namespace: capi-kubeadm-bootstrap-system + spec: + dnsNames: + - capi-kubeadm-bootstrap-webhook-service.capi-kubeadm-bootstrap-system.svc + - capi-kubeadm-bootstrap-webhook-service.capi-kubeadm-bootstrap-system.svc.cluster.local + issuerRef: + kind: Issuer + name: capi-kubeadm-bootstrap-selfsigned-issuer + secretName: capi-kubeadm-bootstrap-webhook-service-cert + subject: + organizations: + - k8s-sig-cluster-lifecycle + --- + apiVersion: cert-manager.io/v1 + kind: Issuer + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-selfsigned-issuer + namespace: capi-kubeadm-bootstrap-system + spec: + selfSigned: {} + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: MutatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-mutating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system + path: /mutate-bootstrap-cluster-x-k8s-io-v1beta2-kubeadmconfigtemplate + failurePolicy: Fail + name: default.kubeadmconfigtemplate.bootstrap.cluster.x-k8s.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - kubeadmconfigtemplates + sideEffects: None + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-validating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system + path: /validate-bootstrap-cluster-x-k8s-io-v1beta2-kubeadmconfig + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.kubeadmconfig.bootstrap.cluster.x-k8s.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - kubeadmconfigs + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system + path: /validate-bootstrap-cluster-x-k8s-io-v1beta2-kubeadmconfigtemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.kubeadmconfigtemplate.bootstrap.cluster.x-k8s.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - kubeadmconfigtemplates + sideEffects: None + metadata: | + apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 + kind: Metadata + releaseSeries: + - major: 1 + minor: 11 + contract: v1beta2 + - major: 1 + minor: 10 + contract: v1beta1 + - major: 1 + minor: 9 + contract: v1beta1 + - major: 1 + minor: 8 + contract: v1beta1 + - major: 1 + minor: 7 + contract: v1beta1 + - major: 1 + minor: 6 + contract: v1beta1 + - major: 1 + minor: 5 + contract: v1beta1 + - major: 1 + minor: 4 + contract: v1beta1 + - major: 1 + minor: 3 + contract: v1beta1 + - major: 1 + minor: 2 + contract: v1beta1 + - major: 1 + minor: 1 + contract: v1beta1 + - major: 1 + minor: 0 + contract: v1beta1 +kind: ConfigMap +metadata: + labels: + provider.cluster.x-k8s.io/name: kubeadm + provider.cluster.x-k8s.io/type: bootstrap + provider.cluster.x-k8s.io/version: v1.11.0 + name: bootstrap-kubeadm-v1.11.0 + namespace: capi-kubeadm-bootstrap-system diff --git a/test/e2e/resources/bootstrap-kubeadm-v1.7.7.yaml b/test/e2e/resources/bootstrap-kubeadm-v1.7.7.yaml deleted file mode 100644 index 0b97937fe..000000000 --- a/test/e2e/resources/bootstrap-kubeadm-v1.7.7.yaml +++ /dev/null @@ -1,6975 +0,0 @@ -apiVersion: v1 -data: - components: | - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert - controller-gen.kubebuilder.io/version: v0.14.0 - labels: - cluster.x-k8s.io/provider: bootstrap-kubeadm - cluster.x-k8s.io/v1beta1: v1beta1 - name: kubeadmconfigs.bootstrap.cluster.x-k8s.io - spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-kubeadm-bootstrap-webhook-service - namespace: capi-kubeadm-bootstrap-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: bootstrap.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: KubeadmConfig - listKind: KubeadmConfigList - plural: kubeadmconfigs - singular: kubeadmconfig - scope: Namespaced - versions: - - deprecated: true - name: v1alpha3 - schema: - openAPIV3Schema: - description: |- - KubeadmConfig is the Schema for the kubeadmconfigs API. - - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: |- - KubeadmConfigSpec defines the desired state of KubeadmConfig. - Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined. - properties: - clusterConfiguration: - description: ClusterConfiguration along with InitConfiguration are - the configurations necessary for the init command - properties: - apiServer: - description: APIServer contains extra settings for the API server - control plane component - properties: - certSANs: - description: CertSANs sets extra Subject Alternative Names - for the API Server signing cert. - items: - type: string - type: array - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the pod where - hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - timeoutForControlPlane: - description: TimeoutForControlPlane controls the timeout that - we use for API server to appear - type: string - type: object - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - certificatesDir: - description: |- - CertificatesDir specifies where to store or look for all required certificates. - NB: if not provided, this will default to `/etc/kubernetes/pki` - type: string - clusterName: - description: The cluster name - type: string - controlPlaneEndpoint: - description: |- - ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it - can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. - In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort - are used; in case the ControlPlaneEndpoint is specified but without a TCP port, - the BindPort is used. - Possible usages are: - e.g. In a cluster with more than one control plane instances, this field should be - assigned the address of the external load balancer in front of the - control plane instances. - e.g. in environments with enforced node recycling, the ControlPlaneEndpoint - could be used for assigning a stable DNS to the control plane. - NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. - type: string - controllerManager: - description: ControllerManager contains extra settings for the - controller manager control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the pod where - hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - dns: - description: DNS defines the options for the DNS add-on installed - in the cluster. - properties: - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - ImageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - type: - description: Type defines the DNS add-on to be used - type: string - type: object - etcd: - description: |- - Etcd holds configuration for etcd. - NB: This value defaults to a Local (stacked) etcd - properties: - external: - description: |- - External describes how to connect to an external etcd cluster - Local and External are mutually exclusive - properties: - caFile: - description: |- - CAFile is an SSL Certificate Authority file used to secure etcd communication. - Required if using a TLS connection. - type: string - certFile: - description: |- - CertFile is an SSL certification file used to secure etcd communication. - Required if using a TLS connection. - type: string - endpoints: - description: Endpoints of etcd members. Required for ExternalEtcd. - items: - type: string - type: array - keyFile: - description: |- - KeyFile is an SSL key file used to secure etcd communication. - Required if using a TLS connection. - type: string - required: - - caFile - - certFile - - endpoints - - keyFile - type: object - local: - description: |- - Local provides configuration knobs for configuring the local etcd instance - Local and External are mutually exclusive - properties: - dataDir: - description: |- - DataDir is the directory etcd will place its data. - Defaults to "/var/lib/etcd". - type: string - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs are extra arguments provided to the etcd binary - when run inside a static pod. - type: object - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - ImageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - peerCertSANs: - description: PeerCertSANs sets extra Subject Alternative - Names for the etcd peer signing cert. - items: - type: string - type: array - serverCertSANs: - description: ServerCertSANs sets extra Subject Alternative - Names for the etcd server signing cert. - items: - type: string - type: array - type: object - type: object - featureGates: - additionalProperties: - type: boolean - description: FeatureGates enabled by the user. - type: object - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - If empty, `k8s.gcr.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) - `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `k8s.gcr.io` - will be used for all the other images. - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - kubernetesVersion: - description: |- - KubernetesVersion is the target version of the control plane. - NB: This value defaults to the Machine object spec.version - type: string - networking: - description: |- - Networking holds configuration for the networking topology of the cluster. - NB: This value defaults to the Cluster object spec.clusterNetwork. - properties: - dnsDomain: - description: DNSDomain is the dns domain used by k8s services. - Defaults to "cluster.local". - type: string - podSubnet: - description: |- - PodSubnet is the subnet used by pods. - If unset, the API server will not allocate CIDR ranges for every node. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set - type: string - serviceSubnet: - description: |- - ServiceSubnet is the subnet used by k8s services. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or - to "10.96.0.0/12" if that's unset. - type: string - type: object - scheduler: - description: Scheduler contains extra settings for the scheduler - control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the pod where - hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - useHyperKubeImage: - description: UseHyperKubeImage controls if hyperkube should be - used for Kubernetes components instead of their respective separate - images - type: boolean - type: object - diskSetup: - description: DiskSetup specifies options for the creation of partition - tables and file systems on devices. - properties: - filesystems: - description: Filesystems specifies the list of file systems to - setup. - items: - description: Filesystem defines the file systems to be created. - properties: - device: - description: Device specifies the device name - type: string - extraOpts: - description: ExtraOpts defined extra options to add to the - command for creating the file system. - items: - type: string - type: array - filesystem: - description: Filesystem specifies the file system type. - type: string - label: - description: Label specifies the file system label to be - used. If set to None, no label is used. - type: string - overwrite: - description: |- - Overwrite defines whether or not to overwrite any existing filesystem. - If true, any pre-existing file system will be destroyed. Use with Caution. - type: boolean - partition: - description: 'Partition specifies the partition to use. - The valid options are: "auto|any", "auto", "any", "none", - and , where NUM is the actual partition number.' - type: string - replaceFS: - description: |- - ReplaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . - NOTE: unless you define a label, this requires the use of the 'any' partition directive. - type: string - required: - - device - - filesystem - - label - type: object - type: array - partitions: - description: Partitions specifies the list of the partitions to - setup. - items: - description: Partition defines how to create and layout a partition. - properties: - device: - description: Device is the name of the device. - type: string - layout: - description: |- - Layout specifies the device layout. - If it is true, a single partition will be created for the entire device. - When layout is false, it means don't partition or ignore existing partitioning. - type: boolean - overwrite: - description: |- - Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. - Use with caution. Default is 'false'. - type: boolean - tableType: - description: |- - TableType specifies the tupe of partition table. The following are supported: - 'mbr': default and setups a MS-DOS partition table - 'gpt': setups a GPT partition table - type: string - required: - - device - - layout - type: object - type: array - type: object - files: - description: Files specifies extra files to be passed to user_data - upon creation. - items: - description: File defines the input for generating write_files in - cloud-init. - properties: - content: - description: Content is the actual content of the file. - type: string - contentFrom: - description: ContentFrom is a referenced source of content to - populate the file. - properties: - secret: - description: Secret represents a secret that should populate - this file. - properties: - key: - description: Key is the key in the secret's data map - for this value. - type: string - name: - description: Name of the secret in the KubeadmBootstrapConfig's - namespace to use. - type: string - required: - - key - - name - type: object - required: - - secret - type: object - encoding: - description: Encoding specifies the encoding of the file contents. - enum: - - base64 - - gzip - - gzip+base64 - type: string - owner: - description: Owner specifies the ownership of the file, e.g. - "root:root". - type: string - path: - description: Path specifies the full path on disk where to store - the file. - type: string - permissions: - description: Permissions specifies the permissions to assign - to the file, e.g. "0640". - type: string - required: - - path - type: object - type: array - format: - description: Format specifies the output format of the bootstrap data - enum: - - cloud-config - type: string - initConfiguration: - description: InitConfiguration along with ClusterConfiguration are - the configurations necessary for the init command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - bootstrapTokens: - description: |- - BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. - This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature - items: - description: BootstrapToken describes one bootstrap token, stored - as a Secret in the cluster. - properties: - description: - description: |- - Description sets a human-friendly message why this token exists and what it's used - for, so other administrators can know its purpose. - type: string - expires: - description: |- - Expires specifies the timestamp when this token expires. Defaults to being set - dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. - format: date-time - type: string - groups: - description: |- - Groups specifies the extra groups that this token will authenticate as when/if - used for authentication - items: - type: string - type: array - token: - description: |- - Token is used for establishing bidirectional trust between nodes and control-planes. - Used for joining nodes in the cluster. - type: string - ttl: - description: |- - TTL defines the time to live for this token. Defaults to 24h. - Expires and TTL are mutually exclusive. - type: string - usages: - description: |- - Usages describes the ways in which this token can be used. Can by default be used - for establishing bidirectional trust, but that can be changed here. - items: - type: string - type: array - required: - - token - type: object - type: array - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - localAPIEndpoint: - description: |- - LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node - In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint - is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This - configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible - on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process - fails you may set the desired value here. - properties: - advertiseAddress: - description: AdvertiseAddress sets the IP address for the - API server to advertise. - type: string - bindPort: - description: |- - BindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - required: - - advertiseAddress - - bindPort - type: object - nodeRegistration: - description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: CRISocket is used to retrieve container runtime - info. This information will be annotated to the Node API - object, for later re-use - type: string - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied to - a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to the taint - key. - type: string - required: - - effect - - key - type: object - type: array - type: object - type: object - joinConfiguration: - description: JoinConfiguration is the kubeadm configuration for the - join command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - caCertPath: - description: |- - CACertPath is the path to the SSL certificate authority used to - secure comunications between node and control-plane. - Defaults to "/etc/kubernetes/pki/ca.crt". - TODO: revisit when there is defaulting from k/k - type: string - controlPlane: - description: |- - ControlPlane defines the additional control plane instance to be deployed on the joining node. - If nil, no additional control plane instance will be deployed. - properties: - localAPIEndpoint: - description: LocalAPIEndpoint represents the endpoint of the - API server instance to be deployed on this node. - properties: - advertiseAddress: - description: AdvertiseAddress sets the IP address for - the API server to advertise. - type: string - bindPort: - description: |- - BindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - required: - - advertiseAddress - - bindPort - type: object - type: object - discovery: - description: |- - Discovery specifies the options for the kubelet to use during the TLS Bootstrap process - TODO: revisit when there is defaulting from k/k - properties: - bootstrapToken: - description: |- - BootstrapToken is used to set the options for bootstrap token based discovery - BootstrapToken and File are mutually exclusive - properties: - apiServerEndpoint: - description: APIServerEndpoint is an IP or domain name - to the API server from which info will be fetched. - type: string - caCertHashes: - description: |- - CACertHashes specifies a set of public key pins to verify - when token-based discovery is used. The root CA found during discovery - must match one of these values. Specifying an empty set disables root CA - pinning, which can be unsafe. Each hash is specified as ":", - where the only currently supported type is "sha256". This is a hex-encoded - SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded - ASN.1. These hashes can be calculated using, for example, OpenSSL: - openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex - items: - type: string - type: array - token: - description: |- - Token is a token used to validate cluster information - fetched from the control-plane. - type: string - unsafeSkipCAVerification: - description: |- - UnsafeSkipCAVerification allows token-based discovery - without CA verification via CACertHashes. This can weaken - the security of kubeadm since other nodes can impersonate the control-plane. - type: boolean - required: - - token - - unsafeSkipCAVerification - type: object - file: - description: |- - File is used to specify a file or URL to a kubeconfig file from which to load cluster information - BootstrapToken and File are mutually exclusive - properties: - kubeConfigPath: - description: KubeConfigPath is used to specify the actual - file path or URL to the kubeconfig file from which to - load cluster information - type: string - required: - - kubeConfigPath - type: object - timeout: - description: Timeout modifies the discovery timeout - type: string - tlsBootstrapToken: - description: |- - TLSBootstrapToken is a token used for TLS bootstrapping. - If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. - If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information - TODO: revisit when there is defaulting from k/k - type: string - type: object - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - nodeRegistration: - description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: CRISocket is used to retrieve container runtime - info. This information will be annotated to the Node API - object, for later re-use - type: string - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied to - a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to the taint - key. - type: string - required: - - effect - - key - type: object - type: array - type: object - type: object - mounts: - description: Mounts specifies a list of mount points to be setup. - items: - description: MountPoints defines input for generated mounts in cloud-init. - items: - type: string - type: array - type: array - ntp: - description: NTP specifies NTP configuration - properties: - enabled: - description: Enabled specifies whether NTP should be enabled - type: boolean - servers: - description: Servers specifies which NTP servers to use - items: - type: string - type: array - type: object - postKubeadmCommands: - description: PostKubeadmCommands specifies extra commands to run after - kubeadm runs - items: - type: string - type: array - preKubeadmCommands: - description: PreKubeadmCommands specifies extra commands to run before - kubeadm runs - items: - type: string - type: array - useExperimentalRetryJoin: - description: |- - UseExperimentalRetryJoin replaces a basic kubeadm command with a shell - script with retries for joins. - - - This is meant to be an experimental temporary workaround on some environments - where joins fail due to timing (and other issues). The long term goal is to add retries to - kubeadm proper and use that functionality. - - - This will add about 40KB to userdata - - - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. - type: boolean - users: - description: Users specifies extra users to add - items: - description: User defines the input for a generated user in cloud-init. - properties: - gecos: - description: Gecos specifies the gecos to use for the user - type: string - groups: - description: Groups specifies the additional groups for the - user - type: string - homeDir: - description: HomeDir specifies the home directory to use for - the user - type: string - inactive: - description: Inactive specifies whether to mark the user as - inactive - type: boolean - lockPassword: - description: LockPassword specifies if password login should - be disabled - type: boolean - name: - description: Name specifies the user name - type: string - passwd: - description: Passwd specifies a hashed password for the user - type: string - primaryGroup: - description: PrimaryGroup specifies the primary group for the - user - type: string - shell: - description: Shell specifies the user's shell - type: string - sshAuthorizedKeys: - description: SSHAuthorizedKeys specifies a list of ssh authorized - keys for the user - items: - type: string - type: array - sudo: - description: Sudo specifies a sudo role for the user - type: string - required: - - name - type: object - type: array - verbosity: - description: |- - Verbosity is the number for the kubeadm log level verbosity. - It overrides the `--v` flag in kubeadm commands. - format: int32 - type: integer - type: object - status: - description: KubeadmConfigStatus defines the observed state of KubeadmConfig. - properties: - bootstrapData: - description: |- - BootstrapData will be a cloud-init script for now. - - - Deprecated: Switch to DataSecretName. - format: byte - type: string - conditions: - description: Conditions defines current service state of the KubeadmConfig. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - dataSecretName: - description: DataSecretName is the name of the secret that stores - the bootstrap data script. - type: string - failureMessage: - description: FailureMessage will be set on non-retryable errors - type: string - failureReason: - description: FailureReason will be set on non-retryable errors - type: string - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - ready: - description: Ready indicates the BootstrapData field is ready to be - consumed - type: boolean - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Time duration since creation of KubeadmConfig - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - name: v1alpha4 - schema: - openAPIV3Schema: - description: |- - KubeadmConfig is the Schema for the kubeadmconfigs API. - - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: |- - KubeadmConfigSpec defines the desired state of KubeadmConfig. - Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined. - properties: - clusterConfiguration: - description: ClusterConfiguration along with InitConfiguration are - the configurations necessary for the init command - properties: - apiServer: - description: APIServer contains extra settings for the API server - control plane component - properties: - certSANs: - description: CertSANs sets extra Subject Alternative Names - for the API Server signing cert. - items: - type: string - type: array - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the pod where - hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - timeoutForControlPlane: - description: TimeoutForControlPlane controls the timeout that - we use for API server to appear - type: string - type: object - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - certificatesDir: - description: |- - CertificatesDir specifies where to store or look for all required certificates. - NB: if not provided, this will default to `/etc/kubernetes/pki` - type: string - clusterName: - description: The cluster name - type: string - controlPlaneEndpoint: - description: |- - ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it - can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. - In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort - are used; in case the ControlPlaneEndpoint is specified but without a TCP port, - the BindPort is used. - Possible usages are: - e.g. In a cluster with more than one control plane instances, this field should be - assigned the address of the external load balancer in front of the - control plane instances. - e.g. in environments with enforced node recycling, the ControlPlaneEndpoint - could be used for assigning a stable DNS to the control plane. - NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. - type: string - controllerManager: - description: ControllerManager contains extra settings for the - controller manager control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the pod where - hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - dns: - description: DNS defines the options for the DNS add-on installed - in the cluster. - properties: - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - ImageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - type: object - etcd: - description: |- - Etcd holds configuration for etcd. - NB: This value defaults to a Local (stacked) etcd - properties: - external: - description: |- - External describes how to connect to an external etcd cluster - Local and External are mutually exclusive - properties: - caFile: - description: |- - CAFile is an SSL Certificate Authority file used to secure etcd communication. - Required if using a TLS connection. - type: string - certFile: - description: |- - CertFile is an SSL certification file used to secure etcd communication. - Required if using a TLS connection. - type: string - endpoints: - description: Endpoints of etcd members. Required for ExternalEtcd. - items: - type: string - type: array - keyFile: - description: |- - KeyFile is an SSL key file used to secure etcd communication. - Required if using a TLS connection. - type: string - required: - - caFile - - certFile - - endpoints - - keyFile - type: object - local: - description: |- - Local provides configuration knobs for configuring the local etcd instance - Local and External are mutually exclusive - properties: - dataDir: - description: |- - DataDir is the directory etcd will place its data. - Defaults to "/var/lib/etcd". - type: string - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs are extra arguments provided to the etcd binary - when run inside a static pod. - type: object - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - ImageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - peerCertSANs: - description: PeerCertSANs sets extra Subject Alternative - Names for the etcd peer signing cert. - items: - type: string - type: array - serverCertSANs: - description: ServerCertSANs sets extra Subject Alternative - Names for the etcd server signing cert. - items: - type: string - type: array - type: object - type: object - featureGates: - additionalProperties: - type: boolean - description: FeatureGates enabled by the user. - type: object - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - If empty, `registry.k8s.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) - `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `registry.k8s.io` - will be used for all the other images. - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - kubernetesVersion: - description: |- - KubernetesVersion is the target version of the control plane. - NB: This value defaults to the Machine object spec.version - type: string - networking: - description: |- - Networking holds configuration for the networking topology of the cluster. - NB: This value defaults to the Cluster object spec.clusterNetwork. - properties: - dnsDomain: - description: DNSDomain is the dns domain used by k8s services. - Defaults to "cluster.local". - type: string - podSubnet: - description: |- - PodSubnet is the subnet used by pods. - If unset, the API server will not allocate CIDR ranges for every node. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set - type: string - serviceSubnet: - description: |- - ServiceSubnet is the subnet used by k8s services. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or - to "10.96.0.0/12" if that's unset. - type: string - type: object - scheduler: - description: Scheduler contains extra settings for the scheduler - control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the pod where - hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - type: object - diskSetup: - description: DiskSetup specifies options for the creation of partition - tables and file systems on devices. - properties: - filesystems: - description: Filesystems specifies the list of file systems to - setup. - items: - description: Filesystem defines the file systems to be created. - properties: - device: - description: Device specifies the device name - type: string - extraOpts: - description: ExtraOpts defined extra options to add to the - command for creating the file system. - items: - type: string - type: array - filesystem: - description: Filesystem specifies the file system type. - type: string - label: - description: Label specifies the file system label to be - used. If set to None, no label is used. - type: string - overwrite: - description: |- - Overwrite defines whether or not to overwrite any existing filesystem. - If true, any pre-existing file system will be destroyed. Use with Caution. - type: boolean - partition: - description: 'Partition specifies the partition to use. - The valid options are: "auto|any", "auto", "any", "none", - and , where NUM is the actual partition number.' - type: string - replaceFS: - description: |- - ReplaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . - NOTE: unless you define a label, this requires the use of the 'any' partition directive. - type: string - required: - - device - - filesystem - - label - type: object - type: array - partitions: - description: Partitions specifies the list of the partitions to - setup. - items: - description: Partition defines how to create and layout a partition. - properties: - device: - description: Device is the name of the device. - type: string - layout: - description: |- - Layout specifies the device layout. - If it is true, a single partition will be created for the entire device. - When layout is false, it means don't partition or ignore existing partitioning. - type: boolean - overwrite: - description: |- - Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. - Use with caution. Default is 'false'. - type: boolean - tableType: - description: |- - TableType specifies the tupe of partition table. The following are supported: - 'mbr': default and setups a MS-DOS partition table - 'gpt': setups a GPT partition table - type: string - required: - - device - - layout - type: object - type: array - type: object - files: - description: Files specifies extra files to be passed to user_data - upon creation. - items: - description: File defines the input for generating write_files in - cloud-init. - properties: - content: - description: Content is the actual content of the file. - type: string - contentFrom: - description: ContentFrom is a referenced source of content to - populate the file. - properties: - secret: - description: Secret represents a secret that should populate - this file. - properties: - key: - description: Key is the key in the secret's data map - for this value. - type: string - name: - description: Name of the secret in the KubeadmBootstrapConfig's - namespace to use. - type: string - required: - - key - - name - type: object - required: - - secret - type: object - encoding: - description: Encoding specifies the encoding of the file contents. - enum: - - base64 - - gzip - - gzip+base64 - type: string - owner: - description: Owner specifies the ownership of the file, e.g. - "root:root". - type: string - path: - description: Path specifies the full path on disk where to store - the file. - type: string - permissions: - description: Permissions specifies the permissions to assign - to the file, e.g. "0640". - type: string - required: - - path - type: object - type: array - format: - description: Format specifies the output format of the bootstrap data - enum: - - cloud-config - type: string - initConfiguration: - description: InitConfiguration along with ClusterConfiguration are - the configurations necessary for the init command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - bootstrapTokens: - description: |- - BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. - This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature - items: - description: BootstrapToken describes one bootstrap token, stored - as a Secret in the cluster. - properties: - description: - description: |- - Description sets a human-friendly message why this token exists and what it's used - for, so other administrators can know its purpose. - type: string - expires: - description: |- - Expires specifies the timestamp when this token expires. Defaults to being set - dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. - format: date-time - type: string - groups: - description: |- - Groups specifies the extra groups that this token will authenticate as when/if - used for authentication - items: - type: string - type: array - token: - description: |- - Token is used for establishing bidirectional trust between nodes and control-planes. - Used for joining nodes in the cluster. - type: string - ttl: - description: |- - TTL defines the time to live for this token. Defaults to 24h. - Expires and TTL are mutually exclusive. - type: string - usages: - description: |- - Usages describes the ways in which this token can be used. Can by default be used - for establishing bidirectional trust, but that can be changed here. - items: - type: string - type: array - required: - - token - type: object - type: array - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - localAPIEndpoint: - description: |- - LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node - In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint - is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This - configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible - on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process - fails you may set the desired value here. - properties: - advertiseAddress: - description: AdvertiseAddress sets the IP address for the - API server to advertise. - type: string - bindPort: - description: |- - BindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - nodeRegistration: - description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: CRISocket is used to retrieve container runtime - info. This information will be annotated to the Node API - object, for later re-use - type: string - ignorePreflightErrors: - description: IgnorePreflightErrors provides a slice of pre-flight - errors to be ignored when the current node is registered. - items: - type: string - type: array - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied to - a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to the taint - key. - type: string - required: - - effect - - key - type: object - type: array - type: object - type: object - joinConfiguration: - description: JoinConfiguration is the kubeadm configuration for the - join command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - caCertPath: - description: |- - CACertPath is the path to the SSL certificate authority used to - secure comunications between node and control-plane. - Defaults to "/etc/kubernetes/pki/ca.crt". - TODO: revisit when there is defaulting from k/k - type: string - controlPlane: - description: |- - ControlPlane defines the additional control plane instance to be deployed on the joining node. - If nil, no additional control plane instance will be deployed. - properties: - localAPIEndpoint: - description: LocalAPIEndpoint represents the endpoint of the - API server instance to be deployed on this node. - properties: - advertiseAddress: - description: AdvertiseAddress sets the IP address for - the API server to advertise. - type: string - bindPort: - description: |- - BindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - type: object - discovery: - description: |- - Discovery specifies the options for the kubelet to use during the TLS Bootstrap process - TODO: revisit when there is defaulting from k/k - properties: - bootstrapToken: - description: |- - BootstrapToken is used to set the options for bootstrap token based discovery - BootstrapToken and File are mutually exclusive - properties: - apiServerEndpoint: - description: APIServerEndpoint is an IP or domain name - to the API server from which info will be fetched. - type: string - caCertHashes: - description: |- - CACertHashes specifies a set of public key pins to verify - when token-based discovery is used. The root CA found during discovery - must match one of these values. Specifying an empty set disables root CA - pinning, which can be unsafe. Each hash is specified as ":", - where the only currently supported type is "sha256". This is a hex-encoded - SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded - ASN.1. These hashes can be calculated using, for example, OpenSSL: - openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex - items: - type: string - type: array - token: - description: |- - Token is a token used to validate cluster information - fetched from the control-plane. - type: string - unsafeSkipCAVerification: - description: |- - UnsafeSkipCAVerification allows token-based discovery - without CA verification via CACertHashes. This can weaken - the security of kubeadm since other nodes can impersonate the control-plane. - type: boolean - required: - - token - type: object - file: - description: |- - File is used to specify a file or URL to a kubeconfig file from which to load cluster information - BootstrapToken and File are mutually exclusive - properties: - kubeConfigPath: - description: KubeConfigPath is used to specify the actual - file path or URL to the kubeconfig file from which to - load cluster information - type: string - required: - - kubeConfigPath - type: object - timeout: - description: Timeout modifies the discovery timeout - type: string - tlsBootstrapToken: - description: |- - TLSBootstrapToken is a token used for TLS bootstrapping. - If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. - If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information - type: string - type: object - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - nodeRegistration: - description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: CRISocket is used to retrieve container runtime - info. This information will be annotated to the Node API - object, for later re-use - type: string - ignorePreflightErrors: - description: IgnorePreflightErrors provides a slice of pre-flight - errors to be ignored when the current node is registered. - items: - type: string - type: array - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied to - a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to the taint - key. - type: string - required: - - effect - - key - type: object - type: array - type: object - type: object - mounts: - description: Mounts specifies a list of mount points to be setup. - items: - description: MountPoints defines input for generated mounts in cloud-init. - items: - type: string - type: array - type: array - ntp: - description: NTP specifies NTP configuration - properties: - enabled: - description: Enabled specifies whether NTP should be enabled - type: boolean - servers: - description: Servers specifies which NTP servers to use - items: - type: string - type: array - type: object - postKubeadmCommands: - description: PostKubeadmCommands specifies extra commands to run after - kubeadm runs - items: - type: string - type: array - preKubeadmCommands: - description: PreKubeadmCommands specifies extra commands to run before - kubeadm runs - items: - type: string - type: array - useExperimentalRetryJoin: - description: |- - UseExperimentalRetryJoin replaces a basic kubeadm command with a shell - script with retries for joins. - - - This is meant to be an experimental temporary workaround on some environments - where joins fail due to timing (and other issues). The long term goal is to add retries to - kubeadm proper and use that functionality. - - - This will add about 40KB to userdata - - - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. - type: boolean - users: - description: Users specifies extra users to add - items: - description: User defines the input for a generated user in cloud-init. - properties: - gecos: - description: Gecos specifies the gecos to use for the user - type: string - groups: - description: Groups specifies the additional groups for the - user - type: string - homeDir: - description: HomeDir specifies the home directory to use for - the user - type: string - inactive: - description: Inactive specifies whether to mark the user as - inactive - type: boolean - lockPassword: - description: LockPassword specifies if password login should - be disabled - type: boolean - name: - description: Name specifies the user name - type: string - passwd: - description: Passwd specifies a hashed password for the user - type: string - primaryGroup: - description: PrimaryGroup specifies the primary group for the - user - type: string - shell: - description: Shell specifies the user's shell - type: string - sshAuthorizedKeys: - description: SSHAuthorizedKeys specifies a list of ssh authorized - keys for the user - items: - type: string - type: array - sudo: - description: Sudo specifies a sudo role for the user - type: string - required: - - name - type: object - type: array - verbosity: - description: |- - Verbosity is the number for the kubeadm log level verbosity. - It overrides the `--v` flag in kubeadm commands. - format: int32 - type: integer - type: object - status: - description: KubeadmConfigStatus defines the observed state of KubeadmConfig. - properties: - conditions: - description: Conditions defines current service state of the KubeadmConfig. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - dataSecretName: - description: DataSecretName is the name of the secret that stores - the bootstrap data script. - type: string - failureMessage: - description: FailureMessage will be set on non-retryable errors - type: string - failureReason: - description: FailureReason will be set on non-retryable errors - type: string - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - ready: - description: Ready indicates the BootstrapData field is ready to be - consumed - type: boolean - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Cluster - jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name'] - name: Cluster - type: string - - description: Time duration since creation of KubeadmConfig - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: KubeadmConfig is the Schema for the kubeadmconfigs API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: |- - KubeadmConfigSpec defines the desired state of KubeadmConfig. - Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined. - properties: - clusterConfiguration: - description: ClusterConfiguration along with InitConfiguration are - the configurations necessary for the init command - properties: - apiServer: - description: APIServer contains extra settings for the API server - control plane component - properties: - certSANs: - description: CertSANs sets extra Subject Alternative Names - for the API Server signing cert. - items: - type: string - type: array - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the pod where - hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - timeoutForControlPlane: - description: TimeoutForControlPlane controls the timeout that - we use for API server to appear - type: string - type: object - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - certificatesDir: - description: |- - CertificatesDir specifies where to store or look for all required certificates. - NB: if not provided, this will default to `/etc/kubernetes/pki` - type: string - clusterName: - description: The cluster name - type: string - controlPlaneEndpoint: - description: |- - ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it - can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. - In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort - are used; in case the ControlPlaneEndpoint is specified but without a TCP port, - the BindPort is used. - Possible usages are: - e.g. In a cluster with more than one control plane instances, this field should be - assigned the address of the external load balancer in front of the - control plane instances. - e.g. in environments with enforced node recycling, the ControlPlaneEndpoint - could be used for assigning a stable DNS to the control plane. - NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. - type: string - controllerManager: - description: ControllerManager contains extra settings for the - controller manager control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the pod where - hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - dns: - description: DNS defines the options for the DNS add-on installed - in the cluster. - properties: - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - ImageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - type: object - etcd: - description: |- - Etcd holds configuration for etcd. - NB: This value defaults to a Local (stacked) etcd - properties: - external: - description: |- - External describes how to connect to an external etcd cluster - Local and External are mutually exclusive - properties: - caFile: - description: |- - CAFile is an SSL Certificate Authority file used to secure etcd communication. - Required if using a TLS connection. - type: string - certFile: - description: |- - CertFile is an SSL certification file used to secure etcd communication. - Required if using a TLS connection. - type: string - endpoints: - description: Endpoints of etcd members. Required for ExternalEtcd. - items: - type: string - type: array - keyFile: - description: |- - KeyFile is an SSL key file used to secure etcd communication. - Required if using a TLS connection. - type: string - required: - - caFile - - certFile - - endpoints - - keyFile - type: object - local: - description: |- - Local provides configuration knobs for configuring the local etcd instance - Local and External are mutually exclusive - properties: - dataDir: - description: |- - DataDir is the directory etcd will place its data. - Defaults to "/var/lib/etcd". - type: string - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs are extra arguments provided to the etcd binary - when run inside a static pod. - type: object - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - ImageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - peerCertSANs: - description: PeerCertSANs sets extra Subject Alternative - Names for the etcd peer signing cert. - items: - type: string - type: array - serverCertSANs: - description: ServerCertSANs sets extra Subject Alternative - Names for the etcd server signing cert. - items: - type: string - type: array - type: object - type: object - featureGates: - additionalProperties: - type: boolean - description: FeatureGates enabled by the user. - type: object - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - * If not set, the default registry of kubeadm will be used, i.e. - * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 - * k8s.gcr.io (old registry): all older versions - Please note that when imageRepository is not set we don't allow upgrades to - versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use - a newer patch version with the new registry instead (i.e. >= v1.22.17, - >= v1.23.15, >= v1.24.9, >= v1.25.0). - * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) - `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components - and for kube-proxy, while `registry.k8s.io` will be used for all the other images. - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - kubernetesVersion: - description: |- - KubernetesVersion is the target version of the control plane. - NB: This value defaults to the Machine object spec.version - type: string - networking: - description: |- - Networking holds configuration for the networking topology of the cluster. - NB: This value defaults to the Cluster object spec.clusterNetwork. - properties: - dnsDomain: - description: DNSDomain is the dns domain used by k8s services. - Defaults to "cluster.local". - type: string - podSubnet: - description: |- - PodSubnet is the subnet used by pods. - If unset, the API server will not allocate CIDR ranges for every node. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set - type: string - serviceSubnet: - description: |- - ServiceSubnet is the subnet used by k8s services. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or - to "10.96.0.0/12" if that's unset. - type: string - type: object - scheduler: - description: Scheduler contains extra settings for the scheduler - control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the pod where - hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - type: object - diskSetup: - description: DiskSetup specifies options for the creation of partition - tables and file systems on devices. - properties: - filesystems: - description: Filesystems specifies the list of file systems to - setup. - items: - description: Filesystem defines the file systems to be created. - properties: - device: - description: Device specifies the device name - type: string - extraOpts: - description: ExtraOpts defined extra options to add to the - command for creating the file system. - items: - type: string - type: array - filesystem: - description: Filesystem specifies the file system type. - type: string - label: - description: Label specifies the file system label to be - used. If set to None, no label is used. - type: string - overwrite: - description: |- - Overwrite defines whether or not to overwrite any existing filesystem. - If true, any pre-existing file system will be destroyed. Use with Caution. - type: boolean - partition: - description: 'Partition specifies the partition to use. - The valid options are: "auto|any", "auto", "any", "none", - and , where NUM is the actual partition number.' - type: string - replaceFS: - description: |- - ReplaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . - NOTE: unless you define a label, this requires the use of the 'any' partition directive. - type: string - required: - - device - - filesystem - - label - type: object - type: array - partitions: - description: Partitions specifies the list of the partitions to - setup. - items: - description: Partition defines how to create and layout a partition. - properties: - device: - description: Device is the name of the device. - type: string - layout: - description: |- - Layout specifies the device layout. - If it is true, a single partition will be created for the entire device. - When layout is false, it means don't partition or ignore existing partitioning. - type: boolean - overwrite: - description: |- - Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. - Use with caution. Default is 'false'. - type: boolean - tableType: - description: |- - TableType specifies the tupe of partition table. The following are supported: - 'mbr': default and setups a MS-DOS partition table - 'gpt': setups a GPT partition table - type: string - required: - - device - - layout - type: object - type: array - type: object - files: - description: Files specifies extra files to be passed to user_data - upon creation. - items: - description: File defines the input for generating write_files in - cloud-init. - properties: - append: - description: Append specifies whether to append Content to existing - file if Path exists. - type: boolean - content: - description: Content is the actual content of the file. - type: string - contentFrom: - description: ContentFrom is a referenced source of content to - populate the file. - properties: - secret: - description: Secret represents a secret that should populate - this file. - properties: - key: - description: Key is the key in the secret's data map - for this value. - type: string - name: - description: Name of the secret in the KubeadmBootstrapConfig's - namespace to use. - type: string - required: - - key - - name - type: object - required: - - secret - type: object - encoding: - description: Encoding specifies the encoding of the file contents. - enum: - - base64 - - gzip - - gzip+base64 - type: string - owner: - description: Owner specifies the ownership of the file, e.g. - "root:root". - type: string - path: - description: Path specifies the full path on disk where to store - the file. - type: string - permissions: - description: Permissions specifies the permissions to assign - to the file, e.g. "0640". - type: string - required: - - path - type: object - type: array - format: - description: Format specifies the output format of the bootstrap data - enum: - - cloud-config - - ignition - type: string - ignition: - description: Ignition contains Ignition specific configuration. - properties: - containerLinuxConfig: - description: ContainerLinuxConfig contains CLC specific configuration. - properties: - additionalConfig: - description: |- - AdditionalConfig contains additional configuration to be merged with the Ignition - configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging - - - The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ - type: string - strict: - description: Strict controls if AdditionalConfig should be - strictly parsed. If so, warnings are treated as errors. - type: boolean - type: object - type: object - initConfiguration: - description: InitConfiguration along with ClusterConfiguration are - the configurations necessary for the init command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - bootstrapTokens: - description: |- - BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. - This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature - items: - description: BootstrapToken describes one bootstrap token, stored - as a Secret in the cluster. - properties: - description: - description: |- - Description sets a human-friendly message why this token exists and what it's used - for, so other administrators can know its purpose. - type: string - expires: - description: |- - Expires specifies the timestamp when this token expires. Defaults to being set - dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. - format: date-time - type: string - groups: - description: |- - Groups specifies the extra groups that this token will authenticate as when/if - used for authentication - items: - type: string - type: array - token: - description: |- - Token is used for establishing bidirectional trust between nodes and control-planes. - Used for joining nodes in the cluster. - type: string - ttl: - description: |- - TTL defines the time to live for this token. Defaults to 24h. - Expires and TTL are mutually exclusive. - type: string - usages: - description: |- - Usages describes the ways in which this token can be used. Can by default be used - for establishing bidirectional trust, but that can be changed here. - items: - type: string - type: array - required: - - token - type: object - type: array - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - localAPIEndpoint: - description: |- - LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node - In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint - is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This - configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible - on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process - fails you may set the desired value here. - properties: - advertiseAddress: - description: AdvertiseAddress sets the IP address for the - API server to advertise. - type: string - bindPort: - description: |- - BindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - nodeRegistration: - description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: CRISocket is used to retrieve container runtime - info. This information will be annotated to the Node API - object, for later re-use - type: string - ignorePreflightErrors: - description: IgnorePreflightErrors provides a slice of pre-flight - errors to be ignored when the current node is registered. - items: - type: string - type: array - imagePullPolicy: - description: |- - ImagePullPolicy specifies the policy for image pulling - during kubeadm "init" and "join" operations. The value of - this field must be one of "Always", "IfNotPresent" or - "Never". Defaults to "IfNotPresent". This can be used only - with Kubernetes version equal to 1.22 and later. - enum: - - Always - - IfNotPresent - - Never - type: string - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied to - a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to the taint - key. - type: string - required: - - effect - - key - type: object - type: array - type: object - patches: - description: |- - Patches contains options related to applying patches to components deployed by kubeadm during - "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22 - properties: - directory: - description: |- - Directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". - For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of - "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one - of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. - The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". - "suffix" is an optional string that can be used to determine which patches are applied - first alpha-numerically. - These files can be written into the target directory via KubeadmConfig.Files which - specifies additional files to be created on the machine, either with content inline or - by referencing a secret. - type: string - type: object - skipPhases: - description: |- - SkipPhases is a list of phases to skip during command execution. - The list of phases can be obtained with the "kubeadm init --help" command. - This option takes effect only on Kubernetes >=1.22.0. - items: - type: string - type: array - type: object - joinConfiguration: - description: JoinConfiguration is the kubeadm configuration for the - join command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - caCertPath: - description: |- - CACertPath is the path to the SSL certificate authority used to - secure comunications between node and control-plane. - Defaults to "/etc/kubernetes/pki/ca.crt". - TODO: revisit when there is defaulting from k/k - type: string - controlPlane: - description: |- - ControlPlane defines the additional control plane instance to be deployed on the joining node. - If nil, no additional control plane instance will be deployed. - properties: - localAPIEndpoint: - description: LocalAPIEndpoint represents the endpoint of the - API server instance to be deployed on this node. - properties: - advertiseAddress: - description: AdvertiseAddress sets the IP address for - the API server to advertise. - type: string - bindPort: - description: |- - BindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - type: object - discovery: - description: |- - Discovery specifies the options for the kubelet to use during the TLS Bootstrap process - TODO: revisit when there is defaulting from k/k - properties: - bootstrapToken: - description: |- - BootstrapToken is used to set the options for bootstrap token based discovery - BootstrapToken and File are mutually exclusive - properties: - apiServerEndpoint: - description: APIServerEndpoint is an IP or domain name - to the API server from which info will be fetched. - type: string - caCertHashes: - description: |- - CACertHashes specifies a set of public key pins to verify - when token-based discovery is used. The root CA found during discovery - must match one of these values. Specifying an empty set disables root CA - pinning, which can be unsafe. Each hash is specified as ":", - where the only currently supported type is "sha256". This is a hex-encoded - SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded - ASN.1. These hashes can be calculated using, for example, OpenSSL: - openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex - items: - type: string - type: array - token: - description: |- - Token is a token used to validate cluster information - fetched from the control-plane. - type: string - unsafeSkipCAVerification: - description: |- - UnsafeSkipCAVerification allows token-based discovery - without CA verification via CACertHashes. This can weaken - the security of kubeadm since other nodes can impersonate the control-plane. - type: boolean - required: - - token - type: object - file: - description: |- - File is used to specify a file or URL to a kubeconfig file from which to load cluster information - BootstrapToken and File are mutually exclusive - properties: - kubeConfig: - description: |- - KubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information. - The file is generated at the path specified in KubeConfigPath. - - - Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint. - Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret. - properties: - cluster: - description: |- - Cluster contains information about how to communicate with the kubernetes cluster. - - - By default the following fields are automatically populated: - - Server with the Cluster's ControlPlaneEndpoint. - - CertificateAuthorityData with the Cluster's CA certificate. - properties: - certificateAuthorityData: - description: |- - CertificateAuthorityData contains PEM-encoded certificate authority certificates. - - - Defaults to the Cluster's CA certificate if empty. - format: byte - type: string - insecureSkipTLSVerify: - description: InsecureSkipTLSVerify skips the validity - check for the server's certificate. This will - make your HTTPS connections insecure. - type: boolean - proxyURL: - description: |- - ProxyURL is the URL to the proxy to be used for all requests made by this - client. URLs with "http", "https", and "socks5" schemes are supported. If - this configuration is not provided or the empty string, the client - attempts to construct a proxy configuration from http_proxy and - https_proxy environment variables. If these environment variables are not - set, the client does not attempt to proxy requests. - - - socks5 proxying does not currently support spdy streaming endpoints (exec, - attach, port forward). - type: string - server: - description: |- - Server is the address of the kubernetes cluster (https://hostname:port). - - - Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint. - type: string - tlsServerName: - description: TLSServerName is used to check server - certificate. If TLSServerName is empty, the - hostname used to contact the server is used. - type: string - type: object - user: - description: |- - User contains information that describes identity information. - This is used to tell the kubernetes cluster who you are. - properties: - authProvider: - description: AuthProvider specifies a custom authentication - plugin for the kubernetes cluster. - properties: - config: - additionalProperties: - type: string - description: Config holds the parameters for - the authentication plugin. - type: object - name: - description: Name is the name of the authentication - plugin. - type: string - required: - - name - type: object - exec: - description: Exec specifies a custom exec-based - authentication plugin for the kubernetes cluster. - properties: - apiVersion: - description: |- - Preferred input version of the ExecInfo. The returned ExecCredentials MUST use - the same encoding version as the input. - Defaults to client.authentication.k8s.io/v1 if not set. - type: string - args: - description: Arguments to pass to the command - when executing it. - items: - type: string - type: array - command: - description: Command to execute. - type: string - env: - description: |- - Env defines additional environment variables to expose to the process. These - are unioned with the host's environment, as well as variables client-go uses - to pass argument to the plugin. - items: - description: |- - KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based - credential plugin. - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - provideClusterInfo: - description: |- - ProvideClusterInfo determines whether or not to provide cluster information, - which could potentially contain very large CA data, to this exec plugin as a - part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set - to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for - reading this environment variable. - type: boolean - required: - - command - type: object - type: object - required: - - user - type: object - kubeConfigPath: - description: KubeConfigPath is used to specify the actual - file path or URL to the kubeconfig file from which to - load cluster information - type: string - required: - - kubeConfigPath - type: object - timeout: - description: Timeout modifies the discovery timeout - type: string - tlsBootstrapToken: - description: |- - TLSBootstrapToken is a token used for TLS bootstrapping. - If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. - If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information - type: string - type: object - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - nodeRegistration: - description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: CRISocket is used to retrieve container runtime - info. This information will be annotated to the Node API - object, for later re-use - type: string - ignorePreflightErrors: - description: IgnorePreflightErrors provides a slice of pre-flight - errors to be ignored when the current node is registered. - items: - type: string - type: array - imagePullPolicy: - description: |- - ImagePullPolicy specifies the policy for image pulling - during kubeadm "init" and "join" operations. The value of - this field must be one of "Always", "IfNotPresent" or - "Never". Defaults to "IfNotPresent". This can be used only - with Kubernetes version equal to 1.22 and later. - enum: - - Always - - IfNotPresent - - Never - type: string - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied to - a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to the taint - key. - type: string - required: - - effect - - key - type: object - type: array - type: object - patches: - description: |- - Patches contains options related to applying patches to components deployed by kubeadm during - "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22 - properties: - directory: - description: |- - Directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". - For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of - "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one - of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. - The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". - "suffix" is an optional string that can be used to determine which patches are applied - first alpha-numerically. - These files can be written into the target directory via KubeadmConfig.Files which - specifies additional files to be created on the machine, either with content inline or - by referencing a secret. - type: string - type: object - skipPhases: - description: |- - SkipPhases is a list of phases to skip during command execution. - The list of phases can be obtained with the "kubeadm init --help" command. - This option takes effect only on Kubernetes >=1.22.0. - items: - type: string - type: array - type: object - mounts: - description: Mounts specifies a list of mount points to be setup. - items: - description: MountPoints defines input for generated mounts in cloud-init. - items: - type: string - type: array - type: array - ntp: - description: NTP specifies NTP configuration - properties: - enabled: - description: Enabled specifies whether NTP should be enabled - type: boolean - servers: - description: Servers specifies which NTP servers to use - items: - type: string - type: array - type: object - postKubeadmCommands: - description: PostKubeadmCommands specifies extra commands to run after - kubeadm runs - items: - type: string - type: array - preKubeadmCommands: - description: PreKubeadmCommands specifies extra commands to run before - kubeadm runs - items: - type: string - type: array - useExperimentalRetryJoin: - description: |- - UseExperimentalRetryJoin replaces a basic kubeadm command with a shell - script with retries for joins. - - - This is meant to be an experimental temporary workaround on some environments - where joins fail due to timing (and other issues). The long term goal is to add retries to - kubeadm proper and use that functionality. - - - This will add about 40KB to userdata - - - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. - - - Deprecated: This experimental fix is no longer needed and this field will be removed in a future release. - When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml - type: boolean - users: - description: Users specifies extra users to add - items: - description: User defines the input for a generated user in cloud-init. - properties: - gecos: - description: Gecos specifies the gecos to use for the user - type: string - groups: - description: Groups specifies the additional groups for the - user - type: string - homeDir: - description: HomeDir specifies the home directory to use for - the user - type: string - inactive: - description: Inactive specifies whether to mark the user as - inactive - type: boolean - lockPassword: - description: LockPassword specifies if password login should - be disabled - type: boolean - name: - description: Name specifies the user name - type: string - passwd: - description: Passwd specifies a hashed password for the user - type: string - passwdFrom: - description: PasswdFrom is a referenced source of passwd to - populate the passwd. - properties: - secret: - description: Secret represents a secret that should populate - this password. - properties: - key: - description: Key is the key in the secret's data map - for this value. - type: string - name: - description: Name of the secret in the KubeadmBootstrapConfig's - namespace to use. - type: string - required: - - key - - name - type: object - required: - - secret - type: object - primaryGroup: - description: PrimaryGroup specifies the primary group for the - user - type: string - shell: - description: Shell specifies the user's shell - type: string - sshAuthorizedKeys: - description: SSHAuthorizedKeys specifies a list of ssh authorized - keys for the user - items: - type: string - type: array - sudo: - description: Sudo specifies a sudo role for the user - type: string - required: - - name - type: object - type: array - verbosity: - description: |- - Verbosity is the number for the kubeadm log level verbosity. - It overrides the `--v` flag in kubeadm commands. - format: int32 - type: integer - type: object - status: - description: KubeadmConfigStatus defines the observed state of KubeadmConfig. - properties: - conditions: - description: Conditions defines current service state of the KubeadmConfig. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - dataSecretName: - description: DataSecretName is the name of the secret that stores - the bootstrap data script. - type: string - failureMessage: - description: FailureMessage will be set on non-retryable errors - type: string - failureReason: - description: FailureReason will be set on non-retryable errors - type: string - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - ready: - description: Ready indicates the BootstrapData field is ready to be - consumed - type: boolean - type: object - type: object - served: true - storage: true - subresources: - status: {} - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert - controller-gen.kubebuilder.io/version: v0.14.0 - labels: - cluster.x-k8s.io/provider: bootstrap-kubeadm - cluster.x-k8s.io/v1beta1: v1beta1 - name: kubeadmconfigtemplates.bootstrap.cluster.x-k8s.io - spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-kubeadm-bootstrap-webhook-service - namespace: capi-kubeadm-bootstrap-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: bootstrap.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: KubeadmConfigTemplate - listKind: KubeadmConfigTemplateList - plural: kubeadmconfigtemplates - singular: kubeadmconfigtemplate - scope: Namespaced - versions: - - deprecated: true - name: v1alpha3 - schema: - openAPIV3Schema: - description: |- - KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates API. - - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate. - properties: - template: - description: KubeadmConfigTemplateResource defines the Template structure. - properties: - spec: - description: |- - KubeadmConfigSpec defines the desired state of KubeadmConfig. - Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined. - properties: - clusterConfiguration: - description: ClusterConfiguration along with InitConfiguration - are the configurations necessary for the init command - properties: - apiServer: - description: APIServer contains extra settings for the - API server control plane component - properties: - certSANs: - description: CertSANs sets extra Subject Alternative - Names for the API Server signing cert. - items: - type: string - type: array - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host - volumes, mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the - pod where hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod - template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access - to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - timeoutForControlPlane: - description: TimeoutForControlPlane controls the timeout - that we use for API server to appear - type: string - type: object - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - certificatesDir: - description: |- - CertificatesDir specifies where to store or look for all required certificates. - NB: if not provided, this will default to `/etc/kubernetes/pki` - type: string - clusterName: - description: The cluster name - type: string - controlPlaneEndpoint: - description: |- - ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it - can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. - In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort - are used; in case the ControlPlaneEndpoint is specified but without a TCP port, - the BindPort is used. - Possible usages are: - e.g. In a cluster with more than one control plane instances, this field should be - assigned the address of the external load balancer in front of the - control plane instances. - e.g. in environments with enforced node recycling, the ControlPlaneEndpoint - could be used for assigning a stable DNS to the control plane. - NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. - type: string - controllerManager: - description: ControllerManager contains extra settings - for the controller manager control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host - volumes, mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the - pod where hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod - template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access - to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - dns: - description: DNS defines the options for the DNS add-on - installed in the cluster. - properties: - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - ImageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - type: - description: Type defines the DNS add-on to be used - type: string - type: object - etcd: - description: |- - Etcd holds configuration for etcd. - NB: This value defaults to a Local (stacked) etcd - properties: - external: - description: |- - External describes how to connect to an external etcd cluster - Local and External are mutually exclusive - properties: - caFile: - description: |- - CAFile is an SSL Certificate Authority file used to secure etcd communication. - Required if using a TLS connection. - type: string - certFile: - description: |- - CertFile is an SSL certification file used to secure etcd communication. - Required if using a TLS connection. - type: string - endpoints: - description: Endpoints of etcd members. Required - for ExternalEtcd. - items: - type: string - type: array - keyFile: - description: |- - KeyFile is an SSL key file used to secure etcd communication. - Required if using a TLS connection. - type: string - required: - - caFile - - certFile - - endpoints - - keyFile - type: object - local: - description: |- - Local provides configuration knobs for configuring the local etcd instance - Local and External are mutually exclusive - properties: - dataDir: - description: |- - DataDir is the directory etcd will place its data. - Defaults to "/var/lib/etcd". - type: string - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs are extra arguments provided to the etcd binary - when run inside a static pod. - type: object - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - ImageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - peerCertSANs: - description: PeerCertSANs sets extra Subject Alternative - Names for the etcd peer signing cert. - items: - type: string - type: array - serverCertSANs: - description: ServerCertSANs sets extra Subject - Alternative Names for the etcd server signing - cert. - items: - type: string - type: array - type: object - type: object - featureGates: - additionalProperties: - type: boolean - description: FeatureGates enabled by the user. - type: object - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - If empty, `k8s.gcr.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) - `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `k8s.gcr.io` - will be used for all the other images. - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - kubernetesVersion: - description: |- - KubernetesVersion is the target version of the control plane. - NB: This value defaults to the Machine object spec.version - type: string - networking: - description: |- - Networking holds configuration for the networking topology of the cluster. - NB: This value defaults to the Cluster object spec.clusterNetwork. - properties: - dnsDomain: - description: DNSDomain is the dns domain used by k8s - services. Defaults to "cluster.local". - type: string - podSubnet: - description: |- - PodSubnet is the subnet used by pods. - If unset, the API server will not allocate CIDR ranges for every node. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set - type: string - serviceSubnet: - description: |- - ServiceSubnet is the subnet used by k8s services. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or - to "10.96.0.0/12" if that's unset. - type: string - type: object - scheduler: - description: Scheduler contains extra settings for the - scheduler control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host - volumes, mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the - pod where hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod - template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access - to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - useHyperKubeImage: - description: UseHyperKubeImage controls if hyperkube should - be used for Kubernetes components instead of their respective - separate images - type: boolean - type: object - diskSetup: - description: DiskSetup specifies options for the creation - of partition tables and file systems on devices. - properties: - filesystems: - description: Filesystems specifies the list of file systems - to setup. - items: - description: Filesystem defines the file systems to - be created. - properties: - device: - description: Device specifies the device name - type: string - extraOpts: - description: ExtraOpts defined extra options to - add to the command for creating the file system. - items: - type: string - type: array - filesystem: - description: Filesystem specifies the file system - type. - type: string - label: - description: Label specifies the file system label - to be used. If set to None, no label is used. - type: string - overwrite: - description: |- - Overwrite defines whether or not to overwrite any existing filesystem. - If true, any pre-existing file system will be destroyed. Use with Caution. - type: boolean - partition: - description: 'Partition specifies the partition - to use. The valid options are: "auto|any", "auto", - "any", "none", and , where NUM is the actual - partition number.' - type: string - replaceFS: - description: |- - ReplaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . - NOTE: unless you define a label, this requires the use of the 'any' partition directive. - type: string - required: - - device - - filesystem - - label - type: object - type: array - partitions: - description: Partitions specifies the list of the partitions - to setup. - items: - description: Partition defines how to create and layout - a partition. - properties: - device: - description: Device is the name of the device. - type: string - layout: - description: |- - Layout specifies the device layout. - If it is true, a single partition will be created for the entire device. - When layout is false, it means don't partition or ignore existing partitioning. - type: boolean - overwrite: - description: |- - Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. - Use with caution. Default is 'false'. - type: boolean - tableType: - description: |- - TableType specifies the tupe of partition table. The following are supported: - 'mbr': default and setups a MS-DOS partition table - 'gpt': setups a GPT partition table - type: string - required: - - device - - layout - type: object - type: array - type: object - files: - description: Files specifies extra files to be passed to user_data - upon creation. - items: - description: File defines the input for generating write_files - in cloud-init. - properties: - content: - description: Content is the actual content of the file. - type: string - contentFrom: - description: ContentFrom is a referenced source of content - to populate the file. - properties: - secret: - description: Secret represents a secret that should - populate this file. - properties: - key: - description: Key is the key in the secret's - data map for this value. - type: string - name: - description: Name of the secret in the KubeadmBootstrapConfig's - namespace to use. - type: string - required: - - key - - name - type: object - required: - - secret - type: object - encoding: - description: Encoding specifies the encoding of the - file contents. - enum: - - base64 - - gzip - - gzip+base64 - type: string - owner: - description: Owner specifies the ownership of the file, - e.g. "root:root". - type: string - path: - description: Path specifies the full path on disk where - to store the file. - type: string - permissions: - description: Permissions specifies the permissions to - assign to the file, e.g. "0640". - type: string - required: - - path - type: object - type: array - format: - description: Format specifies the output format of the bootstrap - data - enum: - - cloud-config - type: string - initConfiguration: - description: InitConfiguration along with ClusterConfiguration - are the configurations necessary for the init command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - bootstrapTokens: - description: |- - BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. - This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature - items: - description: BootstrapToken describes one bootstrap - token, stored as a Secret in the cluster. - properties: - description: - description: |- - Description sets a human-friendly message why this token exists and what it's used - for, so other administrators can know its purpose. - type: string - expires: - description: |- - Expires specifies the timestamp when this token expires. Defaults to being set - dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. - format: date-time - type: string - groups: - description: |- - Groups specifies the extra groups that this token will authenticate as when/if - used for authentication - items: - type: string - type: array - token: - description: |- - Token is used for establishing bidirectional trust between nodes and control-planes. - Used for joining nodes in the cluster. - type: string - ttl: - description: |- - TTL defines the time to live for this token. Defaults to 24h. - Expires and TTL are mutually exclusive. - type: string - usages: - description: |- - Usages describes the ways in which this token can be used. Can by default be used - for establishing bidirectional trust, but that can be changed here. - items: - type: string - type: array - required: - - token - type: object - type: array - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - localAPIEndpoint: - description: |- - LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node - In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint - is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This - configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible - on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process - fails you may set the desired value here. - properties: - advertiseAddress: - description: AdvertiseAddress sets the IP address - for the API server to advertise. - type: string - bindPort: - description: |- - BindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - required: - - advertiseAddress - - bindPort - type: object - nodeRegistration: - description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: CRISocket is used to retrieve container - runtime info. This information will be annotated - to the Node API object, for later re-use - type: string - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied - to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to - the taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - type: object - joinConfiguration: - description: JoinConfiguration is the kubeadm configuration - for the join command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - caCertPath: - description: |- - CACertPath is the path to the SSL certificate authority used to - secure comunications between node and control-plane. - Defaults to "/etc/kubernetes/pki/ca.crt". - TODO: revisit when there is defaulting from k/k - type: string - controlPlane: - description: |- - ControlPlane defines the additional control plane instance to be deployed on the joining node. - If nil, no additional control plane instance will be deployed. - properties: - localAPIEndpoint: - description: LocalAPIEndpoint represents the endpoint - of the API server instance to be deployed on this - node. - properties: - advertiseAddress: - description: AdvertiseAddress sets the IP address - for the API server to advertise. - type: string - bindPort: - description: |- - BindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - required: - - advertiseAddress - - bindPort - type: object - type: object - discovery: - description: |- - Discovery specifies the options for the kubelet to use during the TLS Bootstrap process - TODO: revisit when there is defaulting from k/k - properties: - bootstrapToken: - description: |- - BootstrapToken is used to set the options for bootstrap token based discovery - BootstrapToken and File are mutually exclusive - properties: - apiServerEndpoint: - description: APIServerEndpoint is an IP or domain - name to the API server from which info will - be fetched. - type: string - caCertHashes: - description: |- - CACertHashes specifies a set of public key pins to verify - when token-based discovery is used. The root CA found during discovery - must match one of these values. Specifying an empty set disables root CA - pinning, which can be unsafe. Each hash is specified as ":", - where the only currently supported type is "sha256". This is a hex-encoded - SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded - ASN.1. These hashes can be calculated using, for example, OpenSSL: - openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex - items: - type: string - type: array - token: - description: |- - Token is a token used to validate cluster information - fetched from the control-plane. - type: string - unsafeSkipCAVerification: - description: |- - UnsafeSkipCAVerification allows token-based discovery - without CA verification via CACertHashes. This can weaken - the security of kubeadm since other nodes can impersonate the control-plane. - type: boolean - required: - - token - - unsafeSkipCAVerification - type: object - file: - description: |- - File is used to specify a file or URL to a kubeconfig file from which to load cluster information - BootstrapToken and File are mutually exclusive - properties: - kubeConfigPath: - description: KubeConfigPath is used to specify - the actual file path or URL to the kubeconfig - file from which to load cluster information - type: string - required: - - kubeConfigPath - type: object - timeout: - description: Timeout modifies the discovery timeout - type: string - tlsBootstrapToken: - description: |- - TLSBootstrapToken is a token used for TLS bootstrapping. - If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. - If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information - TODO: revisit when there is defaulting from k/k - type: string - type: object - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - nodeRegistration: - description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: CRISocket is used to retrieve container - runtime info. This information will be annotated - to the Node API object, for later re-use - type: string - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied - to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to - the taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - type: object - mounts: - description: Mounts specifies a list of mount points to be - setup. - items: - description: MountPoints defines input for generated mounts - in cloud-init. - items: - type: string - type: array - type: array - ntp: - description: NTP specifies NTP configuration - properties: - enabled: - description: Enabled specifies whether NTP should be enabled - type: boolean - servers: - description: Servers specifies which NTP servers to use - items: - type: string - type: array - type: object - postKubeadmCommands: - description: PostKubeadmCommands specifies extra commands - to run after kubeadm runs - items: - type: string - type: array - preKubeadmCommands: - description: PreKubeadmCommands specifies extra commands to - run before kubeadm runs - items: - type: string - type: array - useExperimentalRetryJoin: - description: |- - UseExperimentalRetryJoin replaces a basic kubeadm command with a shell - script with retries for joins. - - - This is meant to be an experimental temporary workaround on some environments - where joins fail due to timing (and other issues). The long term goal is to add retries to - kubeadm proper and use that functionality. - - - This will add about 40KB to userdata - - - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. - type: boolean - users: - description: Users specifies extra users to add - items: - description: User defines the input for a generated user - in cloud-init. - properties: - gecos: - description: Gecos specifies the gecos to use for the - user - type: string - groups: - description: Groups specifies the additional groups - for the user - type: string - homeDir: - description: HomeDir specifies the home directory to - use for the user - type: string - inactive: - description: Inactive specifies whether to mark the - user as inactive - type: boolean - lockPassword: - description: LockPassword specifies if password login - should be disabled - type: boolean - name: - description: Name specifies the user name - type: string - passwd: - description: Passwd specifies a hashed password for - the user - type: string - primaryGroup: - description: PrimaryGroup specifies the primary group - for the user - type: string - shell: - description: Shell specifies the user's shell - type: string - sshAuthorizedKeys: - description: SSHAuthorizedKeys specifies a list of ssh - authorized keys for the user - items: - type: string - type: array - sudo: - description: Sudo specifies a sudo role for the user - type: string - required: - - name - type: object - type: array - verbosity: - description: |- - Verbosity is the number for the kubeadm log level verbosity. - It overrides the `--v` flag in kubeadm commands. - format: int32 - type: integer - type: object - type: object - required: - - template - type: object - type: object - served: false - storage: false - - additionalPrinterColumns: - - description: Time duration since creation of KubeadmConfigTemplate - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - name: v1alpha4 - schema: - openAPIV3Schema: - description: |- - KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates API. - - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate. - properties: - template: - description: KubeadmConfigTemplateResource defines the Template structure. - properties: - spec: - description: |- - KubeadmConfigSpec defines the desired state of KubeadmConfig. - Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined. - properties: - clusterConfiguration: - description: ClusterConfiguration along with InitConfiguration - are the configurations necessary for the init command - properties: - apiServer: - description: APIServer contains extra settings for the - API server control plane component - properties: - certSANs: - description: CertSANs sets extra Subject Alternative - Names for the API Server signing cert. - items: - type: string - type: array - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host - volumes, mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the - pod where hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod - template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access - to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - timeoutForControlPlane: - description: TimeoutForControlPlane controls the timeout - that we use for API server to appear - type: string - type: object - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - certificatesDir: - description: |- - CertificatesDir specifies where to store or look for all required certificates. - NB: if not provided, this will default to `/etc/kubernetes/pki` - type: string - clusterName: - description: The cluster name - type: string - controlPlaneEndpoint: - description: |- - ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it - can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. - In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort - are used; in case the ControlPlaneEndpoint is specified but without a TCP port, - the BindPort is used. - Possible usages are: - e.g. In a cluster with more than one control plane instances, this field should be - assigned the address of the external load balancer in front of the - control plane instances. - e.g. in environments with enforced node recycling, the ControlPlaneEndpoint - could be used for assigning a stable DNS to the control plane. - NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. - type: string - controllerManager: - description: ControllerManager contains extra settings - for the controller manager control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host - volumes, mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the - pod where hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod - template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access - to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - dns: - description: DNS defines the options for the DNS add-on - installed in the cluster. - properties: - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - ImageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - type: object - etcd: - description: |- - Etcd holds configuration for etcd. - NB: This value defaults to a Local (stacked) etcd - properties: - external: - description: |- - External describes how to connect to an external etcd cluster - Local and External are mutually exclusive - properties: - caFile: - description: |- - CAFile is an SSL Certificate Authority file used to secure etcd communication. - Required if using a TLS connection. - type: string - certFile: - description: |- - CertFile is an SSL certification file used to secure etcd communication. - Required if using a TLS connection. - type: string - endpoints: - description: Endpoints of etcd members. Required - for ExternalEtcd. - items: - type: string - type: array - keyFile: - description: |- - KeyFile is an SSL key file used to secure etcd communication. - Required if using a TLS connection. - type: string - required: - - caFile - - certFile - - endpoints - - keyFile - type: object - local: - description: |- - Local provides configuration knobs for configuring the local etcd instance - Local and External are mutually exclusive - properties: - dataDir: - description: |- - DataDir is the directory etcd will place its data. - Defaults to "/var/lib/etcd". - type: string - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs are extra arguments provided to the etcd binary - when run inside a static pod. - type: object - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - ImageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - peerCertSANs: - description: PeerCertSANs sets extra Subject Alternative - Names for the etcd peer signing cert. - items: - type: string - type: array - serverCertSANs: - description: ServerCertSANs sets extra Subject - Alternative Names for the etcd server signing - cert. - items: - type: string - type: array - type: object - type: object - featureGates: - additionalProperties: - type: boolean - description: FeatureGates enabled by the user. - type: object - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - If empty, `registry.k8s.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) - `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `registry.k8s.io` - will be used for all the other images. - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - kubernetesVersion: - description: |- - KubernetesVersion is the target version of the control plane. - NB: This value defaults to the Machine object spec.version - type: string - networking: - description: |- - Networking holds configuration for the networking topology of the cluster. - NB: This value defaults to the Cluster object spec.clusterNetwork. - properties: - dnsDomain: - description: DNSDomain is the dns domain used by k8s - services. Defaults to "cluster.local". - type: string - podSubnet: - description: |- - PodSubnet is the subnet used by pods. - If unset, the API server will not allocate CIDR ranges for every node. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set - type: string - serviceSubnet: - description: |- - ServiceSubnet is the subnet used by k8s services. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or - to "10.96.0.0/12" if that's unset. - type: string - type: object - scheduler: - description: Scheduler contains extra settings for the - scheduler control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host - volumes, mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the - pod where hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod - template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access - to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - type: object - diskSetup: - description: DiskSetup specifies options for the creation - of partition tables and file systems on devices. - properties: - filesystems: - description: Filesystems specifies the list of file systems - to setup. - items: - description: Filesystem defines the file systems to - be created. - properties: - device: - description: Device specifies the device name - type: string - extraOpts: - description: ExtraOpts defined extra options to - add to the command for creating the file system. - items: - type: string - type: array - filesystem: - description: Filesystem specifies the file system - type. - type: string - label: - description: Label specifies the file system label - to be used. If set to None, no label is used. - type: string - overwrite: - description: |- - Overwrite defines whether or not to overwrite any existing filesystem. - If true, any pre-existing file system will be destroyed. Use with Caution. - type: boolean - partition: - description: 'Partition specifies the partition - to use. The valid options are: "auto|any", "auto", - "any", "none", and , where NUM is the actual - partition number.' - type: string - replaceFS: - description: |- - ReplaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . - NOTE: unless you define a label, this requires the use of the 'any' partition directive. - type: string - required: - - device - - filesystem - - label - type: object - type: array - partitions: - description: Partitions specifies the list of the partitions - to setup. - items: - description: Partition defines how to create and layout - a partition. - properties: - device: - description: Device is the name of the device. - type: string - layout: - description: |- - Layout specifies the device layout. - If it is true, a single partition will be created for the entire device. - When layout is false, it means don't partition or ignore existing partitioning. - type: boolean - overwrite: - description: |- - Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. - Use with caution. Default is 'false'. - type: boolean - tableType: - description: |- - TableType specifies the tupe of partition table. The following are supported: - 'mbr': default and setups a MS-DOS partition table - 'gpt': setups a GPT partition table - type: string - required: - - device - - layout - type: object - type: array - type: object - files: - description: Files specifies extra files to be passed to user_data - upon creation. - items: - description: File defines the input for generating write_files - in cloud-init. - properties: - content: - description: Content is the actual content of the file. - type: string - contentFrom: - description: ContentFrom is a referenced source of content - to populate the file. - properties: - secret: - description: Secret represents a secret that should - populate this file. - properties: - key: - description: Key is the key in the secret's - data map for this value. - type: string - name: - description: Name of the secret in the KubeadmBootstrapConfig's - namespace to use. - type: string - required: - - key - - name - type: object - required: - - secret - type: object - encoding: - description: Encoding specifies the encoding of the - file contents. - enum: - - base64 - - gzip - - gzip+base64 - type: string - owner: - description: Owner specifies the ownership of the file, - e.g. "root:root". - type: string - path: - description: Path specifies the full path on disk where - to store the file. - type: string - permissions: - description: Permissions specifies the permissions to - assign to the file, e.g. "0640". - type: string - required: - - path - type: object - type: array - format: - description: Format specifies the output format of the bootstrap - data - enum: - - cloud-config - type: string - initConfiguration: - description: InitConfiguration along with ClusterConfiguration - are the configurations necessary for the init command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - bootstrapTokens: - description: |- - BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. - This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature - items: - description: BootstrapToken describes one bootstrap - token, stored as a Secret in the cluster. - properties: - description: - description: |- - Description sets a human-friendly message why this token exists and what it's used - for, so other administrators can know its purpose. - type: string - expires: - description: |- - Expires specifies the timestamp when this token expires. Defaults to being set - dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. - format: date-time - type: string - groups: - description: |- - Groups specifies the extra groups that this token will authenticate as when/if - used for authentication - items: - type: string - type: array - token: - description: |- - Token is used for establishing bidirectional trust between nodes and control-planes. - Used for joining nodes in the cluster. - type: string - ttl: - description: |- - TTL defines the time to live for this token. Defaults to 24h. - Expires and TTL are mutually exclusive. - type: string - usages: - description: |- - Usages describes the ways in which this token can be used. Can by default be used - for establishing bidirectional trust, but that can be changed here. - items: - type: string - type: array - required: - - token - type: object - type: array - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - localAPIEndpoint: - description: |- - LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node - In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint - is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This - configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible - on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process - fails you may set the desired value here. - properties: - advertiseAddress: - description: AdvertiseAddress sets the IP address - for the API server to advertise. - type: string - bindPort: - description: |- - BindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - nodeRegistration: - description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: CRISocket is used to retrieve container - runtime info. This information will be annotated - to the Node API object, for later re-use - type: string - ignorePreflightErrors: - description: IgnorePreflightErrors provides a slice - of pre-flight errors to be ignored when the current - node is registered. - items: - type: string - type: array - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied - to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to - the taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - type: object - joinConfiguration: - description: JoinConfiguration is the kubeadm configuration - for the join command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - caCertPath: - description: |- - CACertPath is the path to the SSL certificate authority used to - secure comunications between node and control-plane. - Defaults to "/etc/kubernetes/pki/ca.crt". - TODO: revisit when there is defaulting from k/k - type: string - controlPlane: - description: |- - ControlPlane defines the additional control plane instance to be deployed on the joining node. - If nil, no additional control plane instance will be deployed. - properties: - localAPIEndpoint: - description: LocalAPIEndpoint represents the endpoint - of the API server instance to be deployed on this - node. - properties: - advertiseAddress: - description: AdvertiseAddress sets the IP address - for the API server to advertise. - type: string - bindPort: - description: |- - BindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - type: object - discovery: - description: |- - Discovery specifies the options for the kubelet to use during the TLS Bootstrap process - TODO: revisit when there is defaulting from k/k - properties: - bootstrapToken: - description: |- - BootstrapToken is used to set the options for bootstrap token based discovery - BootstrapToken and File are mutually exclusive - properties: - apiServerEndpoint: - description: APIServerEndpoint is an IP or domain - name to the API server from which info will - be fetched. - type: string - caCertHashes: - description: |- - CACertHashes specifies a set of public key pins to verify - when token-based discovery is used. The root CA found during discovery - must match one of these values. Specifying an empty set disables root CA - pinning, which can be unsafe. Each hash is specified as ":", - where the only currently supported type is "sha256". This is a hex-encoded - SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded - ASN.1. These hashes can be calculated using, for example, OpenSSL: - openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex - items: - type: string - type: array - token: - description: |- - Token is a token used to validate cluster information - fetched from the control-plane. - type: string - unsafeSkipCAVerification: - description: |- - UnsafeSkipCAVerification allows token-based discovery - without CA verification via CACertHashes. This can weaken - the security of kubeadm since other nodes can impersonate the control-plane. - type: boolean - required: - - token - type: object - file: - description: |- - File is used to specify a file or URL to a kubeconfig file from which to load cluster information - BootstrapToken and File are mutually exclusive - properties: - kubeConfigPath: - description: KubeConfigPath is used to specify - the actual file path or URL to the kubeconfig - file from which to load cluster information - type: string - required: - - kubeConfigPath - type: object - timeout: - description: Timeout modifies the discovery timeout - type: string - tlsBootstrapToken: - description: |- - TLSBootstrapToken is a token used for TLS bootstrapping. - If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. - If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information - type: string - type: object - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - nodeRegistration: - description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: CRISocket is used to retrieve container - runtime info. This information will be annotated - to the Node API object, for later re-use - type: string - ignorePreflightErrors: - description: IgnorePreflightErrors provides a slice - of pre-flight errors to be ignored when the current - node is registered. - items: - type: string - type: array - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied - to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to - the taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - type: object - mounts: - description: Mounts specifies a list of mount points to be - setup. - items: - description: MountPoints defines input for generated mounts - in cloud-init. - items: - type: string - type: array - type: array - ntp: - description: NTP specifies NTP configuration - properties: - enabled: - description: Enabled specifies whether NTP should be enabled - type: boolean - servers: - description: Servers specifies which NTP servers to use - items: - type: string - type: array - type: object - postKubeadmCommands: - description: PostKubeadmCommands specifies extra commands - to run after kubeadm runs - items: - type: string - type: array - preKubeadmCommands: - description: PreKubeadmCommands specifies extra commands to - run before kubeadm runs - items: - type: string - type: array - useExperimentalRetryJoin: - description: |- - UseExperimentalRetryJoin replaces a basic kubeadm command with a shell - script with retries for joins. - - - This is meant to be an experimental temporary workaround on some environments - where joins fail due to timing (and other issues). The long term goal is to add retries to - kubeadm proper and use that functionality. - - - This will add about 40KB to userdata - - - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. - type: boolean - users: - description: Users specifies extra users to add - items: - description: User defines the input for a generated user - in cloud-init. - properties: - gecos: - description: Gecos specifies the gecos to use for the - user - type: string - groups: - description: Groups specifies the additional groups - for the user - type: string - homeDir: - description: HomeDir specifies the home directory to - use for the user - type: string - inactive: - description: Inactive specifies whether to mark the - user as inactive - type: boolean - lockPassword: - description: LockPassword specifies if password login - should be disabled - type: boolean - name: - description: Name specifies the user name - type: string - passwd: - description: Passwd specifies a hashed password for - the user - type: string - primaryGroup: - description: PrimaryGroup specifies the primary group - for the user - type: string - shell: - description: Shell specifies the user's shell - type: string - sshAuthorizedKeys: - description: SSHAuthorizedKeys specifies a list of ssh - authorized keys for the user - items: - type: string - type: array - sudo: - description: Sudo specifies a sudo role for the user - type: string - required: - - name - type: object - type: array - verbosity: - description: |- - Verbosity is the number for the kubeadm log level verbosity. - It overrides the `--v` flag in kubeadm commands. - format: int32 - type: integer - type: object - type: object - required: - - template - type: object - type: object - served: false - storage: false - subresources: {} - - additionalPrinterColumns: - - description: Time duration since creation of KubeadmConfigTemplate - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate. - properties: - template: - description: KubeadmConfigTemplateResource defines the Template structure. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - spec: - description: |- - KubeadmConfigSpec defines the desired state of KubeadmConfig. - Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined. - properties: - clusterConfiguration: - description: ClusterConfiguration along with InitConfiguration - are the configurations necessary for the init command - properties: - apiServer: - description: APIServer contains extra settings for the - API server control plane component - properties: - certSANs: - description: CertSANs sets extra Subject Alternative - Names for the API Server signing cert. - items: - type: string - type: array - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host - volumes, mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the - pod where hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod - template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access - to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - timeoutForControlPlane: - description: TimeoutForControlPlane controls the timeout - that we use for API server to appear - type: string - type: object - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - certificatesDir: - description: |- - CertificatesDir specifies where to store or look for all required certificates. - NB: if not provided, this will default to `/etc/kubernetes/pki` - type: string - clusterName: - description: The cluster name - type: string - controlPlaneEndpoint: - description: |- - ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it - can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. - In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort - are used; in case the ControlPlaneEndpoint is specified but without a TCP port, - the BindPort is used. - Possible usages are: - e.g. In a cluster with more than one control plane instances, this field should be - assigned the address of the external load balancer in front of the - control plane instances. - e.g. in environments with enforced node recycling, the ControlPlaneEndpoint - could be used for assigning a stable DNS to the control plane. - NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. - type: string - controllerManager: - description: ControllerManager contains extra settings - for the controller manager control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host - volumes, mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the - pod where hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod - template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access - to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - dns: - description: DNS defines the options for the DNS add-on - installed in the cluster. - properties: - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - ImageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - type: object - etcd: - description: |- - Etcd holds configuration for etcd. - NB: This value defaults to a Local (stacked) etcd - properties: - external: - description: |- - External describes how to connect to an external etcd cluster - Local and External are mutually exclusive - properties: - caFile: - description: |- - CAFile is an SSL Certificate Authority file used to secure etcd communication. - Required if using a TLS connection. - type: string - certFile: - description: |- - CertFile is an SSL certification file used to secure etcd communication. - Required if using a TLS connection. - type: string - endpoints: - description: Endpoints of etcd members. Required - for ExternalEtcd. - items: - type: string - type: array - keyFile: - description: |- - KeyFile is an SSL key file used to secure etcd communication. - Required if using a TLS connection. - type: string - required: - - caFile - - certFile - - endpoints - - keyFile - type: object - local: - description: |- - Local provides configuration knobs for configuring the local etcd instance - Local and External are mutually exclusive - properties: - dataDir: - description: |- - DataDir is the directory etcd will place its data. - Defaults to "/var/lib/etcd". - type: string - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs are extra arguments provided to the etcd binary - when run inside a static pod. - type: object - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - ImageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - peerCertSANs: - description: PeerCertSANs sets extra Subject Alternative - Names for the etcd peer signing cert. - items: - type: string - type: array - serverCertSANs: - description: ServerCertSANs sets extra Subject - Alternative Names for the etcd server signing - cert. - items: - type: string - type: array - type: object - type: object - featureGates: - additionalProperties: - type: boolean - description: FeatureGates enabled by the user. - type: object - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - * If not set, the default registry of kubeadm will be used, i.e. - * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 - * k8s.gcr.io (old registry): all older versions - Please note that when imageRepository is not set we don't allow upgrades to - versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use - a newer patch version with the new registry instead (i.e. >= v1.22.17, - >= v1.23.15, >= v1.24.9, >= v1.25.0). - * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) - `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components - and for kube-proxy, while `registry.k8s.io` will be used for all the other images. - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - kubernetesVersion: - description: |- - KubernetesVersion is the target version of the control plane. - NB: This value defaults to the Machine object spec.version - type: string - networking: - description: |- - Networking holds configuration for the networking topology of the cluster. - NB: This value defaults to the Cluster object spec.clusterNetwork. - properties: - dnsDomain: - description: DNSDomain is the dns domain used by k8s - services. Defaults to "cluster.local". - type: string - podSubnet: - description: |- - PodSubnet is the subnet used by pods. - If unset, the API server will not allocate CIDR ranges for every node. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set - type: string - serviceSubnet: - description: |- - ServiceSubnet is the subnet used by k8s services. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or - to "10.96.0.0/12" if that's unset. - type: string - type: object - scheduler: - description: Scheduler contains extra settings for the - scheduler control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host - volumes, mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the - pod where hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod - template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access - to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - type: object - diskSetup: - description: DiskSetup specifies options for the creation - of partition tables and file systems on devices. - properties: - filesystems: - description: Filesystems specifies the list of file systems - to setup. - items: - description: Filesystem defines the file systems to - be created. - properties: - device: - description: Device specifies the device name - type: string - extraOpts: - description: ExtraOpts defined extra options to - add to the command for creating the file system. - items: - type: string - type: array - filesystem: - description: Filesystem specifies the file system - type. - type: string - label: - description: Label specifies the file system label - to be used. If set to None, no label is used. - type: string - overwrite: - description: |- - Overwrite defines whether or not to overwrite any existing filesystem. - If true, any pre-existing file system will be destroyed. Use with Caution. - type: boolean - partition: - description: 'Partition specifies the partition - to use. The valid options are: "auto|any", "auto", - "any", "none", and , where NUM is the actual - partition number.' - type: string - replaceFS: - description: |- - ReplaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . - NOTE: unless you define a label, this requires the use of the 'any' partition directive. - type: string - required: - - device - - filesystem - - label - type: object - type: array - partitions: - description: Partitions specifies the list of the partitions - to setup. - items: - description: Partition defines how to create and layout - a partition. - properties: - device: - description: Device is the name of the device. - type: string - layout: - description: |- - Layout specifies the device layout. - If it is true, a single partition will be created for the entire device. - When layout is false, it means don't partition or ignore existing partitioning. - type: boolean - overwrite: - description: |- - Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. - Use with caution. Default is 'false'. - type: boolean - tableType: - description: |- - TableType specifies the tupe of partition table. The following are supported: - 'mbr': default and setups a MS-DOS partition table - 'gpt': setups a GPT partition table - type: string - required: - - device - - layout - type: object - type: array - type: object - files: - description: Files specifies extra files to be passed to user_data - upon creation. - items: - description: File defines the input for generating write_files - in cloud-init. - properties: - append: - description: Append specifies whether to append Content - to existing file if Path exists. - type: boolean - content: - description: Content is the actual content of the file. - type: string - contentFrom: - description: ContentFrom is a referenced source of content - to populate the file. - properties: - secret: - description: Secret represents a secret that should - populate this file. - properties: - key: - description: Key is the key in the secret's - data map for this value. - type: string - name: - description: Name of the secret in the KubeadmBootstrapConfig's - namespace to use. - type: string - required: - - key - - name - type: object - required: - - secret - type: object - encoding: - description: Encoding specifies the encoding of the - file contents. - enum: - - base64 - - gzip - - gzip+base64 - type: string - owner: - description: Owner specifies the ownership of the file, - e.g. "root:root". - type: string - path: - description: Path specifies the full path on disk where - to store the file. - type: string - permissions: - description: Permissions specifies the permissions to - assign to the file, e.g. "0640". - type: string - required: - - path - type: object - type: array - format: - description: Format specifies the output format of the bootstrap - data - enum: - - cloud-config - - ignition - type: string - ignition: - description: Ignition contains Ignition specific configuration. - properties: - containerLinuxConfig: - description: ContainerLinuxConfig contains CLC specific - configuration. - properties: - additionalConfig: - description: |- - AdditionalConfig contains additional configuration to be merged with the Ignition - configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging - - - The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ - type: string - strict: - description: Strict controls if AdditionalConfig should - be strictly parsed. If so, warnings are treated - as errors. - type: boolean - type: object - type: object - initConfiguration: - description: InitConfiguration along with ClusterConfiguration - are the configurations necessary for the init command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - bootstrapTokens: - description: |- - BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. - This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature - items: - description: BootstrapToken describes one bootstrap - token, stored as a Secret in the cluster. - properties: - description: - description: |- - Description sets a human-friendly message why this token exists and what it's used - for, so other administrators can know its purpose. - type: string - expires: - description: |- - Expires specifies the timestamp when this token expires. Defaults to being set - dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. - format: date-time - type: string - groups: - description: |- - Groups specifies the extra groups that this token will authenticate as when/if - used for authentication - items: - type: string - type: array - token: - description: |- - Token is used for establishing bidirectional trust between nodes and control-planes. - Used for joining nodes in the cluster. - type: string - ttl: - description: |- - TTL defines the time to live for this token. Defaults to 24h. - Expires and TTL are mutually exclusive. - type: string - usages: - description: |- - Usages describes the ways in which this token can be used. Can by default be used - for establishing bidirectional trust, but that can be changed here. - items: - type: string - type: array - required: - - token - type: object - type: array - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - localAPIEndpoint: - description: |- - LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node - In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint - is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This - configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible - on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process - fails you may set the desired value here. - properties: - advertiseAddress: - description: AdvertiseAddress sets the IP address - for the API server to advertise. - type: string - bindPort: - description: |- - BindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - nodeRegistration: - description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: CRISocket is used to retrieve container - runtime info. This information will be annotated - to the Node API object, for later re-use - type: string - ignorePreflightErrors: - description: IgnorePreflightErrors provides a slice - of pre-flight errors to be ignored when the current - node is registered. - items: - type: string - type: array - imagePullPolicy: - description: |- - ImagePullPolicy specifies the policy for image pulling - during kubeadm "init" and "join" operations. The value of - this field must be one of "Always", "IfNotPresent" or - "Never". Defaults to "IfNotPresent". This can be used only - with Kubernetes version equal to 1.22 and later. - enum: - - Always - - IfNotPresent - - Never - type: string - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied - to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to - the taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - patches: - description: |- - Patches contains options related to applying patches to components deployed by kubeadm during - "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22 - properties: - directory: - description: |- - Directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". - For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of - "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one - of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. - The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". - "suffix" is an optional string that can be used to determine which patches are applied - first alpha-numerically. - These files can be written into the target directory via KubeadmConfig.Files which - specifies additional files to be created on the machine, either with content inline or - by referencing a secret. - type: string - type: object - skipPhases: - description: |- - SkipPhases is a list of phases to skip during command execution. - The list of phases can be obtained with the "kubeadm init --help" command. - This option takes effect only on Kubernetes >=1.22.0. - items: - type: string - type: array - type: object - joinConfiguration: - description: JoinConfiguration is the kubeadm configuration - for the join command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - caCertPath: - description: |- - CACertPath is the path to the SSL certificate authority used to - secure comunications between node and control-plane. - Defaults to "/etc/kubernetes/pki/ca.crt". - TODO: revisit when there is defaulting from k/k - type: string - controlPlane: - description: |- - ControlPlane defines the additional control plane instance to be deployed on the joining node. - If nil, no additional control plane instance will be deployed. - properties: - localAPIEndpoint: - description: LocalAPIEndpoint represents the endpoint - of the API server instance to be deployed on this - node. - properties: - advertiseAddress: - description: AdvertiseAddress sets the IP address - for the API server to advertise. - type: string - bindPort: - description: |- - BindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - type: object - discovery: - description: |- - Discovery specifies the options for the kubelet to use during the TLS Bootstrap process - TODO: revisit when there is defaulting from k/k - properties: - bootstrapToken: - description: |- - BootstrapToken is used to set the options for bootstrap token based discovery - BootstrapToken and File are mutually exclusive - properties: - apiServerEndpoint: - description: APIServerEndpoint is an IP or domain - name to the API server from which info will - be fetched. - type: string - caCertHashes: - description: |- - CACertHashes specifies a set of public key pins to verify - when token-based discovery is used. The root CA found during discovery - must match one of these values. Specifying an empty set disables root CA - pinning, which can be unsafe. Each hash is specified as ":", - where the only currently supported type is "sha256". This is a hex-encoded - SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded - ASN.1. These hashes can be calculated using, for example, OpenSSL: - openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex - items: - type: string - type: array - token: - description: |- - Token is a token used to validate cluster information - fetched from the control-plane. - type: string - unsafeSkipCAVerification: - description: |- - UnsafeSkipCAVerification allows token-based discovery - without CA verification via CACertHashes. This can weaken - the security of kubeadm since other nodes can impersonate the control-plane. - type: boolean - required: - - token - type: object - file: - description: |- - File is used to specify a file or URL to a kubeconfig file from which to load cluster information - BootstrapToken and File are mutually exclusive - properties: - kubeConfig: - description: |- - KubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information. - The file is generated at the path specified in KubeConfigPath. - - - Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint. - Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret. - properties: - cluster: - description: |- - Cluster contains information about how to communicate with the kubernetes cluster. - - - By default the following fields are automatically populated: - - Server with the Cluster's ControlPlaneEndpoint. - - CertificateAuthorityData with the Cluster's CA certificate. - properties: - certificateAuthorityData: - description: |- - CertificateAuthorityData contains PEM-encoded certificate authority certificates. - - - Defaults to the Cluster's CA certificate if empty. - format: byte - type: string - insecureSkipTLSVerify: - description: InsecureSkipTLSVerify skips - the validity check for the server's - certificate. This will make your HTTPS - connections insecure. - type: boolean - proxyURL: - description: |- - ProxyURL is the URL to the proxy to be used for all requests made by this - client. URLs with "http", "https", and "socks5" schemes are supported. If - this configuration is not provided or the empty string, the client - attempts to construct a proxy configuration from http_proxy and - https_proxy environment variables. If these environment variables are not - set, the client does not attempt to proxy requests. - - - socks5 proxying does not currently support spdy streaming endpoints (exec, - attach, port forward). - type: string - server: - description: |- - Server is the address of the kubernetes cluster (https://hostname:port). - - - Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint. - type: string - tlsServerName: - description: TLSServerName is used to - check server certificate. If TLSServerName - is empty, the hostname used to contact - the server is used. - type: string - type: object - user: - description: |- - User contains information that describes identity information. - This is used to tell the kubernetes cluster who you are. - properties: - authProvider: - description: AuthProvider specifies a - custom authentication plugin for the - kubernetes cluster. - properties: - config: - additionalProperties: - type: string - description: Config holds the parameters - for the authentication plugin. - type: object - name: - description: Name is the name of the - authentication plugin. - type: string - required: - - name - type: object - exec: - description: Exec specifies a custom exec-based - authentication plugin for the kubernetes - cluster. - properties: - apiVersion: - description: |- - Preferred input version of the ExecInfo. The returned ExecCredentials MUST use - the same encoding version as the input. - Defaults to client.authentication.k8s.io/v1 if not set. - type: string - args: - description: Arguments to pass to - the command when executing it. - items: - type: string - type: array - command: - description: Command to execute. - type: string - env: - description: |- - Env defines additional environment variables to expose to the process. These - are unioned with the host's environment, as well as variables client-go uses - to pass argument to the plugin. - items: - description: |- - KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based - credential plugin. - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - provideClusterInfo: - description: |- - ProvideClusterInfo determines whether or not to provide cluster information, - which could potentially contain very large CA data, to this exec plugin as a - part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set - to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for - reading this environment variable. - type: boolean - required: - - command - type: object - type: object - required: - - user - type: object - kubeConfigPath: - description: KubeConfigPath is used to specify - the actual file path or URL to the kubeconfig - file from which to load cluster information - type: string - required: - - kubeConfigPath - type: object - timeout: - description: Timeout modifies the discovery timeout - type: string - tlsBootstrapToken: - description: |- - TLSBootstrapToken is a token used for TLS bootstrapping. - If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. - If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information - type: string - type: object - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - nodeRegistration: - description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: CRISocket is used to retrieve container - runtime info. This information will be annotated - to the Node API object, for later re-use - type: string - ignorePreflightErrors: - description: IgnorePreflightErrors provides a slice - of pre-flight errors to be ignored when the current - node is registered. - items: - type: string - type: array - imagePullPolicy: - description: |- - ImagePullPolicy specifies the policy for image pulling - during kubeadm "init" and "join" operations. The value of - this field must be one of "Always", "IfNotPresent" or - "Never". Defaults to "IfNotPresent". This can be used only - with Kubernetes version equal to 1.22 and later. - enum: - - Always - - IfNotPresent - - Never - type: string - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied - to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to - the taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - patches: - description: |- - Patches contains options related to applying patches to components deployed by kubeadm during - "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22 - properties: - directory: - description: |- - Directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". - For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of - "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one - of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. - The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". - "suffix" is an optional string that can be used to determine which patches are applied - first alpha-numerically. - These files can be written into the target directory via KubeadmConfig.Files which - specifies additional files to be created on the machine, either with content inline or - by referencing a secret. - type: string - type: object - skipPhases: - description: |- - SkipPhases is a list of phases to skip during command execution. - The list of phases can be obtained with the "kubeadm init --help" command. - This option takes effect only on Kubernetes >=1.22.0. - items: - type: string - type: array - type: object - mounts: - description: Mounts specifies a list of mount points to be - setup. - items: - description: MountPoints defines input for generated mounts - in cloud-init. - items: - type: string - type: array - type: array - ntp: - description: NTP specifies NTP configuration - properties: - enabled: - description: Enabled specifies whether NTP should be enabled - type: boolean - servers: - description: Servers specifies which NTP servers to use - items: - type: string - type: array - type: object - postKubeadmCommands: - description: PostKubeadmCommands specifies extra commands - to run after kubeadm runs - items: - type: string - type: array - preKubeadmCommands: - description: PreKubeadmCommands specifies extra commands to - run before kubeadm runs - items: - type: string - type: array - useExperimentalRetryJoin: - description: |- - UseExperimentalRetryJoin replaces a basic kubeadm command with a shell - script with retries for joins. - - - This is meant to be an experimental temporary workaround on some environments - where joins fail due to timing (and other issues). The long term goal is to add retries to - kubeadm proper and use that functionality. - - - This will add about 40KB to userdata - - - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. - - - Deprecated: This experimental fix is no longer needed and this field will be removed in a future release. - When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml - type: boolean - users: - description: Users specifies extra users to add - items: - description: User defines the input for a generated user - in cloud-init. - properties: - gecos: - description: Gecos specifies the gecos to use for the - user - type: string - groups: - description: Groups specifies the additional groups - for the user - type: string - homeDir: - description: HomeDir specifies the home directory to - use for the user - type: string - inactive: - description: Inactive specifies whether to mark the - user as inactive - type: boolean - lockPassword: - description: LockPassword specifies if password login - should be disabled - type: boolean - name: - description: Name specifies the user name - type: string - passwd: - description: Passwd specifies a hashed password for - the user - type: string - passwdFrom: - description: PasswdFrom is a referenced source of passwd - to populate the passwd. - properties: - secret: - description: Secret represents a secret that should - populate this password. - properties: - key: - description: Key is the key in the secret's - data map for this value. - type: string - name: - description: Name of the secret in the KubeadmBootstrapConfig's - namespace to use. - type: string - required: - - key - - name - type: object - required: - - secret - type: object - primaryGroup: - description: PrimaryGroup specifies the primary group - for the user - type: string - shell: - description: Shell specifies the user's shell - type: string - sshAuthorizedKeys: - description: SSHAuthorizedKeys specifies a list of ssh - authorized keys for the user - items: - type: string - type: array - sudo: - description: Sudo specifies a sudo role for the user - type: string - required: - - name - type: object - type: array - verbosity: - description: |- - Verbosity is the number for the kubeadm log level verbosity. - It overrides the `--v` flag in kubeadm commands. - format: int32 - type: integer - type: object - type: object - required: - - template - type: object - type: object - served: true - storage: true - subresources: {} - --- - apiVersion: v1 - kind: ServiceAccount - metadata: - labels: - cluster.x-k8s.io/provider: bootstrap-kubeadm - name: capi-kubeadm-bootstrap-manager - namespace: capi-kubeadm-bootstrap-system - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - cluster.x-k8s.io/provider: bootstrap-kubeadm - name: capi-kubeadm-bootstrap-leader-election-role - namespace: capi-kubeadm-bootstrap-system - rules: - - apiGroups: - - "" - resources: - - events - verbs: - - create - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - labels: - cluster.x-k8s.io/provider: bootstrap-kubeadm - name: capi-kubeadm-bootstrap-manager-role - rules: - - apiGroups: - - "" - resources: - - configmaps - - events - - secrets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - apiGroups: - - bootstrap.cluster.x-k8s.io - resources: - - kubeadmconfigs - - kubeadmconfigs/finalizers - - kubeadmconfigs/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - clusters - - clusters/status - - machinepools - - machinepools/status - - machines - - machines/status - - machinesets - verbs: - - get - - list - - watch - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - cluster.x-k8s.io/provider: bootstrap-kubeadm - name: capi-kubeadm-bootstrap-leader-election-rolebinding - namespace: capi-kubeadm-bootstrap-system - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: capi-kubeadm-bootstrap-leader-election-role - subjects: - - kind: ServiceAccount - name: capi-kubeadm-bootstrap-manager - namespace: capi-kubeadm-bootstrap-system - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - labels: - cluster.x-k8s.io/provider: bootstrap-kubeadm - name: capi-kubeadm-bootstrap-manager-rolebinding - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: capi-kubeadm-bootstrap-manager-role - subjects: - - kind: ServiceAccount - name: capi-kubeadm-bootstrap-manager - namespace: capi-kubeadm-bootstrap-system - --- - apiVersion: v1 - kind: Service - metadata: - labels: - cluster.x-k8s.io/provider: bootstrap-kubeadm - name: capi-kubeadm-bootstrap-webhook-service - namespace: capi-kubeadm-bootstrap-system - spec: - ports: - - port: 443 - targetPort: webhook-server - selector: - cluster.x-k8s.io/provider: bootstrap-kubeadm - --- - apiVersion: apps/v1 - kind: Deployment - metadata: - labels: - cluster.x-k8s.io/provider: bootstrap-kubeadm - control-plane: controller-manager - name: capi-kubeadm-bootstrap-controller-manager - namespace: capi-kubeadm-bootstrap-system - spec: - replicas: 1 - selector: - matchLabels: - cluster.x-k8s.io/provider: bootstrap-kubeadm - control-plane: controller-manager - template: - metadata: - labels: - cluster.x-k8s.io/provider: bootstrap-kubeadm - control-plane: controller-manager - spec: - containers: - - args: - - --leader-elect - - --diagnostics-address=${CAPI_DIAGNOSTICS_ADDRESS:=:8443} - - --insecure-diagnostics=${CAPI_INSECURE_DIAGNOSTICS:=false} - - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=true},KubeadmBootstrapFormatIgnition=${EXP_KUBEADM_BOOTSTRAP_FORMAT_IGNITION:=false} - - --bootstrap-token-ttl=${KUBEADM_BOOTSTRAP_TOKEN_TTL:=15m} - command: - - /manager - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_UID - valueFrom: - fieldRef: - fieldPath: metadata.uid - image: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.7.7 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - - containerPort: 8443 - name: metrics - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - runAsGroup: 65532 - runAsUser: 65532 - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: capi-kubeadm-bootstrap-manager - terminationGracePeriodSeconds: 10 - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - volumes: - - name: cert - secret: - secretName: capi-kubeadm-bootstrap-webhook-service-cert - --- - apiVersion: cert-manager.io/v1 - kind: Certificate - metadata: - labels: - cluster.x-k8s.io/provider: bootstrap-kubeadm - name: capi-kubeadm-bootstrap-serving-cert - namespace: capi-kubeadm-bootstrap-system - spec: - dnsNames: - - capi-kubeadm-bootstrap-webhook-service.capi-kubeadm-bootstrap-system.svc - - capi-kubeadm-bootstrap-webhook-service.capi-kubeadm-bootstrap-system.svc.cluster.local - issuerRef: - kind: Issuer - name: capi-kubeadm-bootstrap-selfsigned-issuer - secretName: capi-kubeadm-bootstrap-webhook-service-cert - subject: - organizations: - - k8s-sig-cluster-lifecycle - --- - apiVersion: cert-manager.io/v1 - kind: Issuer - metadata: - labels: - cluster.x-k8s.io/provider: bootstrap-kubeadm - name: capi-kubeadm-bootstrap-selfsigned-issuer - namespace: capi-kubeadm-bootstrap-system - spec: - selfSigned: {} - --- - apiVersion: admissionregistration.k8s.io/v1 - kind: MutatingWebhookConfiguration - metadata: - annotations: - cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert - labels: - cluster.x-k8s.io/provider: bootstrap-kubeadm - name: capi-kubeadm-bootstrap-mutating-webhook-configuration - webhooks: - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-kubeadm-bootstrap-webhook-service - namespace: capi-kubeadm-bootstrap-system - path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfig - failurePolicy: Fail - name: default.kubeadmconfig.bootstrap.cluster.x-k8s.io - rules: - - apiGroups: - - bootstrap.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - kubeadmconfigs - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-kubeadm-bootstrap-webhook-service - namespace: capi-kubeadm-bootstrap-system - path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfigtemplate - failurePolicy: Fail - name: default.kubeadmconfigtemplate.bootstrap.cluster.x-k8s.io - rules: - - apiGroups: - - bootstrap.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - kubeadmconfigtemplates - sideEffects: None - --- - apiVersion: admissionregistration.k8s.io/v1 - kind: ValidatingWebhookConfiguration - metadata: - annotations: - cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert - labels: - cluster.x-k8s.io/provider: bootstrap-kubeadm - name: capi-kubeadm-bootstrap-validating-webhook-configuration - webhooks: - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-kubeadm-bootstrap-webhook-service - namespace: capi-kubeadm-bootstrap-system - path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfig - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.kubeadmconfig.bootstrap.cluster.x-k8s.io - rules: - - apiGroups: - - bootstrap.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - kubeadmconfigs - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-kubeadm-bootstrap-webhook-service - namespace: capi-kubeadm-bootstrap-system - path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfigtemplate - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.kubeadmconfigtemplate.bootstrap.cluster.x-k8s.io - rules: - - apiGroups: - - bootstrap.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - kubeadmconfigtemplates - sideEffects: None - metadata: | - # maps release series of major.minor to cluster-api contract version - # the contract version may change between minor or major versions, but *not* - # between patch versions. - # - # update this file only when a new major or minor version is released - apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 - kind: Metadata - releaseSeries: - - major: 1 - minor: 7 - contract: v1beta1 - - major: 1 - minor: 6 - contract: v1beta1 - - major: 1 - minor: 5 - contract: v1beta1 - - major: 1 - minor: 4 - contract: v1beta1 - - major: 1 - minor: 3 - contract: v1beta1 - - major: 1 - minor: 2 - contract: v1beta1 - - major: 1 - minor: 1 - contract: v1beta1 - - major: 1 - minor: 0 - contract: v1beta1 -kind: ConfigMap -metadata: - labels: - provider.cluster.x-k8s.io/name: kubeadm - provider.cluster.x-k8s.io/type: bootstrap - provider.cluster.x-k8s.io/version: v1.7.7 - name: bootstrap-kubeadm-v1.7.7 - namespace: capi-kubeadm-bootstrap-system diff --git a/test/e2e/resources/controlplane-kubeadm-v1.8.0.yaml b/test/e2e/resources/controlplane-kubeadm-v1.10.4.yaml similarity index 82% rename from test/e2e/resources/controlplane-kubeadm-v1.8.0.yaml rename to test/e2e/resources/controlplane-kubeadm-v1.10.4.yaml index 74068602f..cf60b094d 100644 --- a/test/e2e/resources/controlplane-kubeadm-v1.8.0.yaml +++ b/test/e2e/resources/controlplane-kubeadm-v1.10.4.yaml @@ -1,12 +1,20 @@ apiVersion: v1 data: components: | + apiVersion: v1 + kind: Namespace + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + control-plane: controller-manager + name: capi-kubeadm-control-plane-system + --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 labels: cluster.x-k8s.io/provider: control-plane-kubeadm cluster.x-k8s.io/v1beta1: v1beta1 @@ -74,7 +82,6 @@ data: description: |- KubeadmControlPlane is the Schema for the KubeadmControlPlane API. - Deprecated: This type will be removed in one of the next releases. properties: apiVersion: @@ -95,11 +102,11 @@ data: metadata: type: object spec: - description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane. + description: spec is the desired state of KubeadmControlPlane. properties: infrastructureTemplate: description: |- - InfrastructureTemplate is a required reference to a custom resource + infrastructureTemplate is a required reference to a custom resource offered by an infrastructure provider. properties: apiVersion: @@ -114,7 +121,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -145,11 +151,11 @@ data: x-kubernetes-map-type: atomic kubeadmConfigSpec: description: |- - KubeadmConfigSpec is a KubeadmConfigSpec + kubeadmConfigSpec is a KubeadmConfigSpec to use for initializing and joining machines to the control plane. properties: clusterConfiguration: - description: ClusterConfiguration along with InitConfiguration + description: clusterConfiguration along with InitConfiguration are the configurations necessary for the init command properties: apiServer: @@ -165,10 +171,8 @@ data: extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: ExtraArgs is an extra set of flags to pass + to the control plane component. type: object extraVolumes: description: ExtraVolumes is an extra set of host volumes, @@ -245,10 +249,8 @@ data: extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: ExtraArgs is an extra set of flags to pass + to the control plane component. type: object extraVolumes: description: ExtraVolumes is an extra set of host volumes, @@ -434,10 +436,8 @@ data: extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: ExtraArgs is an extra set of flags to pass + to the control plane component. type: object extraVolumes: description: ExtraVolumes is an extra set of host volumes, @@ -480,45 +480,45 @@ data: type: boolean type: object diskSetup: - description: DiskSetup specifies options for the creation of partition + description: diskSetup specifies options for the creation of partition tables and file systems on devices. properties: filesystems: - description: Filesystems specifies the list of file systems + description: filesystems specifies the list of file systems to setup. items: description: Filesystem defines the file systems to be created. properties: device: - description: Device specifies the device name + description: device specifies the device name type: string extraOpts: - description: ExtraOpts defined extra options to add + description: extraOpts defined extra options to add to the command for creating the file system. items: type: string type: array filesystem: - description: Filesystem specifies the file system type. + description: filesystem specifies the file system type. type: string label: - description: Label specifies the file system label to + description: label specifies the file system label to be used. If set to None, no label is used. type: string overwrite: description: |- - Overwrite defines whether or not to overwrite any existing filesystem. + overwrite defines whether or not to overwrite any existing filesystem. If true, any pre-existing file system will be destroyed. Use with Caution. type: boolean partition: - description: 'Partition specifies the partition to use. + description: 'partition specifies the partition to use. The valid options are: "auto|any", "auto", "any", "none", and , where NUM is the actual partition number.' type: string replaceFS: description: |- - ReplaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . + replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . NOTE: unless you define a label, this requires the use of the 'any' partition directive. type: string required: @@ -528,29 +528,29 @@ data: type: object type: array partitions: - description: Partitions specifies the list of the partitions + description: partitions specifies the list of the partitions to setup. items: description: Partition defines how to create and layout a partition. properties: device: - description: Device is the name of the device. + description: device is the name of the device. type: string layout: description: |- - Layout specifies the device layout. + layout specifies the device layout. If it is true, a single partition will be created for the entire device. When layout is false, it means don't partition or ignore existing partitioning. type: boolean overwrite: description: |- - Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. + overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. Use with caution. Default is 'false'. type: boolean tableType: description: |- - TableType specifies the tupe of partition table. The following are supported: + tableType specifies the tupe of partition table. The following are supported: 'mbr': default and setups a MS-DOS partition table 'gpt': setups a GPT partition table type: string @@ -561,29 +561,29 @@ data: type: array type: object files: - description: Files specifies extra files to be passed to user_data + description: files specifies extra files to be passed to user_data upon creation. items: description: File defines the input for generating write_files in cloud-init. properties: content: - description: Content is the actual content of the file. + description: content is the actual content of the file. type: string contentFrom: - description: ContentFrom is a referenced source of content + description: contentFrom is a referenced source of content to populate the file. properties: secret: - description: Secret represents a secret that should + description: secret represents a secret that should populate this file. properties: key: - description: Key is the key in the secret's data + description: key is the key in the secret's data map for this value. type: string name: - description: Name of the secret in the KubeadmBootstrapConfig's + description: name of the secret in the KubeadmBootstrapConfig's namespace to use. type: string required: @@ -594,7 +594,7 @@ data: - secret type: object encoding: - description: Encoding specifies the encoding of the file + description: encoding specifies the encoding of the file contents. enum: - base64 @@ -602,15 +602,15 @@ data: - gzip+base64 type: string owner: - description: Owner specifies the ownership of the file, + description: owner specifies the ownership of the file, e.g. "root:root". type: string path: - description: Path specifies the full path on disk where + description: path specifies the full path on disk where to store the file. type: string permissions: - description: Permissions specifies the permissions to assign + description: permissions specifies the permissions to assign to the file, e.g. "0640". type: string required: @@ -618,13 +618,13 @@ data: type: object type: array format: - description: Format specifies the output format of the bootstrap + description: format specifies the output format of the bootstrap data enum: - cloud-config type: string initConfiguration: - description: InitConfiguration along with ClusterConfiguration + description: initConfiguration along with ClusterConfiguration are the configurations necessary for the init command properties: apiVersion: @@ -775,7 +775,7 @@ data: type: object type: object joinConfiguration: - description: JoinConfiguration is the kubeadm configuration for + description: joinConfiguration is the kubeadm configuration for the join command properties: apiVersion: @@ -790,7 +790,6 @@ data: CACertPath is the path to the SSL certificate authority used to secure comunications between node and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". - TODO: revisit when there is defaulting from k/k type: string controlPlane: description: |- @@ -817,9 +816,8 @@ data: type: object type: object discovery: - description: |- - Discovery specifies the options for the kubelet to use during the TLS Bootstrap process - TODO: revisit when there is defaulting from k/k + description: Discovery specifies the options for the kubelet + to use during the TLS Bootstrap process properties: bootstrapToken: description: |- @@ -879,7 +877,6 @@ data: TLSBootstrapToken is a token used for TLS bootstrapping. If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information - TODO: revisit when there is defaulting from k/k type: string type: object kind: @@ -953,7 +950,7 @@ data: type: object type: object mounts: - description: Mounts specifies a list of mount points to be setup. + description: mounts specifies a list of mount points to be setup. items: description: MountPoints defines input for generated mounts in cloud-init. @@ -962,92 +959,89 @@ data: type: array type: array ntp: - description: NTP specifies NTP configuration + description: ntp specifies NTP configuration properties: enabled: - description: Enabled specifies whether NTP should be enabled + description: enabled specifies whether NTP should be enabled type: boolean servers: - description: Servers specifies which NTP servers to use + description: servers specifies which NTP servers to use items: type: string type: array type: object postKubeadmCommands: - description: PostKubeadmCommands specifies extra commands to run + description: postKubeadmCommands specifies extra commands to run after kubeadm runs items: type: string type: array preKubeadmCommands: - description: PreKubeadmCommands specifies extra commands to run + description: preKubeadmCommands specifies extra commands to run before kubeadm runs items: type: string type: array useExperimentalRetryJoin: description: |- - UseExperimentalRetryJoin replaces a basic kubeadm command with a shell + useExperimentalRetryJoin replaces a basic kubeadm command with a shell script with retries for joins. - This is meant to be an experimental temporary workaround on some environments where joins fail due to timing (and other issues). The long term goal is to add retries to kubeadm proper and use that functionality. - This will add about 40KB to userdata - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. type: boolean users: - description: Users specifies extra users to add + description: users specifies extra users to add items: description: User defines the input for a generated user in cloud-init. properties: gecos: - description: Gecos specifies the gecos to use for the user + description: gecos specifies the gecos to use for the user type: string groups: - description: Groups specifies the additional groups for + description: groups specifies the additional groups for the user type: string homeDir: - description: HomeDir specifies the home directory to use + description: homeDir specifies the home directory to use for the user type: string inactive: - description: Inactive specifies whether to mark the user + description: inactive specifies whether to mark the user as inactive type: boolean lockPassword: - description: LockPassword specifies if password login should + description: lockPassword specifies if password login should be disabled type: boolean name: - description: Name specifies the user name + description: name specifies the user name type: string passwd: - description: Passwd specifies a hashed password for the + description: passwd specifies a hashed password for the user type: string primaryGroup: - description: PrimaryGroup specifies the primary group for + description: primaryGroup specifies the primary group for the user type: string shell: - description: Shell specifies the user's shell + description: shell specifies the user's shell type: string sshAuthorizedKeys: - description: SSHAuthorizedKeys specifies a list of ssh authorized + description: sshAuthorizedKeys specifies a list of ssh authorized keys for the user items: type: string type: array sudo: - description: Sudo specifies a sudo role for the user + description: sudo specifies a sudo role for the user type: string required: - name @@ -1055,32 +1049,32 @@ data: type: array verbosity: description: |- - Verbosity is the number for the kubeadm log level verbosity. + verbosity is the number for the kubeadm log level verbosity. It overrides the `--v` flag in kubeadm commands. format: int32 type: integer type: object nodeDrainTimeout: description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node + nodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` type: string replicas: description: |- - Number of desired machines. Defaults to 1. When stacked etcd is used only + replicas is the number of desired machines. Defaults to 1. When stacked etcd is used only odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). This is a pointer to distinguish between explicit zero and not specified. format: int32 type: integer rolloutStrategy: description: |- - The RolloutStrategy to use to replace control plane machines with + rolloutStrategy is the RolloutStrategy to use to replace control plane machines with new ones. properties: rollingUpdate: description: |- - Rolling update config params. Present only if + rollingUpdate is the rolling update config params. Present only if RolloutStrategyType = RollingUpdate. properties: maxSurge: @@ -1088,7 +1082,7 @@ data: - type: integer - type: string description: |- - The maximum number of control planes that can be scheduled above or under the + maxSurge is the maximum number of control planes that can be scheduled above or under the desired number of control planes. Value can be an absolute number 1 or 0. Defaults to 1. @@ -1098,20 +1092,20 @@ data: type: object type: description: |- - Type of rollout. Currently the only supported strategy is + type of rollout. Currently the only supported strategy is "RollingUpdate". Default is RollingUpdate. type: string type: object upgradeAfter: description: |- - UpgradeAfter is a field to indicate an upgrade should be performed + upgradeAfter is a field to indicate an upgrade should be performed after the specified time even if no changes have been made to the KubeadmControlPlane format: date-time type: string version: - description: Version defines the desired Kubernetes version. + description: version defines the desired Kubernetes version. type: string required: - infrastructureTemplate @@ -1119,44 +1113,44 @@ data: - version type: object status: - description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane. + description: status is the observed state of KubeadmControlPlane. properties: conditions: - description: Conditions defines current service state of the KubeadmControlPlane. + description: conditions defines current service state of the KubeadmControlPlane. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -1167,44 +1161,44 @@ data: type: array failureMessage: description: |- - ErrorMessage indicates that there is a terminal problem reconciling the + failureMessage indicates that there is a terminal problem reconciling the state, and will be set to a descriptive error message. type: string failureReason: description: |- - FailureReason indicates that there is a terminal problem reconciling the + failureReason indicates that there is a terminal problem reconciling the state, and will be set to a token value suitable for programmatic interpretation. type: string initialized: description: |- - Initialized denotes whether or not the control plane has the + initialized denotes whether or not the control plane has the uploaded kubeadm-config configmap. type: boolean observedGeneration: - description: ObservedGeneration is the latest generation observed + description: observedGeneration is the latest generation observed by the controller. format: int64 type: integer ready: description: |- - Ready denotes that the KubeadmControlPlane API Server is ready to + ready denotes that the KubeadmControlPlane API Server is ready to receive requests. type: boolean readyReplicas: - description: Total number of fully running and ready control plane - machines. + description: readyReplicas is the total number of fully running and + ready control plane machines. format: int32 type: integer replicas: description: |- - Total number of non-terminated machines targeted by this control plane + replicas is the total number of non-terminated machines targeted by this control plane (their labels match the selector). format: int32 type: integer selector: description: |- - Selector is the label selector in string format to avoid introspection + selector is the label selector in string format to avoid introspection by clients, and is used to provide the CRD-based integration for the scale subresource and additional integrations for things like kubectl describe.. The string will be in the same format as the query-param syntax. @@ -1212,7 +1206,7 @@ data: type: string unavailableReplicas: description: |- - Total number of unavailable machines targeted by this control plane. + unavailableReplicas is the total number of unavailable machines targeted by this control plane. This is the total number of machines that are still required for the deployment to have 100% available capacity. They may either be machines that are running but not yet ready or machines @@ -1221,7 +1215,7 @@ data: type: integer updatedReplicas: description: |- - Total number of non-terminated machines targeted by this control plane + updatedReplicas is the total number of non-terminated machines targeted by this control plane that have the desired template spec. format: int32 type: integer @@ -1278,7 +1272,6 @@ data: description: |- KubeadmControlPlane is the Schema for the KubeadmControlPlane API. - Deprecated: This type will be removed in one of the next releases. properties: apiVersion: @@ -1299,23 +1292,23 @@ data: metadata: type: object spec: - description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane. + description: spec is the desired state of KubeadmControlPlane. properties: kubeadmConfigSpec: description: |- - KubeadmConfigSpec is a KubeadmConfigSpec + kubeadmConfigSpec is a KubeadmConfigSpec to use for initializing and joining machines to the control plane. properties: clusterConfiguration: - description: ClusterConfiguration along with InitConfiguration + description: clusterConfiguration along with InitConfiguration are the configurations necessary for the init command properties: apiServer: - description: APIServer contains extra settings for the API + description: apiServer contains extra settings for the API server control plane component properties: certSANs: - description: CertSANs sets extra Subject Alternative Names + description: certSANs sets extra Subject Alternative Names for the API Server signing cert. items: type: string @@ -1323,13 +1316,11 @@ data: extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: extraArgs is an extra set of flags to pass + to the control plane component. type: object extraVolumes: - description: ExtraVolumes is an extra set of host volumes, + description: extraVolumes is an extra set of host volumes, mounted to the control plane component. items: description: |- @@ -1338,21 +1329,21 @@ data: properties: hostPath: description: |- - HostPath is the path in the host that will be mounted inside + hostPath is the path in the host that will be mounted inside the pod. type: string mountPath: - description: MountPath is the path inside the pod + description: mountPath is the path inside the pod where hostPath will be mounted. type: string name: - description: Name of the volume inside the pod template. + description: name of the volume inside the pod template. type: string pathType: - description: PathType is the type of the HostPath. + description: pathType is the type of the HostPath. type: string readOnly: - description: ReadOnly controls write access to the + description: readOnly controls write access to the volume type: boolean required: @@ -1362,7 +1353,7 @@ data: type: object type: array timeoutForControlPlane: - description: TimeoutForControlPlane controls the timeout + description: timeoutForControlPlane controls the timeout that we use for API server to appear type: string type: object @@ -1375,15 +1366,15 @@ data: type: string certificatesDir: description: |- - CertificatesDir specifies where to store or look for all required certificates. + certificatesDir specifies where to store or look for all required certificates. NB: if not provided, this will default to `/etc/kubernetes/pki` type: string clusterName: - description: The cluster name + description: clusterName is the cluster name type: string controlPlaneEndpoint: description: |- - ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it + controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint is specified but without a TCP port, @@ -1397,19 +1388,17 @@ data: NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. type: string controllerManager: - description: ControllerManager contains extra settings for + description: controllerManager contains extra settings for the controller manager control plane component properties: extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: extraArgs is an extra set of flags to pass + to the control plane component. type: object extraVolumes: - description: ExtraVolumes is an extra set of host volumes, + description: extraVolumes is an extra set of host volumes, mounted to the control plane component. items: description: |- @@ -1418,21 +1407,21 @@ data: properties: hostPath: description: |- - HostPath is the path in the host that will be mounted inside + hostPath is the path in the host that will be mounted inside the pod. type: string mountPath: - description: MountPath is the path inside the pod + description: mountPath is the path inside the pod where hostPath will be mounted. type: string name: - description: Name of the volume inside the pod template. + description: name of the volume inside the pod template. type: string pathType: - description: PathType is the type of the HostPath. + description: pathType is the type of the HostPath. type: string readOnly: - description: ReadOnly controls write access to the + description: readOnly controls write access to the volume type: boolean required: @@ -1443,49 +1432,49 @@ data: type: array type: object dns: - description: DNS defines the options for the DNS add-on installed + description: dns defines the options for the DNS add-on installed in the cluster. properties: imageRepository: description: |- - ImageRepository sets the container registry to pull images from. + imageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead. type: string imageTag: description: |- - ImageTag allows to specify a tag for the image. + imageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. type: string type: object etcd: description: |- - Etcd holds configuration for etcd. + etcd holds configuration for etcd. NB: This value defaults to a Local (stacked) etcd properties: external: description: |- - External describes how to connect to an external etcd cluster + external describes how to connect to an external etcd cluster Local and External are mutually exclusive properties: caFile: description: |- - CAFile is an SSL Certificate Authority file used to secure etcd communication. + caFile is an SSL Certificate Authority file used to secure etcd communication. Required if using a TLS connection. type: string certFile: description: |- - CertFile is an SSL certification file used to secure etcd communication. + certFile is an SSL certification file used to secure etcd communication. Required if using a TLS connection. type: string endpoints: - description: Endpoints of etcd members. Required for + description: endpoints of etcd members. Required for ExternalEtcd. items: type: string type: array keyFile: description: |- - KeyFile is an SSL key file used to secure etcd communication. + keyFile is an SSL key file used to secure etcd communication. Required if using a TLS connection. type: string required: @@ -1496,39 +1485,39 @@ data: type: object local: description: |- - Local provides configuration knobs for configuring the local etcd instance + local provides configuration knobs for configuring the local etcd instance Local and External are mutually exclusive properties: dataDir: description: |- - DataDir is the directory etcd will place its data. + dataDir is the directory etcd will place its data. Defaults to "/var/lib/etcd". type: string extraArgs: additionalProperties: type: string description: |- - ExtraArgs are extra arguments provided to the etcd binary + extraArgs are extra arguments provided to the etcd binary when run inside a static pod. type: object imageRepository: description: |- - ImageRepository sets the container registry to pull images from. + imageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead. type: string imageTag: description: |- - ImageTag allows to specify a tag for the image. + imageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. type: string peerCertSANs: - description: PeerCertSANs sets extra Subject Alternative + description: peerCertSANs sets extra Subject Alternative Names for the etcd peer signing cert. items: type: string type: array serverCertSANs: - description: ServerCertSANs sets extra Subject Alternative + description: serverCertSANs sets extra Subject Alternative Names for the etcd server signing cert. items: type: string @@ -1538,11 +1527,11 @@ data: featureGates: additionalProperties: type: boolean - description: FeatureGates enabled by the user. + description: featureGates enabled by the user. type: object imageRepository: description: |- - ImageRepository sets the container registry to pull images from. + imageRepository sets the container registry to pull images from. If empty, `registry.k8s.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `registry.k8s.io` will be used for all the other images. @@ -1557,45 +1546,43 @@ data: type: string kubernetesVersion: description: |- - KubernetesVersion is the target version of the control plane. + kubernetesVersion is the target version of the control plane. NB: This value defaults to the Machine object spec.version type: string networking: description: |- - Networking holds configuration for the networking topology of the cluster. + networking holds configuration for the networking topology of the cluster. NB: This value defaults to the Cluster object spec.clusterNetwork. properties: dnsDomain: - description: DNSDomain is the dns domain used by k8s services. + description: dnsDomain is the dns domain used by k8s services. Defaults to "cluster.local". type: string podSubnet: description: |- - PodSubnet is the subnet used by pods. + podSubnet is the subnet used by pods. If unset, the API server will not allocate CIDR ranges for every node. Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set type: string serviceSubnet: description: |- - ServiceSubnet is the subnet used by k8s services. + serviceSubnet is the subnet used by k8s services. Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12" if that's unset. type: string type: object scheduler: - description: Scheduler contains extra settings for the scheduler + description: scheduler contains extra settings for the scheduler control plane component properties: extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: extraArgs is an extra set of flags to pass + to the control plane component. type: object extraVolumes: - description: ExtraVolumes is an extra set of host volumes, + description: extraVolumes is an extra set of host volumes, mounted to the control plane component. items: description: |- @@ -1604,21 +1591,21 @@ data: properties: hostPath: description: |- - HostPath is the path in the host that will be mounted inside + hostPath is the path in the host that will be mounted inside the pod. type: string mountPath: - description: MountPath is the path inside the pod + description: mountPath is the path inside the pod where hostPath will be mounted. type: string name: - description: Name of the volume inside the pod template. + description: name of the volume inside the pod template. type: string pathType: - description: PathType is the type of the HostPath. + description: pathType is the type of the HostPath. type: string readOnly: - description: ReadOnly controls write access to the + description: readOnly controls write access to the volume type: boolean required: @@ -1630,45 +1617,45 @@ data: type: object type: object diskSetup: - description: DiskSetup specifies options for the creation of partition + description: diskSetup specifies options for the creation of partition tables and file systems on devices. properties: filesystems: - description: Filesystems specifies the list of file systems + description: filesystems specifies the list of file systems to setup. items: description: Filesystem defines the file systems to be created. properties: device: - description: Device specifies the device name + description: device specifies the device name type: string extraOpts: - description: ExtraOpts defined extra options to add + description: extraOpts defined extra options to add to the command for creating the file system. items: type: string type: array filesystem: - description: Filesystem specifies the file system type. + description: filesystem specifies the file system type. type: string label: - description: Label specifies the file system label to + description: label specifies the file system label to be used. If set to None, no label is used. type: string overwrite: description: |- - Overwrite defines whether or not to overwrite any existing filesystem. + overwrite defines whether or not to overwrite any existing filesystem. If true, any pre-existing file system will be destroyed. Use with Caution. type: boolean partition: - description: 'Partition specifies the partition to use. + description: 'partition specifies the partition to use. The valid options are: "auto|any", "auto", "any", "none", and , where NUM is the actual partition number.' type: string replaceFS: description: |- - ReplaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . + replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . NOTE: unless you define a label, this requires the use of the 'any' partition directive. type: string required: @@ -1678,29 +1665,29 @@ data: type: object type: array partitions: - description: Partitions specifies the list of the partitions + description: partitions specifies the list of the partitions to setup. items: description: Partition defines how to create and layout a partition. properties: device: - description: Device is the name of the device. + description: device is the name of the device. type: string layout: description: |- - Layout specifies the device layout. + layout specifies the device layout. If it is true, a single partition will be created for the entire device. When layout is false, it means don't partition or ignore existing partitioning. type: boolean overwrite: description: |- - Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. + overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. Use with caution. Default is 'false'. type: boolean tableType: description: |- - TableType specifies the tupe of partition table. The following are supported: + tableType specifies the tupe of partition table. The following are supported: 'mbr': default and setups a MS-DOS partition table 'gpt': setups a GPT partition table type: string @@ -1711,29 +1698,29 @@ data: type: array type: object files: - description: Files specifies extra files to be passed to user_data + description: files specifies extra files to be passed to user_data upon creation. items: description: File defines the input for generating write_files in cloud-init. properties: content: - description: Content is the actual content of the file. + description: content is the actual content of the file. type: string contentFrom: - description: ContentFrom is a referenced source of content + description: contentFrom is a referenced source of content to populate the file. properties: secret: - description: Secret represents a secret that should + description: secret represents a secret that should populate this file. properties: key: - description: Key is the key in the secret's data + description: key is the key in the secret's data map for this value. type: string name: - description: Name of the secret in the KubeadmBootstrapConfig's + description: name of the secret in the KubeadmBootstrapConfig's namespace to use. type: string required: @@ -1744,7 +1731,7 @@ data: - secret type: object encoding: - description: Encoding specifies the encoding of the file + description: encoding specifies the encoding of the file contents. enum: - base64 @@ -1752,15 +1739,15 @@ data: - gzip+base64 type: string owner: - description: Owner specifies the ownership of the file, + description: owner specifies the ownership of the file, e.g. "root:root". type: string path: - description: Path specifies the full path on disk where + description: path specifies the full path on disk where to store the file. type: string permissions: - description: Permissions specifies the permissions to assign + description: permissions specifies the permissions to assign to the file, e.g. "0640". type: string required: @@ -1768,13 +1755,13 @@ data: type: object type: array format: - description: Format specifies the output format of the bootstrap + description: format specifies the output format of the bootstrap data enum: - cloud-config type: string initConfiguration: - description: InitConfiguration along with ClusterConfiguration + description: initConfiguration along with ClusterConfiguration are the configurations necessary for the init command properties: apiVersion: @@ -1786,7 +1773,7 @@ data: type: string bootstrapTokens: description: |- - BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. + bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature items: description: BootstrapToken describes one bootstrap token, @@ -1794,35 +1781,35 @@ data: properties: description: description: |- - Description sets a human-friendly message why this token exists and what it's used + description sets a human-friendly message why this token exists and what it's used for, so other administrators can know its purpose. type: string expires: description: |- - Expires specifies the timestamp when this token expires. Defaults to being set + expires specifies the timestamp when this token expires. Defaults to being set dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. format: date-time type: string groups: description: |- - Groups specifies the extra groups that this token will authenticate as when/if + groups specifies the extra groups that this token will authenticate as when/if used for authentication items: type: string type: array token: description: |- - Token is used for establishing bidirectional trust between nodes and control-planes. + token is used for establishing bidirectional trust between nodes and control-planes. Used for joining nodes in the cluster. type: string ttl: description: |- - TTL defines the time to live for this token. Defaults to 24h. + ttl defines the time to live for this token. Defaults to 24h. Expires and TTL are mutually exclusive. type: string usages: description: |- - Usages describes the ways in which this token can be used. Can by default be used + usages describes the ways in which this token can be used. Can by default be used for establishing bidirectional trust, but that can be changed here. items: type: string @@ -1841,7 +1828,7 @@ data: type: string localAPIEndpoint: description: |- - LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node + localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible @@ -1849,29 +1836,29 @@ data: fails you may set the desired value here. properties: advertiseAddress: - description: AdvertiseAddress sets the IP address for + description: advertiseAddress sets the IP address for the API server to advertise. type: string bindPort: description: |- - BindPort sets the secure port for the API Server to bind to. + bindPort sets the secure port for the API Server to bind to. Defaults to 6443. format: int32 type: integer type: object nodeRegistration: description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. When used in the context of control plane nodes, NodeRegistration should remain consistent across both InitConfiguration and JoinConfiguration properties: criSocket: - description: CRISocket is used to retrieve container runtime + description: criSocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use type: string ignorePreflightErrors: - description: IgnorePreflightErrors provides a slice of + description: ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered. items: @@ -1881,19 +1868,19 @@ data: additionalProperties: type: string description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file + kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. type: object name: description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. This field is also used in the CommonName field of the kubelet's client certificate to the API server. Defaults to the hostname of the node if not provided. type: string taints: description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. items: @@ -1929,7 +1916,7 @@ data: type: object type: object joinConfiguration: - description: JoinConfiguration is the kubeadm configuration for + description: joinConfiguration is the kubeadm configuration for the join command properties: apiVersion: @@ -1941,49 +1928,47 @@ data: type: string caCertPath: description: |- - CACertPath is the path to the SSL certificate authority used to + caCertPath is the path to the SSL certificate authority used to secure comunications between node and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". - TODO: revisit when there is defaulting from k/k type: string controlPlane: description: |- - ControlPlane defines the additional control plane instance to be deployed on the joining node. + controlPlane defines the additional control plane instance to be deployed on the joining node. If nil, no additional control plane instance will be deployed. properties: localAPIEndpoint: - description: LocalAPIEndpoint represents the endpoint + description: localAPIEndpoint represents the endpoint of the API server instance to be deployed on this node. properties: advertiseAddress: - description: AdvertiseAddress sets the IP address + description: advertiseAddress sets the IP address for the API server to advertise. type: string bindPort: description: |- - BindPort sets the secure port for the API Server to bind to. + bindPort sets the secure port for the API Server to bind to. Defaults to 6443. format: int32 type: integer type: object type: object discovery: - description: |- - Discovery specifies the options for the kubelet to use during the TLS Bootstrap process - TODO: revisit when there is defaulting from k/k + description: discovery specifies the options for the kubelet + to use during the TLS Bootstrap process properties: bootstrapToken: description: |- - BootstrapToken is used to set the options for bootstrap token based discovery + bootstrapToken is used to set the options for bootstrap token based discovery BootstrapToken and File are mutually exclusive properties: apiServerEndpoint: - description: APIServerEndpoint is an IP or domain + description: apiServerEndpoint is an IP or domain name to the API server from which info will be fetched. type: string caCertHashes: description: |- - CACertHashes specifies a set of public key pins to verify + caCertHashes specifies a set of public key pins to verify when token-based discovery is used. The root CA found during discovery must match one of these values. Specifying an empty set disables root CA pinning, which can be unsafe. Each hash is specified as ":", @@ -1996,12 +1981,12 @@ data: type: array token: description: |- - Token is a token used to validate cluster information + token is a token used to validate cluster information fetched from the control-plane. type: string unsafeSkipCAVerification: description: |- - UnsafeSkipCAVerification allows token-based discovery + unsafeSkipCAVerification allows token-based discovery without CA verification via CACertHashes. This can weaken the security of kubeadm since other nodes can impersonate the control-plane. type: boolean @@ -2010,11 +1995,11 @@ data: type: object file: description: |- - File is used to specify a file or URL to a kubeconfig file from which to load cluster information + file is used to specify a file or URL to a kubeconfig file from which to load cluster information BootstrapToken and File are mutually exclusive properties: kubeConfigPath: - description: KubeConfigPath is used to specify the + description: kubeConfigPath is used to specify the actual file path or URL to the kubeconfig file from which to load cluster information type: string @@ -2022,11 +2007,11 @@ data: - kubeConfigPath type: object timeout: - description: Timeout modifies the discovery timeout + description: timeout modifies the discovery timeout type: string tlsBootstrapToken: description: |- - TLSBootstrapToken is a token used for TLS bootstrapping. + tlsBootstrapToken is a token used for TLS bootstrapping. If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information type: string @@ -2041,17 +2026,17 @@ data: type: string nodeRegistration: description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. When used in the context of control plane nodes, NodeRegistration should remain consistent across both InitConfiguration and JoinConfiguration properties: criSocket: - description: CRISocket is used to retrieve container runtime + description: criSocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use type: string ignorePreflightErrors: - description: IgnorePreflightErrors provides a slice of + description: ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered. items: @@ -2061,19 +2046,19 @@ data: additionalProperties: type: string description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file + kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. type: object name: description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. This field is also used in the CommonName field of the kubelet's client certificate to the API server. Defaults to the hostname of the node if not provided. type: string taints: description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. items: @@ -2109,7 +2094,7 @@ data: type: object type: object mounts: - description: Mounts specifies a list of mount points to be setup. + description: mounts specifies a list of mount points to be setup. items: description: MountPoints defines input for generated mounts in cloud-init. @@ -2118,92 +2103,89 @@ data: type: array type: array ntp: - description: NTP specifies NTP configuration + description: ntp specifies NTP configuration properties: enabled: - description: Enabled specifies whether NTP should be enabled + description: enabled specifies whether NTP should be enabled type: boolean servers: - description: Servers specifies which NTP servers to use + description: servers specifies which NTP servers to use items: type: string type: array type: object postKubeadmCommands: - description: PostKubeadmCommands specifies extra commands to run + description: postKubeadmCommands specifies extra commands to run after kubeadm runs items: type: string type: array preKubeadmCommands: - description: PreKubeadmCommands specifies extra commands to run + description: preKubeadmCommands specifies extra commands to run before kubeadm runs items: type: string type: array useExperimentalRetryJoin: description: |- - UseExperimentalRetryJoin replaces a basic kubeadm command with a shell + useExperimentalRetryJoin replaces a basic kubeadm command with a shell script with retries for joins. - This is meant to be an experimental temporary workaround on some environments where joins fail due to timing (and other issues). The long term goal is to add retries to kubeadm proper and use that functionality. - This will add about 40KB to userdata - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. type: boolean users: - description: Users specifies extra users to add + description: users specifies extra users to add items: description: User defines the input for a generated user in cloud-init. properties: gecos: - description: Gecos specifies the gecos to use for the user + description: gecos specifies the gecos to use for the user type: string groups: - description: Groups specifies the additional groups for + description: groups specifies the additional groups for the user type: string homeDir: - description: HomeDir specifies the home directory to use + description: homeDir specifies the home directory to use for the user type: string inactive: - description: Inactive specifies whether to mark the user + description: inactive specifies whether to mark the user as inactive type: boolean lockPassword: - description: LockPassword specifies if password login should + description: lockPassword specifies if password login should be disabled type: boolean name: - description: Name specifies the user name + description: name specifies the user name type: string passwd: - description: Passwd specifies a hashed password for the + description: passwd specifies a hashed password for the user type: string primaryGroup: - description: PrimaryGroup specifies the primary group for + description: primaryGroup specifies the primary group for the user type: string shell: - description: Shell specifies the user's shell + description: shell specifies the user's shell type: string sshAuthorizedKeys: - description: SSHAuthorizedKeys specifies a list of ssh authorized + description: sshAuthorizedKeys specifies a list of ssh authorized keys for the user items: type: string type: array sudo: - description: Sudo specifies a sudo role for the user + description: sudo specifies a sudo role for the user type: string required: - name @@ -2211,19 +2193,19 @@ data: type: array verbosity: description: |- - Verbosity is the number for the kubeadm log level verbosity. + verbosity is the number for the kubeadm log level verbosity. It overrides the `--v` flag in kubeadm commands. format: int32 type: integer type: object machineTemplate: description: |- - MachineTemplate contains information about how machines + machineTemplate contains information about how machines should be shaped when creating or updating a control plane. properties: infrastructureRef: description: |- - InfrastructureRef is a required reference to a custom resource + infrastructureRef is a required reference to a custom resource offered by an infrastructure provider. properties: apiVersion: @@ -2238,7 +2220,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -2269,14 +2250,14 @@ data: x-kubernetes-map-type: atomic metadata: description: |- - Standard object's metadata. + metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata properties: annotations: additionalProperties: type: string description: |- - Annotations is an unstructured key value map stored with a resource that may be + annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations @@ -2285,7 +2266,7 @@ data: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels @@ -2293,7 +2274,7 @@ data: type: object nodeDrainTimeout: description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node + nodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` type: string @@ -2302,14 +2283,14 @@ data: type: object replicas: description: |- - Number of desired machines. Defaults to 1. When stacked etcd is used only + replicas is the number of desired machines. Defaults to 1. When stacked etcd is used only odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). This is a pointer to distinguish between explicit zero and not specified. format: int32 type: integer rolloutAfter: description: |- - RolloutAfter is a field to indicate a rollout should be performed + rolloutAfter is a field to indicate a rollout should be performed after the specified time even if no changes have been made to the KubeadmControlPlane. format: date-time @@ -2320,12 +2301,12 @@ data: maxSurge: 1 type: RollingUpdate description: |- - The RolloutStrategy to use to replace control plane machines with + rolloutStrategy is the RolloutStrategy to use to replace control plane machines with new ones. properties: rollingUpdate: description: |- - Rolling update config params. Present only if + rollingUpdate is the rolling update config params. Present only if RolloutStrategyType = RollingUpdate. properties: maxSurge: @@ -2333,7 +2314,7 @@ data: - type: integer - type: string description: |- - The maximum number of control planes that can be scheduled above or under the + maxSurge is the maximum number of control planes that can be scheduled above or under the desired number of control planes. Value can be an absolute number 1 or 0. Defaults to 1. @@ -2343,13 +2324,13 @@ data: type: object type: description: |- - Type of rollout. Currently the only supported strategy is + type of rollout. Currently the only supported strategy is "RollingUpdate". Default is RollingUpdate. type: string type: object version: - description: Version defines the desired Kubernetes version. + description: version defines the desired Kubernetes version. type: string required: - kubeadmConfigSpec @@ -2357,44 +2338,44 @@ data: - version type: object status: - description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane. + description: status is the observed state of KubeadmControlPlane. properties: conditions: - description: Conditions defines current service state of the KubeadmControlPlane. + description: conditions defines current service state of the KubeadmControlPlane. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -2405,44 +2386,44 @@ data: type: array failureMessage: description: |- - ErrorMessage indicates that there is a terminal problem reconciling the + failureMessage indicates that there is a terminal problem reconciling the state, and will be set to a descriptive error message. type: string failureReason: description: |- - FailureReason indicates that there is a terminal problem reconciling the + failureReason indicates that there is a terminal problem reconciling the state, and will be set to a token value suitable for programmatic interpretation. type: string initialized: description: |- - Initialized denotes whether or not the control plane has the + initialized denotes whether or not the control plane has the uploaded kubeadm-config configmap. type: boolean observedGeneration: - description: ObservedGeneration is the latest generation observed + description: observedGeneration is the latest generation observed by the controller. format: int64 type: integer ready: description: |- - Ready denotes that the KubeadmControlPlane API Server is ready to + ready denotes that the KubeadmControlPlane API Server is ready to receive requests. type: boolean readyReplicas: - description: Total number of fully running and ready control plane - machines. + description: readyReplicas is the total number of fully running and + ready control plane machines. format: int32 type: integer replicas: description: |- - Total number of non-terminated machines targeted by this control plane + replicas is the total number of non-terminated machines targeted by this control plane (their labels match the selector). format: int32 type: integer selector: description: |- - Selector is the label selector in string format to avoid introspection + selector is the label selector in string format to avoid introspection by clients, and is used to provide the CRD-based integration for the scale subresource and additional integrations for things like kubectl describe.. The string will be in the same format as the query-param syntax. @@ -2450,7 +2431,7 @@ data: type: string unavailableReplicas: description: |- - Total number of unavailable machines targeted by this control plane. + unavailableReplicas is the total number of unavailable machines targeted by this control plane. This is the total number of machines that are still required for the deployment to have 100% available capacity. They may either be machines that are running but not yet ready or machines @@ -2459,13 +2440,13 @@ data: type: integer updatedReplicas: description: |- - Total number of non-terminated machines targeted by this control plane + updatedReplicas is the total number of non-terminated machines targeted by this control plane that have the desired template spec. format: int32 type: integer version: description: |- - Version represents the minimum Kubernetes version for the control plane machines + version represents the minimum Kubernetes version for the control plane machines in the cluster. type: string type: object @@ -2547,38 +2528,50 @@ data: metadata: type: object spec: - description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane. + description: spec is the desired state of KubeadmControlPlane. properties: kubeadmConfigSpec: description: |- - KubeadmConfigSpec is a KubeadmConfigSpec + kubeadmConfigSpec is a KubeadmConfigSpec to use for initializing and joining machines to the control plane. properties: + bootCommands: + description: |- + bootCommands specifies extra commands to run very early in the boot process via the cloud-init bootcmd + module. bootcmd will run on every boot, 'cloud-init-per' command can be used to make bootcmd run exactly + once. This is typically run in the cloud-init.service systemd unit. This has no effect in Ignition. + items: + maxLength: 10240 + minLength: 1 + type: string + maxItems: 1000 + type: array clusterConfiguration: - description: ClusterConfiguration along with InitConfiguration + description: clusterConfiguration along with InitConfiguration are the configurations necessary for the init command properties: apiServer: - description: APIServer contains extra settings for the API + description: apiServer contains extra settings for the API server control plane component properties: certSANs: - description: CertSANs sets extra Subject Alternative Names + description: certSANs sets extra Subject Alternative Names for the API Server signing cert. items: + maxLength: 253 + minLength: 1 type: string + maxItems: 100 type: array extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: extraArgs is an extra set of flags to pass + to the control plane component. type: object extraEnvs: description: |- - ExtraEnvs is an extra set of environment variables to pass to the control plane component. + extraEnvs is an extra set of environment variables to pass to the control plane component. Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. This option takes effect only on Kubernetes >=1.31.0. items: @@ -2618,9 +2611,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -2687,9 +2678,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -2703,9 +2692,10 @@ data: required: - name type: object + maxItems: 100 type: array extraVolumes: - description: ExtraVolumes is an extra set of host volumes, + description: extraVolumes is an extra set of host volumes, mounted to the control plane component. items: description: |- @@ -2714,21 +2704,27 @@ data: properties: hostPath: description: |- - HostPath is the path in the host that will be mounted inside + hostPath is the path in the host that will be mounted inside the pod. + maxLength: 512 + minLength: 1 type: string mountPath: - description: MountPath is the path inside the pod + description: mountPath is the path inside the pod where hostPath will be mounted. + maxLength: 512 + minLength: 1 type: string name: - description: Name of the volume inside the pod template. + description: name of the volume inside the pod template. + maxLength: 512 + minLength: 1 type: string pathType: - description: PathType is the type of the HostPath. + description: pathType is the type of the HostPath. type: string readOnly: - description: ReadOnly controls write access to the + description: readOnly controls write access to the volume type: boolean required: @@ -2736,9 +2732,10 @@ data: - mountPath - name type: object + maxItems: 100 type: array timeoutForControlPlane: - description: TimeoutForControlPlane controls the timeout + description: timeoutForControlPlane controls the timeout that we use for API server to appear type: string type: object @@ -2751,15 +2748,19 @@ data: type: string certificatesDir: description: |- - CertificatesDir specifies where to store or look for all required certificates. + certificatesDir specifies where to store or look for all required certificates. NB: if not provided, this will default to `/etc/kubernetes/pki` + maxLength: 512 + minLength: 1 type: string clusterName: - description: The cluster name + description: clusterName is the cluster name + maxLength: 63 + minLength: 1 type: string controlPlaneEndpoint: description: |- - ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it + controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint is specified but without a TCP port, @@ -2771,22 +2772,22 @@ data: e.g. in environments with enforced node recycling, the ControlPlaneEndpoint could be used for assigning a stable DNS to the control plane. NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. + maxLength: 512 + minLength: 1 type: string controllerManager: - description: ControllerManager contains extra settings for + description: controllerManager contains extra settings for the controller manager control plane component properties: extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: extraArgs is an extra set of flags to pass + to the control plane component. type: object extraEnvs: description: |- - ExtraEnvs is an extra set of environment variables to pass to the control plane component. + extraEnvs is an extra set of environment variables to pass to the control plane component. Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. This option takes effect only on Kubernetes >=1.31.0. items: @@ -2826,9 +2827,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -2895,9 +2894,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -2911,9 +2908,10 @@ data: required: - name type: object + maxItems: 100 type: array extraVolumes: - description: ExtraVolumes is an extra set of host volumes, + description: extraVolumes is an extra set of host volumes, mounted to the control plane component. items: description: |- @@ -2922,21 +2920,27 @@ data: properties: hostPath: description: |- - HostPath is the path in the host that will be mounted inside + hostPath is the path in the host that will be mounted inside the pod. + maxLength: 512 + minLength: 1 type: string mountPath: - description: MountPath is the path inside the pod + description: mountPath is the path inside the pod where hostPath will be mounted. + maxLength: 512 + minLength: 1 type: string name: - description: Name of the volume inside the pod template. + description: name of the volume inside the pod template. + maxLength: 512 + minLength: 1 type: string pathType: - description: PathType is the type of the HostPath. + description: pathType is the type of the HostPath. type: string readOnly: - description: ReadOnly controls write access to the + description: readOnly controls write access to the volume type: boolean required: @@ -2944,53 +2948,67 @@ data: - mountPath - name type: object + maxItems: 100 type: array type: object dns: - description: DNS defines the options for the DNS add-on installed + description: dns defines the options for the DNS add-on installed in the cluster. properties: imageRepository: description: |- - ImageRepository sets the container registry to pull images from. + imageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead. + maxLength: 512 + minLength: 1 type: string imageTag: description: |- - ImageTag allows to specify a tag for the image. + imageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. + maxLength: 256 + minLength: 1 type: string type: object etcd: description: |- - Etcd holds configuration for etcd. + etcd holds configuration for etcd. NB: This value defaults to a Local (stacked) etcd properties: external: description: |- - External describes how to connect to an external etcd cluster + external describes how to connect to an external etcd cluster Local and External are mutually exclusive properties: caFile: description: |- - CAFile is an SSL Certificate Authority file used to secure etcd communication. + caFile is an SSL Certificate Authority file used to secure etcd communication. Required if using a TLS connection. + maxLength: 512 + minLength: 1 type: string certFile: description: |- - CertFile is an SSL certification file used to secure etcd communication. + certFile is an SSL certification file used to secure etcd communication. Required if using a TLS connection. + maxLength: 512 + minLength: 1 type: string endpoints: - description: Endpoints of etcd members. Required for + description: endpoints of etcd members. Required for ExternalEtcd. items: + maxLength: 512 + minLength: 1 type: string + maxItems: 50 type: array keyFile: description: |- - KeyFile is an SSL key file used to secure etcd communication. + keyFile is an SSL key file used to secure etcd communication. Required if using a TLS connection. + maxLength: 512 + minLength: 1 type: string required: - caFile @@ -3000,24 +3018,26 @@ data: type: object local: description: |- - Local provides configuration knobs for configuring the local etcd instance + local provides configuration knobs for configuring the local etcd instance Local and External are mutually exclusive properties: dataDir: description: |- - DataDir is the directory etcd will place its data. + dataDir is the directory etcd will place its data. Defaults to "/var/lib/etcd". + maxLength: 512 + minLength: 1 type: string extraArgs: additionalProperties: type: string description: |- - ExtraArgs are extra arguments provided to the etcd binary + extraArgs are extra arguments provided to the etcd binary when run inside a static pod. type: object extraEnvs: description: |- - ExtraEnvs is an extra set of environment variables to pass to the control plane component. + extraEnvs is an extra set of environment variables to pass to the control plane component. Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. This option takes effect only on Kubernetes >=1.31.0. items: @@ -3057,9 +3077,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -3129,9 +3147,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -3145,39 +3161,50 @@ data: required: - name type: object + maxItems: 100 type: array imageRepository: description: |- - ImageRepository sets the container registry to pull images from. + imageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead. + maxLength: 512 + minLength: 1 type: string imageTag: description: |- - ImageTag allows to specify a tag for the image. + imageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. + maxLength: 256 + minLength: 1 type: string peerCertSANs: - description: PeerCertSANs sets extra Subject Alternative + description: peerCertSANs sets extra Subject Alternative Names for the etcd peer signing cert. items: + maxLength: 253 + minLength: 1 type: string + maxItems: 100 type: array serverCertSANs: - description: ServerCertSANs sets extra Subject Alternative + description: serverCertSANs sets extra Subject Alternative Names for the etcd server signing cert. items: + maxLength: 253 + minLength: 1 type: string + maxItems: 100 type: array type: object type: object featureGates: additionalProperties: type: boolean - description: FeatureGates enabled by the user. + description: featureGates enabled by the user. type: object imageRepository: description: |- - ImageRepository sets the container registry to pull images from. + imageRepository sets the container registry to pull images from. * If not set, the default registry of kubeadm will be used, i.e. * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 * k8s.gcr.io (old registry): all older versions @@ -3186,8 +3213,10 @@ data: a newer patch version with the new registry instead (i.e. >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0). * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) - `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components + `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `registry.k8s.io` will be used for all the other images. + maxLength: 512 + minLength: 1 type: string kind: description: |- @@ -3199,46 +3228,52 @@ data: type: string kubernetesVersion: description: |- - KubernetesVersion is the target version of the control plane. + kubernetesVersion is the target version of the control plane. NB: This value defaults to the Machine object spec.version + maxLength: 256 + minLength: 1 type: string networking: description: |- - Networking holds configuration for the networking topology of the cluster. + networking holds configuration for the networking topology of the cluster. NB: This value defaults to the Cluster object spec.clusterNetwork. properties: dnsDomain: - description: DNSDomain is the dns domain used by k8s services. + description: dnsDomain is the dns domain used by k8s services. Defaults to "cluster.local". + maxLength: 253 + minLength: 1 type: string podSubnet: description: |- - PodSubnet is the subnet used by pods. + podSubnet is the subnet used by pods. If unset, the API server will not allocate CIDR ranges for every node. Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set + maxLength: 1024 + minLength: 1 type: string serviceSubnet: description: |- - ServiceSubnet is the subnet used by k8s services. + serviceSubnet is the subnet used by k8s services. Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12" if that's unset. + maxLength: 1024 + minLength: 1 type: string type: object scheduler: - description: Scheduler contains extra settings for the scheduler + description: scheduler contains extra settings for the scheduler control plane component properties: extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: extraArgs is an extra set of flags to pass + to the control plane component. type: object extraEnvs: description: |- - ExtraEnvs is an extra set of environment variables to pass to the control plane component. + extraEnvs is an extra set of environment variables to pass to the control plane component. Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. This option takes effect only on Kubernetes >=1.31.0. items: @@ -3278,9 +3313,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -3347,9 +3380,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -3363,9 +3394,10 @@ data: required: - name type: object + maxItems: 100 type: array extraVolumes: - description: ExtraVolumes is an extra set of host volumes, + description: extraVolumes is an extra set of host volumes, mounted to the control plane component. items: description: |- @@ -3374,21 +3406,27 @@ data: properties: hostPath: description: |- - HostPath is the path in the host that will be mounted inside + hostPath is the path in the host that will be mounted inside the pod. + maxLength: 512 + minLength: 1 type: string mountPath: - description: MountPath is the path inside the pod + description: mountPath is the path inside the pod where hostPath will be mounted. + maxLength: 512 + minLength: 1 type: string name: - description: Name of the volume inside the pod template. + description: name of the volume inside the pod template. + maxLength: 512 + minLength: 1 type: string pathType: - description: PathType is the type of the HostPath. + description: pathType is the type of the HostPath. type: string readOnly: - description: ReadOnly controls write access to the + description: readOnly controls write access to the volume type: boolean required: @@ -3396,119 +3434,145 @@ data: - mountPath - name type: object + maxItems: 100 type: array type: object type: object diskSetup: - description: DiskSetup specifies options for the creation of partition + description: diskSetup specifies options for the creation of partition tables and file systems on devices. properties: filesystems: - description: Filesystems specifies the list of file systems + description: filesystems specifies the list of file systems to setup. items: description: Filesystem defines the file systems to be created. properties: device: - description: Device specifies the device name + description: device specifies the device name + maxLength: 256 + minLength: 1 type: string extraOpts: - description: ExtraOpts defined extra options to add + description: extraOpts defined extra options to add to the command for creating the file system. items: + maxLength: 256 + minLength: 1 type: string + maxItems: 100 type: array filesystem: - description: Filesystem specifies the file system type. + description: filesystem specifies the file system type. + maxLength: 128 + minLength: 1 type: string label: - description: Label specifies the file system label to + description: label specifies the file system label to be used. If set to None, no label is used. + maxLength: 512 + minLength: 1 type: string overwrite: description: |- - Overwrite defines whether or not to overwrite any existing filesystem. + overwrite defines whether or not to overwrite any existing filesystem. If true, any pre-existing file system will be destroyed. Use with Caution. type: boolean partition: - description: 'Partition specifies the partition to use. + description: 'partition specifies the partition to use. The valid options are: "auto|any", "auto", "any", "none", and , where NUM is the actual partition number.' + maxLength: 128 + minLength: 1 type: string replaceFS: description: |- - ReplaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . + replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . NOTE: unless you define a label, this requires the use of the 'any' partition directive. + maxLength: 128 + minLength: 1 type: string required: - device - filesystem - - label type: object + maxItems: 100 type: array partitions: - description: Partitions specifies the list of the partitions + description: partitions specifies the list of the partitions to setup. items: description: Partition defines how to create and layout a partition. properties: device: - description: Device is the name of the device. + description: device is the name of the device. + maxLength: 256 + minLength: 1 type: string layout: description: |- - Layout specifies the device layout. + layout specifies the device layout. If it is true, a single partition will be created for the entire device. When layout is false, it means don't partition or ignore existing partitioning. type: boolean overwrite: description: |- - Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. + overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. Use with caution. Default is 'false'. type: boolean tableType: description: |- - TableType specifies the tupe of partition table. The following are supported: + tableType specifies the tupe of partition table. The following are supported: 'mbr': default and setups a MS-DOS partition table 'gpt': setups a GPT partition table + enum: + - mbr + - gpt type: string required: - device - layout type: object + maxItems: 100 type: array type: object files: - description: Files specifies extra files to be passed to user_data + description: files specifies extra files to be passed to user_data upon creation. items: description: File defines the input for generating write_files in cloud-init. properties: append: - description: Append specifies whether to append Content + description: append specifies whether to append Content to existing file if Path exists. type: boolean content: - description: Content is the actual content of the file. + description: content is the actual content of the file. + maxLength: 10240 + minLength: 1 type: string contentFrom: - description: ContentFrom is a referenced source of content + description: contentFrom is a referenced source of content to populate the file. properties: secret: - description: Secret represents a secret that should + description: secret represents a secret that should populate this file. properties: key: - description: Key is the key in the secret's data + description: key is the key in the secret's data map for this value. + maxLength: 256 + minLength: 1 type: string name: - description: Name of the secret in the KubeadmBootstrapConfig's + description: name of the secret in the KubeadmBootstrapConfig's namespace to use. + maxLength: 253 + minLength: 1 type: string required: - key @@ -3518,7 +3582,7 @@ data: - secret type: object encoding: - description: Encoding specifies the encoding of the file + description: encoding specifies the encoding of the file contents. enum: - base64 @@ -3526,50 +3590,58 @@ data: - gzip+base64 type: string owner: - description: Owner specifies the ownership of the file, + description: owner specifies the ownership of the file, e.g. "root:root". + maxLength: 256 + minLength: 1 type: string path: - description: Path specifies the full path on disk where + description: path specifies the full path on disk where to store the file. + maxLength: 512 + minLength: 1 type: string permissions: - description: Permissions specifies the permissions to assign + description: permissions specifies the permissions to assign to the file, e.g. "0640". + maxLength: 16 + minLength: 1 type: string required: - path type: object + maxItems: 200 type: array format: - description: Format specifies the output format of the bootstrap + description: format specifies the output format of the bootstrap data enum: - cloud-config - ignition type: string ignition: - description: Ignition contains Ignition specific configuration. + description: ignition contains Ignition specific configuration. properties: containerLinuxConfig: - description: ContainerLinuxConfig contains CLC specific configuration. + description: containerLinuxConfig contains CLC specific configuration. properties: additionalConfig: description: |- - AdditionalConfig contains additional configuration to be merged with the Ignition + additionalConfig contains additional configuration to be merged with the Ignition configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging - The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + maxLength: 32768 + minLength: 1 type: string strict: - description: Strict controls if AdditionalConfig should + description: strict controls if AdditionalConfig should be strictly parsed. If so, warnings are treated as errors. type: boolean type: object type: object initConfiguration: - description: InitConfiguration along with ClusterConfiguration + description: initConfiguration along with ClusterConfiguration are the configurations necessary for the init command properties: apiVersion: @@ -3581,7 +3653,7 @@ data: type: string bootstrapTokens: description: |- - BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. + bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature items: description: BootstrapToken describes one bootstrap token, @@ -3589,42 +3661,51 @@ data: properties: description: description: |- - Description sets a human-friendly message why this token exists and what it's used + description sets a human-friendly message why this token exists and what it's used for, so other administrators can know its purpose. + maxLength: 512 + minLength: 1 type: string expires: description: |- - Expires specifies the timestamp when this token expires. Defaults to being set + expires specifies the timestamp when this token expires. Defaults to being set dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. format: date-time type: string groups: description: |- - Groups specifies the extra groups that this token will authenticate as when/if + groups specifies the extra groups that this token will authenticate as when/if used for authentication items: + maxLength: 256 + minLength: 1 type: string + maxItems: 100 type: array token: description: |- - Token is used for establishing bidirectional trust between nodes and control-planes. + token is used for establishing bidirectional trust between nodes and control-planes. Used for joining nodes in the cluster. type: string ttl: description: |- - TTL defines the time to live for this token. Defaults to 24h. + ttl defines the time to live for this token. Defaults to 24h. Expires and TTL are mutually exclusive. type: string usages: description: |- - Usages describes the ways in which this token can be used. Can by default be used + usages describes the ways in which this token can be used. Can by default be used for establishing bidirectional trust, but that can be changed here. items: + maxLength: 256 + minLength: 1 type: string + maxItems: 100 type: array required: - token type: object + maxItems: 100 type: array kind: description: |- @@ -3636,7 +3717,7 @@ data: type: string localAPIEndpoint: description: |- - LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node + localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible @@ -3644,37 +3725,44 @@ data: fails you may set the desired value here. properties: advertiseAddress: - description: AdvertiseAddress sets the IP address for + description: advertiseAddress sets the IP address for the API server to advertise. + maxLength: 39 + minLength: 1 type: string bindPort: description: |- - BindPort sets the secure port for the API Server to bind to. + bindPort sets the secure port for the API Server to bind to. Defaults to 6443. format: int32 type: integer type: object nodeRegistration: description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. When used in the context of control plane nodes, NodeRegistration should remain consistent across both InitConfiguration and JoinConfiguration properties: criSocket: - description: CRISocket is used to retrieve container runtime + description: criSocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use + maxLength: 512 + minLength: 1 type: string ignorePreflightErrors: - description: IgnorePreflightErrors provides a slice of + description: ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered. items: + maxLength: 512 + minLength: 1 type: string + maxItems: 50 type: array imagePullPolicy: description: |- - ImagePullPolicy specifies the policy for image pulling + imagePullPolicy specifies the policy for image pulling during kubeadm "init" and "join" operations. The value of this field must be one of "Always", "IfNotPresent" or "Never". Defaults to "IfNotPresent". This can be used only @@ -3686,7 +3774,7 @@ data: type: string imagePullSerial: description: |- - ImagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. + imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. This option takes effect only on Kubernetes >=1.31.0. Default: true (defaulted in kubeadm) type: boolean @@ -3694,19 +3782,21 @@ data: additionalProperties: type: string description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file + kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. type: object name: description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. This field is also used in the CommonName field of the kubelet's client certificate to the API server. Defaults to the hostname of the node if not provided. + maxLength: 253 + minLength: 1 type: string taints: description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. items: @@ -3738,16 +3828,17 @@ data: - effect - key type: object + maxItems: 100 type: array type: object patches: description: |- - Patches contains options related to applying patches to components deployed by kubeadm during + patches contains options related to applying patches to components deployed by kubeadm during "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22 properties: directory: description: |- - Directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". + directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. @@ -3757,19 +3848,24 @@ data: These files can be written into the target directory via KubeadmConfig.Files which specifies additional files to be created on the machine, either with content inline or by referencing a secret. + maxLength: 512 + minLength: 1 type: string type: object skipPhases: description: |- - SkipPhases is a list of phases to skip during command execution. + skipPhases is a list of phases to skip during command execution. The list of phases can be obtained with the "kubeadm init --help" command. This option takes effect only on Kubernetes >=1.22.0. items: + maxLength: 256 + minLength: 1 type: string + maxItems: 50 type: array type: object joinConfiguration: - description: JoinConfiguration is the kubeadm configuration for + description: joinConfiguration is the kubeadm configuration for the join command properties: apiVersion: @@ -3781,49 +3877,53 @@ data: type: string caCertPath: description: |- - CACertPath is the path to the SSL certificate authority used to + caCertPath is the path to the SSL certificate authority used to secure comunications between node and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". - TODO: revisit when there is defaulting from k/k + maxLength: 512 + minLength: 1 type: string controlPlane: description: |- - ControlPlane defines the additional control plane instance to be deployed on the joining node. + controlPlane defines the additional control plane instance to be deployed on the joining node. If nil, no additional control plane instance will be deployed. properties: localAPIEndpoint: - description: LocalAPIEndpoint represents the endpoint + description: localAPIEndpoint represents the endpoint of the API server instance to be deployed on this node. properties: advertiseAddress: - description: AdvertiseAddress sets the IP address + description: advertiseAddress sets the IP address for the API server to advertise. + maxLength: 39 + minLength: 1 type: string bindPort: description: |- - BindPort sets the secure port for the API Server to bind to. + bindPort sets the secure port for the API Server to bind to. Defaults to 6443. format: int32 type: integer type: object type: object discovery: - description: |- - Discovery specifies the options for the kubelet to use during the TLS Bootstrap process - TODO: revisit when there is defaulting from k/k + description: discovery specifies the options for the kubelet + to use during the TLS Bootstrap process properties: bootstrapToken: description: |- - BootstrapToken is used to set the options for bootstrap token based discovery + bootstrapToken is used to set the options for bootstrap token based discovery BootstrapToken and File are mutually exclusive properties: apiServerEndpoint: - description: APIServerEndpoint is an IP or domain + description: apiServerEndpoint is an IP or domain name to the API server from which info will be fetched. + maxLength: 512 + minLength: 1 type: string caCertHashes: description: |- - CACertHashes specifies a set of public key pins to verify + caCertHashes specifies a set of public key pins to verify when token-based discovery is used. The root CA found during discovery must match one of these values. Specifying an empty set disables root CA pinning, which can be unsafe. Each hash is specified as ":", @@ -3832,40 +3932,41 @@ data: ASN.1. These hashes can be calculated using, for example, OpenSSL: openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex items: + maxLength: 512 + minLength: 1 type: string + maxItems: 100 type: array token: description: |- - Token is a token used to validate cluster information + token is a token used to validate cluster information fetched from the control-plane. + maxLength: 512 + minLength: 1 type: string unsafeSkipCAVerification: description: |- - UnsafeSkipCAVerification allows token-based discovery + unsafeSkipCAVerification allows token-based discovery without CA verification via CACertHashes. This can weaken the security of kubeadm since other nodes can impersonate the control-plane. type: boolean - required: - - token type: object file: description: |- - File is used to specify a file or URL to a kubeconfig file from which to load cluster information + file is used to specify a file or URL to a kubeconfig file from which to load cluster information BootstrapToken and File are mutually exclusive properties: kubeConfig: description: |- - KubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information. + kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information. The file is generated at the path specified in KubeConfigPath. - Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint. Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret. properties: cluster: description: |- - Cluster contains information about how to communicate with the kubernetes cluster. - + cluster contains information about how to communicate with the kubernetes cluster. By default the following fields are automatically populated: - Server with the Cluster's ControlPlaneEndpoint. @@ -3873,90 +3974,104 @@ data: properties: certificateAuthorityData: description: |- - CertificateAuthorityData contains PEM-encoded certificate authority certificates. - + certificateAuthorityData contains PEM-encoded certificate authority certificates. Defaults to the Cluster's CA certificate if empty. format: byte + maxLength: 51200 + minLength: 1 type: string insecureSkipTLSVerify: - description: InsecureSkipTLSVerify skips the + description: insecureSkipTLSVerify skips the validity check for the server's certificate. This will make your HTTPS connections insecure. type: boolean proxyURL: description: |- - ProxyURL is the URL to the proxy to be used for all requests made by this + proxyURL is the URL to the proxy to be used for all requests made by this client. URLs with "http", "https", and "socks5" schemes are supported. If this configuration is not provided or the empty string, the client attempts to construct a proxy configuration from http_proxy and https_proxy environment variables. If these environment variables are not set, the client does not attempt to proxy requests. - socks5 proxying does not currently support spdy streaming endpoints (exec, attach, port forward). + maxLength: 512 + minLength: 1 type: string server: description: |- - Server is the address of the kubernetes cluster (https://hostname:port). - + server is the address of the kubernetes cluster (https://hostname:port). Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint. + maxLength: 512 + minLength: 1 type: string tlsServerName: - description: TLSServerName is used to check + description: tlsServerName is used to check server certificate. If TLSServerName is empty, the hostname used to contact the server is used. + maxLength: 512 + minLength: 1 type: string type: object user: description: |- - User contains information that describes identity information. + user contains information that describes identity information. This is used to tell the kubernetes cluster who you are. properties: authProvider: - description: AuthProvider specifies a custom + description: authProvider specifies a custom authentication plugin for the kubernetes cluster. properties: config: additionalProperties: type: string - description: Config holds the parameters + description: config holds the parameters for the authentication plugin. type: object name: - description: Name is the name of the authentication + description: name is the name of the authentication plugin. + maxLength: 256 + minLength: 1 type: string required: - name type: object exec: - description: Exec specifies a custom exec-based + description: exec specifies a custom exec-based authentication plugin for the kubernetes cluster. properties: apiVersion: description: |- - Preferred input version of the ExecInfo. The returned ExecCredentials MUST use + apiVersion is preferred input version of the ExecInfo. The returned ExecCredentials MUST use the same encoding version as the input. Defaults to client.authentication.k8s.io/v1 if not set. + maxLength: 512 + minLength: 1 type: string args: - description: Arguments to pass to the - command when executing it. + description: args is the arguments to + pass to the command when executing it. items: + maxLength: 512 + minLength: 1 type: string + maxItems: 100 type: array command: - description: Command to execute. + description: command to execute. + maxLength: 1024 + minLength: 1 type: string env: description: |- - Env defines additional environment variables to expose to the process. These + env defines additional environment variables to expose to the process. These are unioned with the host's environment, as well as variables client-go uses to pass argument to the plugin. items: @@ -3965,17 +4080,26 @@ data: credential plugin. properties: name: + description: name of the environment + variable + maxLength: 512 + minLength: 1 type: string value: + description: value of the environment + variable + maxLength: 512 + minLength: 1 type: string required: - name - value type: object + maxItems: 100 type: array provideClusterInfo: description: |- - ProvideClusterInfo determines whether or not to provide cluster information, + provideClusterInfo determines whether or not to provide cluster information, which could potentially contain very large CA data, to this exec plugin as a part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for @@ -3989,21 +4113,25 @@ data: - user type: object kubeConfigPath: - description: KubeConfigPath is used to specify the + description: kubeConfigPath is used to specify the actual file path or URL to the kubeconfig file from which to load cluster information + maxLength: 512 + minLength: 1 type: string required: - kubeConfigPath type: object timeout: - description: Timeout modifies the discovery timeout + description: timeout modifies the discovery timeout type: string tlsBootstrapToken: description: |- - TLSBootstrapToken is a token used for TLS bootstrapping. + tlsBootstrapToken is a token used for TLS bootstrapping. If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information + maxLength: 512 + minLength: 1 type: string type: object kind: @@ -4016,25 +4144,30 @@ data: type: string nodeRegistration: description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. When used in the context of control plane nodes, NodeRegistration should remain consistent across both InitConfiguration and JoinConfiguration properties: criSocket: - description: CRISocket is used to retrieve container runtime + description: criSocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use + maxLength: 512 + minLength: 1 type: string ignorePreflightErrors: - description: IgnorePreflightErrors provides a slice of + description: ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered. items: + maxLength: 512 + minLength: 1 type: string + maxItems: 50 type: array imagePullPolicy: description: |- - ImagePullPolicy specifies the policy for image pulling + imagePullPolicy specifies the policy for image pulling during kubeadm "init" and "join" operations. The value of this field must be one of "Always", "IfNotPresent" or "Never". Defaults to "IfNotPresent". This can be used only @@ -4046,7 +4179,7 @@ data: type: string imagePullSerial: description: |- - ImagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. + imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. This option takes effect only on Kubernetes >=1.31.0. Default: true (defaulted in kubeadm) type: boolean @@ -4054,19 +4187,21 @@ data: additionalProperties: type: string description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file + kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. type: object name: description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. This field is also used in the CommonName field of the kubelet's client certificate to the API server. Defaults to the hostname of the node if not provided. + maxLength: 253 + minLength: 1 type: string taints: description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. items: @@ -4098,16 +4233,17 @@ data: - effect - key type: object + maxItems: 100 type: array type: object patches: description: |- - Patches contains options related to applying patches to components deployed by kubeadm during + patches contains options related to applying patches to components deployed by kubeadm during "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22 properties: directory: description: |- - Directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". + directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. @@ -4117,117 +4253,148 @@ data: These files can be written into the target directory via KubeadmConfig.Files which specifies additional files to be created on the machine, either with content inline or by referencing a secret. + maxLength: 512 + minLength: 1 type: string type: object skipPhases: description: |- - SkipPhases is a list of phases to skip during command execution. + skipPhases is a list of phases to skip during command execution. The list of phases can be obtained with the "kubeadm init --help" command. This option takes effect only on Kubernetes >=1.22.0. items: + maxLength: 256 + minLength: 1 type: string + maxItems: 50 type: array type: object mounts: - description: Mounts specifies a list of mount points to be setup. + description: mounts specifies a list of mount points to be setup. items: description: MountPoints defines input for generated mounts in cloud-init. items: + maxLength: 512 + minLength: 1 type: string type: array + maxItems: 100 type: array ntp: - description: NTP specifies NTP configuration + description: ntp specifies NTP configuration properties: enabled: - description: Enabled specifies whether NTP should be enabled + description: enabled specifies whether NTP should be enabled type: boolean servers: - description: Servers specifies which NTP servers to use + description: servers specifies which NTP servers to use items: + maxLength: 512 + minLength: 1 type: string + maxItems: 100 type: array type: object postKubeadmCommands: - description: PostKubeadmCommands specifies extra commands to run - after kubeadm runs + description: |- + postKubeadmCommands specifies extra commands to run after kubeadm runs. + With cloud-init, this is appended to the runcmd module configuration, and is typically executed in + the cloud-final.service systemd unit. In Ignition, this is appended to /etc/kubeadm.sh. items: + maxLength: 10240 + minLength: 1 type: string + maxItems: 1000 type: array preKubeadmCommands: - description: PreKubeadmCommands specifies extra commands to run - before kubeadm runs + description: |- + preKubeadmCommands specifies extra commands to run before kubeadm runs. + With cloud-init, this is prepended to the runcmd module configuration, and is typically executed in + the cloud-final.service systemd unit. In Ignition, this is prepended to /etc/kubeadm.sh. items: + maxLength: 10240 + minLength: 1 type: string + maxItems: 1000 type: array useExperimentalRetryJoin: description: |- - UseExperimentalRetryJoin replaces a basic kubeadm command with a shell + useExperimentalRetryJoin replaces a basic kubeadm command with a shell script with retries for joins. - This is meant to be an experimental temporary workaround on some environments where joins fail due to timing (and other issues). The long term goal is to add retries to kubeadm proper and use that functionality. - This will add about 40KB to userdata - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. - Deprecated: This experimental fix is no longer needed and this field will be removed in a future release. When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml type: boolean users: - description: Users specifies extra users to add + description: users specifies extra users to add items: description: User defines the input for a generated user in cloud-init. properties: gecos: - description: Gecos specifies the gecos to use for the user + description: gecos specifies the gecos to use for the user + maxLength: 256 + minLength: 1 type: string groups: - description: Groups specifies the additional groups for + description: groups specifies the additional groups for the user + maxLength: 256 + minLength: 1 type: string homeDir: - description: HomeDir specifies the home directory to use + description: homeDir specifies the home directory to use for the user + maxLength: 256 + minLength: 1 type: string inactive: - description: Inactive specifies whether to mark the user + description: inactive specifies whether to mark the user as inactive type: boolean lockPassword: - description: LockPassword specifies if password login should + description: lockPassword specifies if password login should be disabled type: boolean name: - description: Name specifies the user name + description: name specifies the user name + maxLength: 256 + minLength: 1 type: string passwd: - description: Passwd specifies a hashed password for the + description: passwd specifies a hashed password for the user + maxLength: 256 + minLength: 1 type: string passwdFrom: - description: PasswdFrom is a referenced source of passwd + description: passwdFrom is a referenced source of passwd to populate the passwd. properties: secret: - description: Secret represents a secret that should + description: secret represents a secret that should populate this password. properties: key: - description: Key is the key in the secret's data + description: key is the key in the secret's data map for this value. + maxLength: 256 + minLength: 1 type: string name: - description: Name of the secret in the KubeadmBootstrapConfig's + description: name of the secret in the KubeadmBootstrapConfig's namespace to use. + maxLength: 253 + minLength: 1 type: string required: - key @@ -4237,40 +4404,71 @@ data: - secret type: object primaryGroup: - description: PrimaryGroup specifies the primary group for + description: primaryGroup specifies the primary group for the user + maxLength: 256 + minLength: 1 type: string shell: - description: Shell specifies the user's shell + description: shell specifies the user's shell + maxLength: 256 + minLength: 1 type: string sshAuthorizedKeys: - description: SSHAuthorizedKeys specifies a list of ssh authorized + description: sshAuthorizedKeys specifies a list of ssh authorized keys for the user items: + maxLength: 2048 + minLength: 1 type: string + maxItems: 100 type: array sudo: - description: Sudo specifies a sudo role for the user + description: sudo specifies a sudo role for the user + maxLength: 256 + minLength: 1 type: string required: - name type: object + maxItems: 100 type: array verbosity: description: |- - Verbosity is the number for the kubeadm log level verbosity. + verbosity is the number for the kubeadm log level verbosity. It overrides the `--v` flag in kubeadm commands. format: int32 type: integer type: object + machineNamingStrategy: + description: |- + machineNamingStrategy allows changing the naming pattern used when creating Machines. + InfraMachines & KubeadmConfigs will use the same name as the corresponding Machines. + properties: + template: + description: |- + template defines the template to use for generating the names of the Machine objects. + If not defined, it will fallback to `{{ .kubeadmControlPlane.name }}-{{ .random }}`. + If the generated name string exceeds 63 characters, it will be trimmed to 58 characters and will + get concatenated with a random suffix of length 5. + Length of the template string must not exceed 256 characters. + The template allows the following variables `.cluster.name`, `.kubeadmControlPlane.name` and `.random`. + The variable `.cluster.name` retrieves the name of the cluster object that owns the Machines being created. + The variable `.kubeadmControlPlane.name` retrieves the name of the KubeadmControlPlane object that owns the Machines being created. + The variable `.random` is substituted with random alphanumeric string, without vowels, of length 5. This variable is required + part of the template. If not provided, validation will fail. + maxLength: 256 + minLength: 1 + type: string + type: object machineTemplate: description: |- - MachineTemplate contains information about how machines + machineTemplate contains information about how machines should be shaped when creating or updating a control plane. properties: infrastructureRef: description: |- - InfrastructureRef is a required reference to a custom resource + infrastructureRef is a required reference to a custom resource offered by an infrastructure provider. properties: apiVersion: @@ -4285,7 +4483,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -4316,14 +4513,14 @@ data: x-kubernetes-map-type: atomic metadata: description: |- - Standard object's metadata. + metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata properties: annotations: additionalProperties: type: string description: |- - Annotations is an unstructured key value map stored with a resource that may be + annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations @@ -4332,7 +4529,7 @@ data: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels @@ -4340,83 +4537,125 @@ data: type: object nodeDeletionTimeout: description: |- - NodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine + nodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. If no value is provided, the default value for this property of the Machine resource will be used. type: string nodeDrainTimeout: description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node + nodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` type: string nodeVolumeDetachTimeout: description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes + nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. type: string + readinessGates: + description: |- + readinessGates specifies additional conditions to include when evaluating Machine Ready condition; + KubeadmControlPlane will always add readinessGates for the condition it is setting on the Machine: + APIServerPodHealthy, SchedulerPodHealthy, ControllerManagerPodHealthy, and if etcd is managed by CKP also + EtcdPodHealthy, EtcdMemberHealthy. + + This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready + computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine. + + NOTE: This field is considered only for computing v1beta2 conditions. + items: + description: MachineReadinessGate contains the type of a Machine + condition to be used as a readiness gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Machine's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this readinessGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map required: - infrastructureRef type: object remediationStrategy: - description: The RemediationStrategy that controls how control plane - machine remediation happens. + description: remediationStrategy is the RemediationStrategy that controls + how control plane machine remediation happens. properties: maxRetry: - description: "MaxRetry is the Max number of retries while attempting + description: "maxRetry is the Max number of retries while attempting to remediate an unhealthy machine.\nA retry happens when a machine that was created as a replacement for an unhealthy machine also fails.\nFor example, given a control plane with three machines - M1, M2, M3:\n\n\n\tM1 become unhealthy; remediation happens, - and M1-1 is created as a replacement.\n\tIf M1-1 (replacement - of M1) has problems while bootstrapping it will become unhealthy, + M1, M2, M3:\n\n\tM1 become unhealthy; remediation happens, and + M1-1 is created as a replacement.\n\tIf M1-1 (replacement of + M1) has problems while bootstrapping it will become unhealthy, and then be\n\tremediated; such operation is considered a retry, remediation-retry #1.\n\tIf M1-2 (replacement of M1-1) becomes - unhealthy, remediation-retry #2 will happen, etc.\n\n\nA retry + unhealthy, remediation-retry #2 will happen, etc.\n\nA retry could happen only after RetryPeriod from the previous retry.\nIf a machine is marked as unhealthy after MinHealthyPeriod from the previous remediation expired,\nthis is not considered a retry anymore because the new issue is assumed unrelated from - the previous one.\n\n\nIf not set, the remedation will be retried + the previous one.\n\nIf not set, the remedation will be retried infinitely." format: int32 type: integer minHealthyPeriod: - description: "MinHealthyPeriod defines the duration after which + description: "minHealthyPeriod defines the duration after which KCP will consider any failure to a machine unrelated\nfrom the previous one. In this case the remediation is not considered a retry anymore, and thus the retry\ncounter restarts from 0. - For example, assuming MinHealthyPeriod is set to 1h (default)\n\n\n\tM1 + For example, assuming MinHealthyPeriod is set to 1h (default)\n\n\tM1 become unhealthy; remediation happens, and M1-1 is created as a replacement.\n\tIf M1-1 (replacement of M1) has problems within the 1hr after the creation, also\n\tthis machine will be remediated and this operation is considered a retry - a problem related\n\tto - the original issue happened to M1 -.\n\n\n\tIf instead the problem + the original issue happened to M1 -.\n\n\tIf instead the problem on M1-1 is happening after MinHealthyPeriod expired, e.g. four days after\n\tm1-1 has been created as a remediation of M1, the problem on M1-1 is considered unrelated to\n\tthe original - issue happened to M1.\n\n\nIf not set, this value is defaulted + issue happened to M1.\n\nIf not set, this value is defaulted to 1h." type: string retryPeriod: description: |- - RetryPeriod is the duration that KCP should wait before remediating a machine being created as a replacement + retryPeriod is the duration that KCP should wait before remediating a machine being created as a replacement for an unhealthy machine (a retry). - If not set, a retry will happen immediately. type: string type: object replicas: description: |- - Number of desired machines. Defaults to 1. When stacked etcd is used only + replicas is the number of desired machines. Defaults to 1. When stacked etcd is used only odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). This is a pointer to distinguish between explicit zero and not specified. format: int32 type: integer rolloutAfter: description: |- - RolloutAfter is a field to indicate a rollout should be performed + rolloutAfter is a field to indicate a rollout should be performed after the specified time even if no changes have been made to the KubeadmControlPlane. Example: In the YAML the time can be specified in the RFC3339 format. @@ -4426,12 +4665,12 @@ data: type: string rolloutBefore: description: |- - RolloutBefore is a field to indicate a rollout should be performed + rolloutBefore is a field to indicate a rollout should be performed if the specified criteria is met. properties: certificatesExpiryDays: description: |- - CertificatesExpiryDays indicates a rollout needs to be performed if the + certificatesExpiryDays indicates a rollout needs to be performed if the certificates of the machine will expire within the specified days. format: int32 type: integer @@ -4442,12 +4681,12 @@ data: maxSurge: 1 type: RollingUpdate description: |- - The RolloutStrategy to use to replace control plane machines with + rolloutStrategy is the RolloutStrategy to use to replace control plane machines with new ones. properties: rollingUpdate: description: |- - Rolling update config params. Present only if + rollingUpdate is the rolling update config params. Present only if RolloutStrategyType = RollingUpdate. properties: maxSurge: @@ -4455,7 +4694,7 @@ data: - type: integer - type: string description: |- - The maximum number of control planes that can be scheduled above or under the + maxSurge is the maximum number of control planes that can be scheduled above or under the desired number of control planes. Value can be an absolute number 1 or 0. Defaults to 1. @@ -4465,19 +4704,23 @@ data: type: object type: description: |- - Type of rollout. Currently the only supported strategy is + type of rollout. Currently the only supported strategy is "RollingUpdate". Default is RollingUpdate. + enum: + - RollingUpdate type: string type: object version: description: |- - Version defines the desired Kubernetes version. + version defines the desired Kubernetes version. Please note that if kubeadmConfigSpec.ClusterConfiguration.imageRepository is not set we don't allow upgrades to versions >= v1.22.0 for which kubeadm uses the old registry (k8s.gcr.io). Please use a newer patch version with the new registry instead. The default registries of kubeadm are: * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 * k8s.gcr.io (old registry): all older versions + maxLength: 256 + minLength: 1 type: string required: - kubeadmConfigSpec @@ -4485,46 +4728,53 @@ data: - version type: object status: - description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane. + description: status is the observed state of KubeadmControlPlane. properties: conditions: - description: Conditions defines current service state of the KubeadmControlPlane. + description: conditions defines current service state of the KubeadmControlPlane. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. + maxLength: 256 + minLength: 1 type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime @@ -4534,35 +4784,46 @@ data: type: array failureMessage: description: |- - ErrorMessage indicates that there is a terminal problem reconciling the + failureMessage indicates that there is a terminal problem reconciling the state, and will be set to a descriptive error message. + + Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + maxLength: 10240 + minLength: 1 type: string failureReason: description: |- - FailureReason indicates that there is a terminal problem reconciling the + failureReason indicates that there is a terminal problem reconciling the state, and will be set to a token value suitable for programmatic interpretation. + + Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. type: string initialized: description: |- - Initialized denotes whether or not the control plane has the - uploaded kubeadm-config configmap. + initialized denotes that the KubeadmControlPlane API Server is initialized and thus + it can accept requests. + NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning. + The value of this field is never updated after provisioning is completed. Please use conditions + to check the operational state of the control plane. type: boolean lastRemediation: - description: LastRemediation stores info about last remediation performed. + description: lastRemediation stores info about last remediation performed. properties: machine: - description: Machine is the machine name of the latest machine + description: machine is the machine name of the latest machine being remediated. + maxLength: 253 + minLength: 1 type: string retryCount: description: |- - RetryCount used to keep track of remediation retry for the last remediated machine. + retryCount used to keep track of remediation retry for the last remediated machine. A retry happens when a machine that was created as a replacement for an unhealthy machine also fails. format: int32 type: integer timestamp: - description: Timestamp is when last remediation happened. It is + description: timestamp is when last remediation happened. It is represented in RFC3339 form and is in UTC. format: date-time type: string @@ -4572,56 +4833,150 @@ data: - timestamp type: object observedGeneration: - description: ObservedGeneration is the latest generation observed + description: observedGeneration is the latest generation observed by the controller. format: int64 type: integer ready: description: |- - Ready denotes that the KubeadmControlPlane API Server became ready during initial provisioning + ready denotes that the KubeadmControlPlane API Server became ready during initial provisioning to receive requests. NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning. The value of this field is never updated after provisioning is completed. Please use conditions to check the operational state of the control plane. type: boolean readyReplicas: - description: Total number of fully running and ready control plane - machines. + description: readyReplicas is the total number of fully running and + ready control plane machines. format: int32 type: integer replicas: description: |- - Total number of non-terminated machines targeted by this control plane + replicas is the total number of non-terminated machines targeted by this control plane (their labels match the selector). format: int32 type: integer selector: description: |- - Selector is the label selector in string format to avoid introspection + selector is the label selector in string format to avoid introspection by clients, and is used to provide the CRD-based integration for the scale subresource and additional integrations for things like kubectl describe.. The string will be in the same format as the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors + maxLength: 4096 + minLength: 1 type: string unavailableReplicas: description: |- - Total number of unavailable machines targeted by this control plane. + unavailableReplicas is the total number of unavailable machines targeted by this control plane. This is the total number of machines that are still required for the deployment to have 100% available capacity. They may either be machines that are running but not yet ready or machines that still have not been created. + + Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. format: int32 type: integer updatedReplicas: description: |- - Total number of non-terminated machines targeted by this control plane + updatedReplicas is the total number of non-terminated machines targeted by this control plane that have the desired template spec. format: int32 type: integer + v1beta2: + description: v1beta2 groups all the fields that will be added or modified + in KubeadmControlPlane's status with the V1Beta2 version. + properties: + availableReplicas: + description: availableReplicas is the number of available replicas + targeted by this KubeadmControlPlane. A machine is considered + available when Machine's Available condition is true. + format: int32 + type: integer + conditions: + description: |- + conditions represents the observations of a KubeadmControlPlane's current state. + Known condition types are Available, CertificatesAvailable, EtcdClusterAvailable, MachinesReady, MachinesUpToDate, + ScalingUp, ScalingDown, Remediating, Deleting, Paused. + items: + description: Condition contains details for one aspect of the + current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + readyReplicas: + description: readyReplicas is the number of ready replicas for + this KubeadmControlPlane. A machine is considered ready when + Machine's Ready condition is true. + format: int32 + type: integer + upToDateReplicas: + description: upToDateReplicas is the number of up-to-date replicas + targeted by this KubeadmControlPlane. A machine is considered + up-to-date when Machine's UpToDate condition is true. + format: int32 + type: integer + type: object version: description: |- - Version represents the minimum Kubernetes version for the control plane machines + version represents the minimum Kubernetes version for the control plane machines in the cluster. + maxLength: 256 + minLength: 1 type: string type: object type: object @@ -4639,7 +4994,7 @@ data: metadata: annotations: cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 labels: cluster.x-k8s.io/provider: control-plane-kubeadm cluster.x-k8s.io/v1beta1: v1beta1 @@ -4678,7 +5033,6 @@ data: description: |- KubeadmControlPlaneTemplate is the Schema for the kubeadmcontrolplanetemplates API. - Deprecated: This type will be removed in one of the next releases. properties: apiVersion: @@ -4699,32 +5053,29 @@ data: metadata: type: object spec: - description: KubeadmControlPlaneTemplateSpec defines the desired state - of KubeadmControlPlaneTemplate. + description: spec is the desired state of KubeadmControlPlaneTemplate. properties: template: - description: KubeadmControlPlaneTemplateResource describes the data - needed to create a KubeadmControlPlane from a template. + description: template defines the desired state of KubeadmControlPlaneTemplate. properties: spec: - description: KubeadmControlPlaneSpec defines the desired state - of KubeadmControlPlane. + description: spec is the desired state of KubeadmControlPlane. properties: kubeadmConfigSpec: description: |- - KubeadmConfigSpec is a KubeadmConfigSpec + kubeadmConfigSpec is a KubeadmConfigSpec to use for initializing and joining machines to the control plane. properties: clusterConfiguration: - description: ClusterConfiguration along with InitConfiguration + description: clusterConfiguration along with InitConfiguration are the configurations necessary for the init command properties: apiServer: - description: APIServer contains extra settings for + description: apiServer contains extra settings for the API server control plane component properties: certSANs: - description: CertSANs sets extra Subject Alternative + description: certSANs sets extra Subject Alternative Names for the API Server signing cert. items: type: string @@ -4732,13 +5083,11 @@ data: extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: extraArgs is an extra set of flags + to pass to the control plane component. type: object extraVolumes: - description: ExtraVolumes is an extra set of host + description: extraVolumes is an extra set of host volumes, mounted to the control plane component. items: description: |- @@ -4747,23 +5096,23 @@ data: properties: hostPath: description: |- - HostPath is the path in the host that will be mounted inside + hostPath is the path in the host that will be mounted inside the pod. type: string mountPath: - description: MountPath is the path inside + description: mountPath is the path inside the pod where hostPath will be mounted. type: string name: - description: Name of the volume inside the + description: name of the volume inside the pod template. type: string pathType: - description: PathType is the type of the + description: pathType is the type of the HostPath. type: string readOnly: - description: ReadOnly controls write access + description: readOnly controls write access to the volume type: boolean required: @@ -4773,7 +5122,7 @@ data: type: object type: array timeoutForControlPlane: - description: TimeoutForControlPlane controls the + description: timeoutForControlPlane controls the timeout that we use for API server to appear type: string type: object @@ -4786,15 +5135,15 @@ data: type: string certificatesDir: description: |- - CertificatesDir specifies where to store or look for all required certificates. + certificatesDir specifies where to store or look for all required certificates. NB: if not provided, this will default to `/etc/kubernetes/pki` type: string clusterName: - description: The cluster name + description: clusterName is the cluster name type: string controlPlaneEndpoint: description: |- - ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it + controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint is specified but without a TCP port, @@ -4808,19 +5157,17 @@ data: NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. type: string controllerManager: - description: ControllerManager contains extra settings + description: controllerManager contains extra settings for the controller manager control plane component properties: extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: extraArgs is an extra set of flags + to pass to the control plane component. type: object extraVolumes: - description: ExtraVolumes is an extra set of host + description: extraVolumes is an extra set of host volumes, mounted to the control plane component. items: description: |- @@ -4829,23 +5176,23 @@ data: properties: hostPath: description: |- - HostPath is the path in the host that will be mounted inside + hostPath is the path in the host that will be mounted inside the pod. type: string mountPath: - description: MountPath is the path inside + description: mountPath is the path inside the pod where hostPath will be mounted. type: string name: - description: Name of the volume inside the + description: name of the volume inside the pod template. type: string pathType: - description: PathType is the type of the + description: pathType is the type of the HostPath. type: string readOnly: - description: ReadOnly controls write access + description: readOnly controls write access to the volume type: boolean required: @@ -4856,49 +5203,49 @@ data: type: array type: object dns: - description: DNS defines the options for the DNS add-on + description: dns defines the options for the DNS add-on installed in the cluster. properties: imageRepository: description: |- - ImageRepository sets the container registry to pull images from. + imageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead. type: string imageTag: description: |- - ImageTag allows to specify a tag for the image. + imageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. type: string type: object etcd: description: |- - Etcd holds configuration for etcd. + etcd holds configuration for etcd. NB: This value defaults to a Local (stacked) etcd properties: external: description: |- - External describes how to connect to an external etcd cluster + external describes how to connect to an external etcd cluster Local and External are mutually exclusive properties: caFile: description: |- - CAFile is an SSL Certificate Authority file used to secure etcd communication. + caFile is an SSL Certificate Authority file used to secure etcd communication. Required if using a TLS connection. type: string certFile: description: |- - CertFile is an SSL certification file used to secure etcd communication. + certFile is an SSL certification file used to secure etcd communication. Required if using a TLS connection. type: string endpoints: - description: Endpoints of etcd members. Required + description: endpoints of etcd members. Required for ExternalEtcd. items: type: string type: array keyFile: description: |- - KeyFile is an SSL key file used to secure etcd communication. + keyFile is an SSL key file used to secure etcd communication. Required if using a TLS connection. type: string required: @@ -4909,40 +5256,40 @@ data: type: object local: description: |- - Local provides configuration knobs for configuring the local etcd instance + local provides configuration knobs for configuring the local etcd instance Local and External are mutually exclusive properties: dataDir: description: |- - DataDir is the directory etcd will place its data. + dataDir is the directory etcd will place its data. Defaults to "/var/lib/etcd". type: string extraArgs: additionalProperties: type: string description: |- - ExtraArgs are extra arguments provided to the etcd binary + extraArgs are extra arguments provided to the etcd binary when run inside a static pod. type: object imageRepository: description: |- - ImageRepository sets the container registry to pull images from. + imageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead. type: string imageTag: description: |- - ImageTag allows to specify a tag for the image. + imageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. type: string peerCertSANs: - description: PeerCertSANs sets extra Subject + description: peerCertSANs sets extra Subject Alternative Names for the etcd peer signing cert. items: type: string type: array serverCertSANs: - description: ServerCertSANs sets extra Subject + description: serverCertSANs sets extra Subject Alternative Names for the etcd server signing cert. items: @@ -4953,11 +5300,11 @@ data: featureGates: additionalProperties: type: boolean - description: FeatureGates enabled by the user. + description: featureGates enabled by the user. type: object imageRepository: description: |- - ImageRepository sets the container registry to pull images from. + imageRepository sets the container registry to pull images from. If empty, `registry.k8s.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `registry.k8s.io` will be used for all the other images. @@ -4972,45 +5319,43 @@ data: type: string kubernetesVersion: description: |- - KubernetesVersion is the target version of the control plane. + kubernetesVersion is the target version of the control plane. NB: This value defaults to the Machine object spec.version type: string networking: description: |- - Networking holds configuration for the networking topology of the cluster. + networking holds configuration for the networking topology of the cluster. NB: This value defaults to the Cluster object spec.clusterNetwork. properties: dnsDomain: - description: DNSDomain is the dns domain used + description: dnsDomain is the dns domain used by k8s services. Defaults to "cluster.local". type: string podSubnet: description: |- - PodSubnet is the subnet used by pods. + podSubnet is the subnet used by pods. If unset, the API server will not allocate CIDR ranges for every node. Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set type: string serviceSubnet: description: |- - ServiceSubnet is the subnet used by k8s services. + serviceSubnet is the subnet used by k8s services. Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12" if that's unset. type: string type: object scheduler: - description: Scheduler contains extra settings for + description: scheduler contains extra settings for the scheduler control plane component properties: extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: extraArgs is an extra set of flags + to pass to the control plane component. type: object extraVolumes: - description: ExtraVolumes is an extra set of host + description: extraVolumes is an extra set of host volumes, mounted to the control plane component. items: description: |- @@ -5019,23 +5364,23 @@ data: properties: hostPath: description: |- - HostPath is the path in the host that will be mounted inside + hostPath is the path in the host that will be mounted inside the pod. type: string mountPath: - description: MountPath is the path inside + description: mountPath is the path inside the pod where hostPath will be mounted. type: string name: - description: Name of the volume inside the + description: name of the volume inside the pod template. type: string pathType: - description: PathType is the type of the + description: pathType is the type of the HostPath. type: string readOnly: - description: ReadOnly controls write access + description: readOnly controls write access to the volume type: boolean required: @@ -5047,49 +5392,49 @@ data: type: object type: object diskSetup: - description: DiskSetup specifies options for the creation + description: diskSetup specifies options for the creation of partition tables and file systems on devices. properties: filesystems: - description: Filesystems specifies the list of file + description: filesystems specifies the list of file systems to setup. items: description: Filesystem defines the file systems to be created. properties: device: - description: Device specifies the device name + description: device specifies the device name type: string extraOpts: - description: ExtraOpts defined extra options + description: extraOpts defined extra options to add to the command for creating the file system. items: type: string type: array filesystem: - description: Filesystem specifies the file system + description: filesystem specifies the file system type. type: string label: - description: Label specifies the file system + description: label specifies the file system label to be used. If set to None, no label is used. type: string overwrite: description: |- - Overwrite defines whether or not to overwrite any existing filesystem. + overwrite defines whether or not to overwrite any existing filesystem. If true, any pre-existing file system will be destroyed. Use with Caution. type: boolean partition: - description: 'Partition specifies the partition + description: 'partition specifies the partition to use. The valid options are: "auto|any", "auto", "any", "none", and , where NUM is the actual partition number.' type: string replaceFS: description: |- - ReplaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . + replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . NOTE: unless you define a label, this requires the use of the 'any' partition directive. type: string required: @@ -5099,29 +5444,29 @@ data: type: object type: array partitions: - description: Partitions specifies the list of the + description: partitions specifies the list of the partitions to setup. items: description: Partition defines how to create and layout a partition. properties: device: - description: Device is the name of the device. + description: device is the name of the device. type: string layout: description: |- - Layout specifies the device layout. + layout specifies the device layout. If it is true, a single partition will be created for the entire device. When layout is false, it means don't partition or ignore existing partitioning. type: boolean overwrite: description: |- - Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. + overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. Use with caution. Default is 'false'. type: boolean tableType: description: |- - TableType specifies the tupe of partition table. The following are supported: + tableType specifies the tupe of partition table. The following are supported: 'mbr': default and setups a MS-DOS partition table 'gpt': setups a GPT partition table type: string @@ -5132,30 +5477,30 @@ data: type: array type: object files: - description: Files specifies extra files to be passed + description: files specifies extra files to be passed to user_data upon creation. items: description: File defines the input for generating write_files in cloud-init. properties: content: - description: Content is the actual content of the + description: content is the actual content of the file. type: string contentFrom: - description: ContentFrom is a referenced source + description: contentFrom is a referenced source of content to populate the file. properties: secret: - description: Secret represents a secret that + description: secret represents a secret that should populate this file. properties: key: - description: Key is the key in the secret's + description: key is the key in the secret's data map for this value. type: string name: - description: Name of the secret in the KubeadmBootstrapConfig's + description: name of the secret in the KubeadmBootstrapConfig's namespace to use. type: string required: @@ -5166,7 +5511,7 @@ data: - secret type: object encoding: - description: Encoding specifies the encoding of + description: encoding specifies the encoding of the file contents. enum: - base64 @@ -5174,15 +5519,15 @@ data: - gzip+base64 type: string owner: - description: Owner specifies the ownership of the + description: owner specifies the ownership of the file, e.g. "root:root". type: string path: - description: Path specifies the full path on disk + description: path specifies the full path on disk where to store the file. type: string permissions: - description: Permissions specifies the permissions + description: permissions specifies the permissions to assign to the file, e.g. "0640". type: string required: @@ -5190,13 +5535,13 @@ data: type: object type: array format: - description: Format specifies the output format of the + description: format specifies the output format of the bootstrap data enum: - cloud-config type: string initConfiguration: - description: InitConfiguration along with ClusterConfiguration + description: initConfiguration along with ClusterConfiguration are the configurations necessary for the init command properties: apiVersion: @@ -5208,7 +5553,7 @@ data: type: string bootstrapTokens: description: |- - BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. + bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature items: description: BootstrapToken describes one bootstrap @@ -5216,35 +5561,35 @@ data: properties: description: description: |- - Description sets a human-friendly message why this token exists and what it's used + description sets a human-friendly message why this token exists and what it's used for, so other administrators can know its purpose. type: string expires: description: |- - Expires specifies the timestamp when this token expires. Defaults to being set + expires specifies the timestamp when this token expires. Defaults to being set dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. format: date-time type: string groups: description: |- - Groups specifies the extra groups that this token will authenticate as when/if + groups specifies the extra groups that this token will authenticate as when/if used for authentication items: type: string type: array token: description: |- - Token is used for establishing bidirectional trust between nodes and control-planes. + token is used for establishing bidirectional trust between nodes and control-planes. Used for joining nodes in the cluster. type: string ttl: description: |- - TTL defines the time to live for this token. Defaults to 24h. + ttl defines the time to live for this token. Defaults to 24h. Expires and TTL are mutually exclusive. type: string usages: description: |- - Usages describes the ways in which this token can be used. Can by default be used + usages describes the ways in which this token can be used. Can by default be used for establishing bidirectional trust, but that can be changed here. items: type: string @@ -5263,7 +5608,7 @@ data: type: string localAPIEndpoint: description: |- - LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node + localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible @@ -5271,29 +5616,29 @@ data: fails you may set the desired value here. properties: advertiseAddress: - description: AdvertiseAddress sets the IP address + description: advertiseAddress sets the IP address for the API server to advertise. type: string bindPort: description: |- - BindPort sets the secure port for the API Server to bind to. + bindPort sets the secure port for the API Server to bind to. Defaults to 6443. format: int32 type: integer type: object nodeRegistration: description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. When used in the context of control plane nodes, NodeRegistration should remain consistent across both InitConfiguration and JoinConfiguration properties: criSocket: - description: CRISocket is used to retrieve container + description: criSocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use type: string ignorePreflightErrors: - description: IgnorePreflightErrors provides a + description: ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered. items: @@ -5303,19 +5648,19 @@ data: additionalProperties: type: string description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file + kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. type: object name: description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. This field is also used in the CommonName field of the kubelet's client certificate to the API server. Defaults to the hostname of the node if not provided. type: string taints: description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. items: @@ -5351,7 +5696,7 @@ data: type: object type: object joinConfiguration: - description: JoinConfiguration is the kubeadm configuration + description: joinConfiguration is the kubeadm configuration for the join command properties: apiVersion: @@ -5363,51 +5708,49 @@ data: type: string caCertPath: description: |- - CACertPath is the path to the SSL certificate authority used to + caCertPath is the path to the SSL certificate authority used to secure comunications between node and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". - TODO: revisit when there is defaulting from k/k type: string controlPlane: description: |- - ControlPlane defines the additional control plane instance to be deployed on the joining node. + controlPlane defines the additional control plane instance to be deployed on the joining node. If nil, no additional control plane instance will be deployed. properties: localAPIEndpoint: - description: LocalAPIEndpoint represents the endpoint + description: localAPIEndpoint represents the endpoint of the API server instance to be deployed on this node. properties: advertiseAddress: - description: AdvertiseAddress sets the IP + description: advertiseAddress sets the IP address for the API server to advertise. type: string bindPort: description: |- - BindPort sets the secure port for the API Server to bind to. + bindPort sets the secure port for the API Server to bind to. Defaults to 6443. format: int32 type: integer type: object type: object discovery: - description: |- - Discovery specifies the options for the kubelet to use during the TLS Bootstrap process - TODO: revisit when there is defaulting from k/k + description: discovery specifies the options for the + kubelet to use during the TLS Bootstrap process properties: bootstrapToken: description: |- - BootstrapToken is used to set the options for bootstrap token based discovery + bootstrapToken is used to set the options for bootstrap token based discovery BootstrapToken and File are mutually exclusive properties: apiServerEndpoint: - description: APIServerEndpoint is an IP or + description: apiServerEndpoint is an IP or domain name to the API server from which info will be fetched. type: string caCertHashes: description: |- - CACertHashes specifies a set of public key pins to verify + caCertHashes specifies a set of public key pins to verify when token-based discovery is used. The root CA found during discovery must match one of these values. Specifying an empty set disables root CA pinning, which can be unsafe. Each hash is specified as ":", @@ -5420,12 +5763,12 @@ data: type: array token: description: |- - Token is a token used to validate cluster information + token is a token used to validate cluster information fetched from the control-plane. type: string unsafeSkipCAVerification: description: |- - UnsafeSkipCAVerification allows token-based discovery + unsafeSkipCAVerification allows token-based discovery without CA verification via CACertHashes. This can weaken the security of kubeadm since other nodes can impersonate the control-plane. type: boolean @@ -5434,11 +5777,11 @@ data: type: object file: description: |- - File is used to specify a file or URL to a kubeconfig file from which to load cluster information + file is used to specify a file or URL to a kubeconfig file from which to load cluster information BootstrapToken and File are mutually exclusive properties: kubeConfigPath: - description: KubeConfigPath is used to specify + description: kubeConfigPath is used to specify the actual file path or URL to the kubeconfig file from which to load cluster information type: string @@ -5446,11 +5789,11 @@ data: - kubeConfigPath type: object timeout: - description: Timeout modifies the discovery timeout + description: timeout modifies the discovery timeout type: string tlsBootstrapToken: description: |- - TLSBootstrapToken is a token used for TLS bootstrapping. + tlsBootstrapToken is a token used for TLS bootstrapping. If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information type: string @@ -5465,17 +5808,17 @@ data: type: string nodeRegistration: description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. When used in the context of control plane nodes, NodeRegistration should remain consistent across both InitConfiguration and JoinConfiguration properties: criSocket: - description: CRISocket is used to retrieve container + description: criSocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use type: string ignorePreflightErrors: - description: IgnorePreflightErrors provides a + description: ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered. items: @@ -5485,19 +5828,19 @@ data: additionalProperties: type: string description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file + kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. type: object name: description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. This field is also used in the CommonName field of the kubelet's client certificate to the API server. Defaults to the hostname of the node if not provided. type: string taints: description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. items: @@ -5533,7 +5876,7 @@ data: type: object type: object mounts: - description: Mounts specifies a list of mount points to + description: mounts specifies a list of mount points to be setup. items: description: MountPoints defines input for generated @@ -5543,95 +5886,92 @@ data: type: array type: array ntp: - description: NTP specifies NTP configuration + description: ntp specifies NTP configuration properties: enabled: - description: Enabled specifies whether NTP should + description: enabled specifies whether NTP should be enabled type: boolean servers: - description: Servers specifies which NTP servers to + description: servers specifies which NTP servers to use items: type: string type: array type: object postKubeadmCommands: - description: PostKubeadmCommands specifies extra commands + description: postKubeadmCommands specifies extra commands to run after kubeadm runs items: type: string type: array preKubeadmCommands: - description: PreKubeadmCommands specifies extra commands + description: preKubeadmCommands specifies extra commands to run before kubeadm runs items: type: string type: array useExperimentalRetryJoin: description: |- - UseExperimentalRetryJoin replaces a basic kubeadm command with a shell + useExperimentalRetryJoin replaces a basic kubeadm command with a shell script with retries for joins. - This is meant to be an experimental temporary workaround on some environments where joins fail due to timing (and other issues). The long term goal is to add retries to kubeadm proper and use that functionality. - This will add about 40KB to userdata - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. type: boolean users: - description: Users specifies extra users to add + description: users specifies extra users to add items: description: User defines the input for a generated user in cloud-init. properties: gecos: - description: Gecos specifies the gecos to use for + description: gecos specifies the gecos to use for the user type: string groups: - description: Groups specifies the additional groups + description: groups specifies the additional groups for the user type: string homeDir: - description: HomeDir specifies the home directory + description: homeDir specifies the home directory to use for the user type: string inactive: - description: Inactive specifies whether to mark + description: inactive specifies whether to mark the user as inactive type: boolean lockPassword: - description: LockPassword specifies if password + description: lockPassword specifies if password login should be disabled type: boolean name: - description: Name specifies the user name + description: name specifies the user name type: string passwd: - description: Passwd specifies a hashed password + description: passwd specifies a hashed password for the user type: string primaryGroup: - description: PrimaryGroup specifies the primary + description: primaryGroup specifies the primary group for the user type: string shell: - description: Shell specifies the user's shell + description: shell specifies the user's shell type: string sshAuthorizedKeys: - description: SSHAuthorizedKeys specifies a list + description: sshAuthorizedKeys specifies a list of ssh authorized keys for the user items: type: string type: array sudo: - description: Sudo specifies a sudo role for the + description: sudo specifies a sudo role for the user type: string required: @@ -5640,19 +5980,19 @@ data: type: array verbosity: description: |- - Verbosity is the number for the kubeadm log level verbosity. + verbosity is the number for the kubeadm log level verbosity. It overrides the `--v` flag in kubeadm commands. format: int32 type: integer type: object machineTemplate: description: |- - MachineTemplate contains information about how machines + machineTemplate contains information about how machines should be shaped when creating or updating a control plane. properties: infrastructureRef: description: |- - InfrastructureRef is a required reference to a custom resource + infrastructureRef is a required reference to a custom resource offered by an infrastructure provider. properties: apiVersion: @@ -5667,7 +6007,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -5698,14 +6037,14 @@ data: x-kubernetes-map-type: atomic metadata: description: |- - Standard object's metadata. + metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata properties: annotations: additionalProperties: type: string description: |- - Annotations is an unstructured key value map stored with a resource that may be + annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations @@ -5714,7 +6053,7 @@ data: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels @@ -5722,7 +6061,7 @@ data: type: object nodeDrainTimeout: description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node + nodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` type: string @@ -5731,14 +6070,14 @@ data: type: object replicas: description: |- - Number of desired machines. Defaults to 1. When stacked etcd is used only + replicas is the number of desired machines. Defaults to 1. When stacked etcd is used only odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). This is a pointer to distinguish between explicit zero and not specified. format: int32 type: integer rolloutAfter: description: |- - RolloutAfter is a field to indicate a rollout should be performed + rolloutAfter is a field to indicate a rollout should be performed after the specified time even if no changes have been made to the KubeadmControlPlane. format: date-time @@ -5749,12 +6088,12 @@ data: maxSurge: 1 type: RollingUpdate description: |- - The RolloutStrategy to use to replace control plane machines with + rolloutStrategy is the RolloutStrategy to use to replace control plane machines with new ones. properties: rollingUpdate: description: |- - Rolling update config params. Present only if + rollingUpdate is the rolling update config params. Present only if RolloutStrategyType = RollingUpdate. properties: maxSurge: @@ -5762,7 +6101,7 @@ data: - type: integer - type: string description: |- - The maximum number of control planes that can be scheduled above or under the + maxSurge is the maximum number of control planes that can be scheduled above or under the desired number of control planes. Value can be an absolute number 1 or 0. Defaults to 1. @@ -5772,13 +6111,13 @@ data: type: object type: description: |- - Type of rollout. Currently the only supported strategy is + type of rollout. Currently the only supported strategy is "RollingUpdate". Default is RollingUpdate. type: string type: object version: - description: Version defines the desired Kubernetes version. + description: version defines the desired Kubernetes version. type: string required: - kubeadmConfigSpec @@ -5824,23 +6163,21 @@ data: metadata: type: object spec: - description: KubeadmControlPlaneTemplateSpec defines the desired state - of KubeadmControlPlaneTemplate. + description: spec is the desired state of KubeadmControlPlaneTemplate. properties: template: - description: KubeadmControlPlaneTemplateResource describes the data - needed to create a KubeadmControlPlane from a template. + description: template defines the desired state of KubeadmControlPlaneTemplate. properties: metadata: description: |- - Standard object's metadata. + metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata properties: annotations: additionalProperties: type: string description: |- - Annotations is an unstructured key value map stored with a resource that may be + annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations @@ -5849,50 +6186,57 @@ data: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels type: object type: object spec: - description: |- - KubeadmControlPlaneTemplateResourceSpec defines the desired state of KubeadmControlPlane. - NOTE: KubeadmControlPlaneTemplateResourceSpec is similar to KubeadmControlPlaneSpec but - omits Replicas and Version fields. These fields do not make sense on the KubeadmControlPlaneTemplate, - because they are calculated by the Cluster topology reconciler during reconciliation and thus cannot - be configured on the KubeadmControlPlaneTemplate. + description: spec is the desired state of KubeadmControlPlaneTemplateResource. properties: kubeadmConfigSpec: description: |- - KubeadmConfigSpec is a KubeadmConfigSpec + kubeadmConfigSpec is a KubeadmConfigSpec to use for initializing and joining machines to the control plane. properties: + bootCommands: + description: |- + bootCommands specifies extra commands to run very early in the boot process via the cloud-init bootcmd + module. bootcmd will run on every boot, 'cloud-init-per' command can be used to make bootcmd run exactly + once. This is typically run in the cloud-init.service systemd unit. This has no effect in Ignition. + items: + maxLength: 10240 + minLength: 1 + type: string + maxItems: 1000 + type: array clusterConfiguration: - description: ClusterConfiguration along with InitConfiguration + description: clusterConfiguration along with InitConfiguration are the configurations necessary for the init command properties: apiServer: - description: APIServer contains extra settings for + description: apiServer contains extra settings for the API server control plane component properties: certSANs: - description: CertSANs sets extra Subject Alternative + description: certSANs sets extra Subject Alternative Names for the API Server signing cert. items: + maxLength: 253 + minLength: 1 type: string + maxItems: 100 type: array extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: extraArgs is an extra set of flags + to pass to the control plane component. type: object extraEnvs: description: |- - ExtraEnvs is an extra set of environment variables to pass to the control plane component. + extraEnvs is an extra set of environment variables to pass to the control plane component. Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. This option takes effect only on Kubernetes >=1.31.0. items: @@ -5933,9 +6277,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the @@ -6006,9 +6348,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the @@ -6022,9 +6362,10 @@ data: required: - name type: object + maxItems: 100 type: array extraVolumes: - description: ExtraVolumes is an extra set of host + description: extraVolumes is an extra set of host volumes, mounted to the control plane component. items: description: |- @@ -6033,23 +6374,29 @@ data: properties: hostPath: description: |- - HostPath is the path in the host that will be mounted inside + hostPath is the path in the host that will be mounted inside the pod. + maxLength: 512 + minLength: 1 type: string mountPath: - description: MountPath is the path inside + description: mountPath is the path inside the pod where hostPath will be mounted. + maxLength: 512 + minLength: 1 type: string name: - description: Name of the volume inside the + description: name of the volume inside the pod template. + maxLength: 512 + minLength: 1 type: string pathType: - description: PathType is the type of the + description: pathType is the type of the HostPath. type: string readOnly: - description: ReadOnly controls write access + description: readOnly controls write access to the volume type: boolean required: @@ -6057,9 +6404,10 @@ data: - mountPath - name type: object + maxItems: 100 type: array timeoutForControlPlane: - description: TimeoutForControlPlane controls the + description: timeoutForControlPlane controls the timeout that we use for API server to appear type: string type: object @@ -6072,15 +6420,19 @@ data: type: string certificatesDir: description: |- - CertificatesDir specifies where to store or look for all required certificates. + certificatesDir specifies where to store or look for all required certificates. NB: if not provided, this will default to `/etc/kubernetes/pki` + maxLength: 512 + minLength: 1 type: string clusterName: - description: The cluster name + description: clusterName is the cluster name + maxLength: 63 + minLength: 1 type: string controlPlaneEndpoint: description: |- - ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it + controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint is specified but without a TCP port, @@ -6092,22 +6444,22 @@ data: e.g. in environments with enforced node recycling, the ControlPlaneEndpoint could be used for assigning a stable DNS to the control plane. NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. + maxLength: 512 + minLength: 1 type: string controllerManager: - description: ControllerManager contains extra settings + description: controllerManager contains extra settings for the controller manager control plane component properties: extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: extraArgs is an extra set of flags + to pass to the control plane component. type: object extraEnvs: description: |- - ExtraEnvs is an extra set of environment variables to pass to the control plane component. + extraEnvs is an extra set of environment variables to pass to the control plane component. Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. This option takes effect only on Kubernetes >=1.31.0. items: @@ -6148,9 +6500,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the @@ -6221,9 +6571,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the @@ -6237,9 +6585,10 @@ data: required: - name type: object + maxItems: 100 type: array extraVolumes: - description: ExtraVolumes is an extra set of host + description: extraVolumes is an extra set of host volumes, mounted to the control plane component. items: description: |- @@ -6248,23 +6597,29 @@ data: properties: hostPath: description: |- - HostPath is the path in the host that will be mounted inside + hostPath is the path in the host that will be mounted inside the pod. + maxLength: 512 + minLength: 1 type: string mountPath: - description: MountPath is the path inside + description: mountPath is the path inside the pod where hostPath will be mounted. + maxLength: 512 + minLength: 1 type: string name: - description: Name of the volume inside the + description: name of the volume inside the pod template. + maxLength: 512 + minLength: 1 type: string pathType: - description: PathType is the type of the + description: pathType is the type of the HostPath. type: string readOnly: - description: ReadOnly controls write access + description: readOnly controls write access to the volume type: boolean required: @@ -6272,53 +6627,67 @@ data: - mountPath - name type: object + maxItems: 100 type: array type: object dns: - description: DNS defines the options for the DNS add-on + description: dns defines the options for the DNS add-on installed in the cluster. properties: imageRepository: description: |- - ImageRepository sets the container registry to pull images from. + imageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead. + maxLength: 512 + minLength: 1 type: string imageTag: description: |- - ImageTag allows to specify a tag for the image. + imageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. + maxLength: 256 + minLength: 1 type: string type: object etcd: description: |- - Etcd holds configuration for etcd. + etcd holds configuration for etcd. NB: This value defaults to a Local (stacked) etcd properties: external: description: |- - External describes how to connect to an external etcd cluster + external describes how to connect to an external etcd cluster Local and External are mutually exclusive properties: caFile: description: |- - CAFile is an SSL Certificate Authority file used to secure etcd communication. + caFile is an SSL Certificate Authority file used to secure etcd communication. Required if using a TLS connection. + maxLength: 512 + minLength: 1 type: string certFile: description: |- - CertFile is an SSL certification file used to secure etcd communication. + certFile is an SSL certification file used to secure etcd communication. Required if using a TLS connection. + maxLength: 512 + minLength: 1 type: string endpoints: - description: Endpoints of etcd members. Required + description: endpoints of etcd members. Required for ExternalEtcd. items: + maxLength: 512 + minLength: 1 type: string + maxItems: 50 type: array keyFile: description: |- - KeyFile is an SSL key file used to secure etcd communication. + keyFile is an SSL key file used to secure etcd communication. Required if using a TLS connection. + maxLength: 512 + minLength: 1 type: string required: - caFile @@ -6328,24 +6697,26 @@ data: type: object local: description: |- - Local provides configuration knobs for configuring the local etcd instance + local provides configuration knobs for configuring the local etcd instance Local and External are mutually exclusive properties: dataDir: description: |- - DataDir is the directory etcd will place its data. + dataDir is the directory etcd will place its data. Defaults to "/var/lib/etcd". + maxLength: 512 + minLength: 1 type: string extraArgs: additionalProperties: type: string description: |- - ExtraArgs are extra arguments provided to the etcd binary + extraArgs are extra arguments provided to the etcd binary when run inside a static pod. type: object extraEnvs: description: |- - ExtraEnvs is an extra set of environment variables to pass to the control plane component. + extraEnvs is an extra set of environment variables to pass to the control plane component. Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. This option takes effect only on Kubernetes >=1.31.0. items: @@ -6387,9 +6758,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether @@ -6462,9 +6831,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether @@ -6479,41 +6846,52 @@ data: required: - name type: object + maxItems: 100 type: array imageRepository: description: |- - ImageRepository sets the container registry to pull images from. + imageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead. + maxLength: 512 + minLength: 1 type: string imageTag: description: |- - ImageTag allows to specify a tag for the image. + imageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. + maxLength: 256 + minLength: 1 type: string peerCertSANs: - description: PeerCertSANs sets extra Subject + description: peerCertSANs sets extra Subject Alternative Names for the etcd peer signing cert. items: + maxLength: 253 + minLength: 1 type: string + maxItems: 100 type: array serverCertSANs: - description: ServerCertSANs sets extra Subject + description: serverCertSANs sets extra Subject Alternative Names for the etcd server signing cert. items: + maxLength: 253 + minLength: 1 type: string + maxItems: 100 type: array type: object type: object featureGates: additionalProperties: type: boolean - description: FeatureGates enabled by the user. + description: featureGates enabled by the user. type: object imageRepository: description: |- - ImageRepository sets the container registry to pull images from. + imageRepository sets the container registry to pull images from. * If not set, the default registry of kubeadm will be used, i.e. * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 * k8s.gcr.io (old registry): all older versions @@ -6522,8 +6900,10 @@ data: a newer patch version with the new registry instead (i.e. >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0). * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) - `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components + `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `registry.k8s.io` will be used for all the other images. + maxLength: 512 + minLength: 1 type: string kind: description: |- @@ -6535,46 +6915,52 @@ data: type: string kubernetesVersion: description: |- - KubernetesVersion is the target version of the control plane. + kubernetesVersion is the target version of the control plane. NB: This value defaults to the Machine object spec.version + maxLength: 256 + minLength: 1 type: string networking: description: |- - Networking holds configuration for the networking topology of the cluster. + networking holds configuration for the networking topology of the cluster. NB: This value defaults to the Cluster object spec.clusterNetwork. properties: dnsDomain: - description: DNSDomain is the dns domain used + description: dnsDomain is the dns domain used by k8s services. Defaults to "cluster.local". + maxLength: 253 + minLength: 1 type: string podSubnet: description: |- - PodSubnet is the subnet used by pods. + podSubnet is the subnet used by pods. If unset, the API server will not allocate CIDR ranges for every node. Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set + maxLength: 1024 + minLength: 1 type: string serviceSubnet: description: |- - ServiceSubnet is the subnet used by k8s services. + serviceSubnet is the subnet used by k8s services. Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12" if that's unset. + maxLength: 1024 + minLength: 1 type: string type: object scheduler: - description: Scheduler contains extra settings for + description: scheduler contains extra settings for the scheduler control plane component properties: extraArgs: additionalProperties: type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. + description: extraArgs is an extra set of flags + to pass to the control plane component. type: object extraEnvs: description: |- - ExtraEnvs is an extra set of environment variables to pass to the control plane component. + extraEnvs is an extra set of environment variables to pass to the control plane component. Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. This option takes effect only on Kubernetes >=1.31.0. items: @@ -6615,9 +7001,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the @@ -6688,9 +7072,7 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the @@ -6704,9 +7086,10 @@ data: required: - name type: object + maxItems: 100 type: array extraVolumes: - description: ExtraVolumes is an extra set of host + description: extraVolumes is an extra set of host volumes, mounted to the control plane component. items: description: |- @@ -6715,23 +7098,29 @@ data: properties: hostPath: description: |- - HostPath is the path in the host that will be mounted inside + hostPath is the path in the host that will be mounted inside the pod. + maxLength: 512 + minLength: 1 type: string mountPath: - description: MountPath is the path inside + description: mountPath is the path inside the pod where hostPath will be mounted. + maxLength: 512 + minLength: 1 type: string name: - description: Name of the volume inside the + description: name of the volume inside the pod template. + maxLength: 512 + minLength: 1 type: string pathType: - description: PathType is the type of the + description: pathType is the type of the HostPath. type: string readOnly: - description: ReadOnly controls write access + description: readOnly controls write access to the volume type: boolean required: @@ -6739,124 +7128,150 @@ data: - mountPath - name type: object + maxItems: 100 type: array type: object type: object diskSetup: - description: DiskSetup specifies options for the creation + description: diskSetup specifies options for the creation of partition tables and file systems on devices. properties: filesystems: - description: Filesystems specifies the list of file + description: filesystems specifies the list of file systems to setup. items: description: Filesystem defines the file systems to be created. properties: device: - description: Device specifies the device name + description: device specifies the device name + maxLength: 256 + minLength: 1 type: string extraOpts: - description: ExtraOpts defined extra options + description: extraOpts defined extra options to add to the command for creating the file system. items: + maxLength: 256 + minLength: 1 type: string + maxItems: 100 type: array filesystem: - description: Filesystem specifies the file system + description: filesystem specifies the file system type. + maxLength: 128 + minLength: 1 type: string label: - description: Label specifies the file system + description: label specifies the file system label to be used. If set to None, no label is used. + maxLength: 512 + minLength: 1 type: string overwrite: description: |- - Overwrite defines whether or not to overwrite any existing filesystem. + overwrite defines whether or not to overwrite any existing filesystem. If true, any pre-existing file system will be destroyed. Use with Caution. type: boolean partition: - description: 'Partition specifies the partition + description: 'partition specifies the partition to use. The valid options are: "auto|any", "auto", "any", "none", and , where NUM is the actual partition number.' + maxLength: 128 + minLength: 1 type: string replaceFS: description: |- - ReplaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . + replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . NOTE: unless you define a label, this requires the use of the 'any' partition directive. + maxLength: 128 + minLength: 1 type: string required: - device - filesystem - - label type: object + maxItems: 100 type: array partitions: - description: Partitions specifies the list of the + description: partitions specifies the list of the partitions to setup. items: description: Partition defines how to create and layout a partition. properties: device: - description: Device is the name of the device. + description: device is the name of the device. + maxLength: 256 + minLength: 1 type: string layout: description: |- - Layout specifies the device layout. + layout specifies the device layout. If it is true, a single partition will be created for the entire device. When layout is false, it means don't partition or ignore existing partitioning. type: boolean overwrite: description: |- - Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. + overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. Use with caution. Default is 'false'. type: boolean tableType: description: |- - TableType specifies the tupe of partition table. The following are supported: + tableType specifies the tupe of partition table. The following are supported: 'mbr': default and setups a MS-DOS partition table 'gpt': setups a GPT partition table + enum: + - mbr + - gpt type: string required: - device - layout type: object + maxItems: 100 type: array type: object files: - description: Files specifies extra files to be passed + description: files specifies extra files to be passed to user_data upon creation. items: description: File defines the input for generating write_files in cloud-init. properties: append: - description: Append specifies whether to append + description: append specifies whether to append Content to existing file if Path exists. type: boolean content: - description: Content is the actual content of the + description: content is the actual content of the file. + maxLength: 10240 + minLength: 1 type: string contentFrom: - description: ContentFrom is a referenced source + description: contentFrom is a referenced source of content to populate the file. properties: secret: - description: Secret represents a secret that + description: secret represents a secret that should populate this file. properties: key: - description: Key is the key in the secret's + description: key is the key in the secret's data map for this value. + maxLength: 256 + minLength: 1 type: string name: - description: Name of the secret in the KubeadmBootstrapConfig's + description: name of the secret in the KubeadmBootstrapConfig's namespace to use. + maxLength: 253 + minLength: 1 type: string required: - key @@ -6866,7 +7281,7 @@ data: - secret type: object encoding: - description: Encoding specifies the encoding of + description: encoding specifies the encoding of the file contents. enum: - base64 @@ -6874,52 +7289,60 @@ data: - gzip+base64 type: string owner: - description: Owner specifies the ownership of the + description: owner specifies the ownership of the file, e.g. "root:root". + maxLength: 256 + minLength: 1 type: string path: - description: Path specifies the full path on disk + description: path specifies the full path on disk where to store the file. + maxLength: 512 + minLength: 1 type: string permissions: - description: Permissions specifies the permissions + description: permissions specifies the permissions to assign to the file, e.g. "0640". + maxLength: 16 + minLength: 1 type: string required: - path type: object + maxItems: 200 type: array format: - description: Format specifies the output format of the + description: format specifies the output format of the bootstrap data enum: - cloud-config - ignition type: string ignition: - description: Ignition contains Ignition specific configuration. + description: ignition contains Ignition specific configuration. properties: containerLinuxConfig: - description: ContainerLinuxConfig contains CLC specific + description: containerLinuxConfig contains CLC specific configuration. properties: additionalConfig: description: |- - AdditionalConfig contains additional configuration to be merged with the Ignition + additionalConfig contains additional configuration to be merged with the Ignition configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging - The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + maxLength: 32768 + minLength: 1 type: string strict: - description: Strict controls if AdditionalConfig + description: strict controls if AdditionalConfig should be strictly parsed. If so, warnings are treated as errors. type: boolean type: object type: object initConfiguration: - description: InitConfiguration along with ClusterConfiguration + description: initConfiguration along with ClusterConfiguration are the configurations necessary for the init command properties: apiVersion: @@ -6931,7 +7354,7 @@ data: type: string bootstrapTokens: description: |- - BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. + bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature items: description: BootstrapToken describes one bootstrap @@ -6939,42 +7362,51 @@ data: properties: description: description: |- - Description sets a human-friendly message why this token exists and what it's used + description sets a human-friendly message why this token exists and what it's used for, so other administrators can know its purpose. + maxLength: 512 + minLength: 1 type: string expires: description: |- - Expires specifies the timestamp when this token expires. Defaults to being set + expires specifies the timestamp when this token expires. Defaults to being set dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. format: date-time type: string groups: description: |- - Groups specifies the extra groups that this token will authenticate as when/if + groups specifies the extra groups that this token will authenticate as when/if used for authentication items: + maxLength: 256 + minLength: 1 type: string + maxItems: 100 type: array token: description: |- - Token is used for establishing bidirectional trust between nodes and control-planes. + token is used for establishing bidirectional trust between nodes and control-planes. Used for joining nodes in the cluster. type: string ttl: description: |- - TTL defines the time to live for this token. Defaults to 24h. + ttl defines the time to live for this token. Defaults to 24h. Expires and TTL are mutually exclusive. type: string usages: description: |- - Usages describes the ways in which this token can be used. Can by default be used + usages describes the ways in which this token can be used. Can by default be used for establishing bidirectional trust, but that can be changed here. items: + maxLength: 256 + minLength: 1 type: string + maxItems: 100 type: array required: - token type: object + maxItems: 100 type: array kind: description: |- @@ -6986,7 +7418,7 @@ data: type: string localAPIEndpoint: description: |- - LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node + localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible @@ -6994,37 +7426,44 @@ data: fails you may set the desired value here. properties: advertiseAddress: - description: AdvertiseAddress sets the IP address + description: advertiseAddress sets the IP address for the API server to advertise. + maxLength: 39 + minLength: 1 type: string bindPort: description: |- - BindPort sets the secure port for the API Server to bind to. + bindPort sets the secure port for the API Server to bind to. Defaults to 6443. format: int32 type: integer type: object nodeRegistration: description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. When used in the context of control plane nodes, NodeRegistration should remain consistent across both InitConfiguration and JoinConfiguration properties: criSocket: - description: CRISocket is used to retrieve container + description: criSocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use + maxLength: 512 + minLength: 1 type: string ignorePreflightErrors: - description: IgnorePreflightErrors provides a + description: ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered. items: + maxLength: 512 + minLength: 1 type: string + maxItems: 50 type: array imagePullPolicy: description: |- - ImagePullPolicy specifies the policy for image pulling + imagePullPolicy specifies the policy for image pulling during kubeadm "init" and "join" operations. The value of this field must be one of "Always", "IfNotPresent" or "Never". Defaults to "IfNotPresent". This can be used only @@ -7036,7 +7475,7 @@ data: type: string imagePullSerial: description: |- - ImagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. + imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. This option takes effect only on Kubernetes >=1.31.0. Default: true (defaulted in kubeadm) type: boolean @@ -7044,19 +7483,21 @@ data: additionalProperties: type: string description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file + kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. type: object name: description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. This field is also used in the CommonName field of the kubelet's client certificate to the API server. Defaults to the hostname of the node if not provided. + maxLength: 253 + minLength: 1 type: string taints: description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. items: @@ -7088,16 +7529,17 @@ data: - effect - key type: object + maxItems: 100 type: array type: object patches: description: |- - Patches contains options related to applying patches to components deployed by kubeadm during + patches contains options related to applying patches to components deployed by kubeadm during "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22 properties: directory: description: |- - Directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". + directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. @@ -7107,19 +7549,24 @@ data: These files can be written into the target directory via KubeadmConfig.Files which specifies additional files to be created on the machine, either with content inline or by referencing a secret. + maxLength: 512 + minLength: 1 type: string type: object skipPhases: description: |- - SkipPhases is a list of phases to skip during command execution. + skipPhases is a list of phases to skip during command execution. The list of phases can be obtained with the "kubeadm init --help" command. This option takes effect only on Kubernetes >=1.22.0. items: + maxLength: 256 + minLength: 1 type: string + maxItems: 50 type: array type: object joinConfiguration: - description: JoinConfiguration is the kubeadm configuration + description: joinConfiguration is the kubeadm configuration for the join command properties: apiVersion: @@ -7131,51 +7578,55 @@ data: type: string caCertPath: description: |- - CACertPath is the path to the SSL certificate authority used to + caCertPath is the path to the SSL certificate authority used to secure comunications between node and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". - TODO: revisit when there is defaulting from k/k + maxLength: 512 + minLength: 1 type: string controlPlane: description: |- - ControlPlane defines the additional control plane instance to be deployed on the joining node. + controlPlane defines the additional control plane instance to be deployed on the joining node. If nil, no additional control plane instance will be deployed. properties: localAPIEndpoint: - description: LocalAPIEndpoint represents the endpoint + description: localAPIEndpoint represents the endpoint of the API server instance to be deployed on this node. properties: advertiseAddress: - description: AdvertiseAddress sets the IP + description: advertiseAddress sets the IP address for the API server to advertise. + maxLength: 39 + minLength: 1 type: string bindPort: description: |- - BindPort sets the secure port for the API Server to bind to. + bindPort sets the secure port for the API Server to bind to. Defaults to 6443. format: int32 type: integer type: object type: object discovery: - description: |- - Discovery specifies the options for the kubelet to use during the TLS Bootstrap process - TODO: revisit when there is defaulting from k/k + description: discovery specifies the options for the + kubelet to use during the TLS Bootstrap process properties: bootstrapToken: description: |- - BootstrapToken is used to set the options for bootstrap token based discovery + bootstrapToken is used to set the options for bootstrap token based discovery BootstrapToken and File are mutually exclusive properties: apiServerEndpoint: - description: APIServerEndpoint is an IP or + description: apiServerEndpoint is an IP or domain name to the API server from which info will be fetched. + maxLength: 512 + minLength: 1 type: string caCertHashes: description: |- - CACertHashes specifies a set of public key pins to verify + caCertHashes specifies a set of public key pins to verify when token-based discovery is used. The root CA found during discovery must match one of these values. Specifying an empty set disables root CA pinning, which can be unsafe. Each hash is specified as ":", @@ -7184,40 +7635,41 @@ data: ASN.1. These hashes can be calculated using, for example, OpenSSL: openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex items: + maxLength: 512 + minLength: 1 type: string + maxItems: 100 type: array token: description: |- - Token is a token used to validate cluster information + token is a token used to validate cluster information fetched from the control-plane. + maxLength: 512 + minLength: 1 type: string unsafeSkipCAVerification: description: |- - UnsafeSkipCAVerification allows token-based discovery + unsafeSkipCAVerification allows token-based discovery without CA verification via CACertHashes. This can weaken the security of kubeadm since other nodes can impersonate the control-plane. type: boolean - required: - - token type: object file: description: |- - File is used to specify a file or URL to a kubeconfig file from which to load cluster information + file is used to specify a file or URL to a kubeconfig file from which to load cluster information BootstrapToken and File are mutually exclusive properties: kubeConfig: description: |- - KubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information. + kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information. The file is generated at the path specified in KubeConfigPath. - Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint. Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret. properties: cluster: description: |- - Cluster contains information about how to communicate with the kubernetes cluster. - + cluster contains information about how to communicate with the kubernetes cluster. By default the following fields are automatically populated: - Server with the Cluster's ControlPlaneEndpoint. @@ -7225,93 +7677,107 @@ data: properties: certificateAuthorityData: description: |- - CertificateAuthorityData contains PEM-encoded certificate authority certificates. - + certificateAuthorityData contains PEM-encoded certificate authority certificates. Defaults to the Cluster's CA certificate if empty. format: byte + maxLength: 51200 + minLength: 1 type: string insecureSkipTLSVerify: - description: InsecureSkipTLSVerify + description: insecureSkipTLSVerify skips the validity check for the server's certificate. This will make your HTTPS connections insecure. type: boolean proxyURL: description: |- - ProxyURL is the URL to the proxy to be used for all requests made by this + proxyURL is the URL to the proxy to be used for all requests made by this client. URLs with "http", "https", and "socks5" schemes are supported. If this configuration is not provided or the empty string, the client attempts to construct a proxy configuration from http_proxy and https_proxy environment variables. If these environment variables are not set, the client does not attempt to proxy requests. - socks5 proxying does not currently support spdy streaming endpoints (exec, attach, port forward). + maxLength: 512 + minLength: 1 type: string server: description: |- - Server is the address of the kubernetes cluster (https://hostname:port). - + server is the address of the kubernetes cluster (https://hostname:port). Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint. + maxLength: 512 + minLength: 1 type: string tlsServerName: - description: TLSServerName is used + description: tlsServerName is used to check server certificate. If TLSServerName is empty, the hostname used to contact the server is used. + maxLength: 512 + minLength: 1 type: string type: object user: description: |- - User contains information that describes identity information. + user contains information that describes identity information. This is used to tell the kubernetes cluster who you are. properties: authProvider: - description: AuthProvider specifies + description: authProvider specifies a custom authentication plugin for the kubernetes cluster. properties: config: additionalProperties: type: string - description: Config holds the + description: config holds the parameters for the authentication plugin. type: object name: - description: Name is the name + description: name is the name of the authentication plugin. + maxLength: 256 + minLength: 1 type: string required: - name type: object exec: - description: Exec specifies a custom + description: exec specifies a custom exec-based authentication plugin for the kubernetes cluster. properties: apiVersion: description: |- - Preferred input version of the ExecInfo. The returned ExecCredentials MUST use + apiVersion is preferred input version of the ExecInfo. The returned ExecCredentials MUST use the same encoding version as the input. Defaults to client.authentication.k8s.io/v1 if not set. + maxLength: 512 + minLength: 1 type: string args: - description: Arguments to pass - to the command when executing - it. + description: args is the arguments + to pass to the command when + executing it. items: + maxLength: 512 + minLength: 1 type: string + maxItems: 100 type: array command: - description: Command to execute. + description: command to execute. + maxLength: 1024 + minLength: 1 type: string env: description: |- - Env defines additional environment variables to expose to the process. These + env defines additional environment variables to expose to the process. These are unioned with the host's environment, as well as variables client-go uses to pass argument to the plugin. items: @@ -7320,17 +7786,26 @@ data: credential plugin. properties: name: + description: name of the + environment variable + maxLength: 512 + minLength: 1 type: string value: + description: value of the + environment variable + maxLength: 512 + minLength: 1 type: string required: - name - value type: object + maxItems: 100 type: array provideClusterInfo: description: |- - ProvideClusterInfo determines whether or not to provide cluster information, + provideClusterInfo determines whether or not to provide cluster information, which could potentially contain very large CA data, to this exec plugin as a part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for @@ -7344,21 +7819,25 @@ data: - user type: object kubeConfigPath: - description: KubeConfigPath is used to specify + description: kubeConfigPath is used to specify the actual file path or URL to the kubeconfig file from which to load cluster information + maxLength: 512 + minLength: 1 type: string required: - kubeConfigPath type: object timeout: - description: Timeout modifies the discovery timeout + description: timeout modifies the discovery timeout type: string tlsBootstrapToken: description: |- - TLSBootstrapToken is a token used for TLS bootstrapping. + tlsBootstrapToken is a token used for TLS bootstrapping. If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information + maxLength: 512 + minLength: 1 type: string type: object kind: @@ -7371,25 +7850,30 @@ data: type: string nodeRegistration: description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. When used in the context of control plane nodes, NodeRegistration should remain consistent across both InitConfiguration and JoinConfiguration properties: criSocket: - description: CRISocket is used to retrieve container + description: criSocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use + maxLength: 512 + minLength: 1 type: string ignorePreflightErrors: - description: IgnorePreflightErrors provides a + description: ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered. items: + maxLength: 512 + minLength: 1 type: string + maxItems: 50 type: array imagePullPolicy: description: |- - ImagePullPolicy specifies the policy for image pulling + imagePullPolicy specifies the policy for image pulling during kubeadm "init" and "join" operations. The value of this field must be one of "Always", "IfNotPresent" or "Never". Defaults to "IfNotPresent". This can be used only @@ -7401,7 +7885,7 @@ data: type: string imagePullSerial: description: |- - ImagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. + imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. This option takes effect only on Kubernetes >=1.31.0. Default: true (defaulted in kubeadm) type: boolean @@ -7409,19 +7893,21 @@ data: additionalProperties: type: string description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file + kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. type: object name: description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. This field is also used in the CommonName field of the kubelet's client certificate to the API server. Defaults to the hostname of the node if not provided. + maxLength: 253 + minLength: 1 type: string taints: description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. items: @@ -7453,16 +7939,17 @@ data: - effect - key type: object + maxItems: 100 type: array type: object patches: description: |- - Patches contains options related to applying patches to components deployed by kubeadm during + patches contains options related to applying patches to components deployed by kubeadm during "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22 properties: directory: description: |- - Directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". + directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. @@ -7472,121 +7959,152 @@ data: These files can be written into the target directory via KubeadmConfig.Files which specifies additional files to be created on the machine, either with content inline or by referencing a secret. + maxLength: 512 + minLength: 1 type: string type: object skipPhases: description: |- - SkipPhases is a list of phases to skip during command execution. + skipPhases is a list of phases to skip during command execution. The list of phases can be obtained with the "kubeadm init --help" command. This option takes effect only on Kubernetes >=1.22.0. items: + maxLength: 256 + minLength: 1 type: string + maxItems: 50 type: array type: object mounts: - description: Mounts specifies a list of mount points to + description: mounts specifies a list of mount points to be setup. items: description: MountPoints defines input for generated mounts in cloud-init. items: + maxLength: 512 + minLength: 1 type: string type: array + maxItems: 100 type: array ntp: - description: NTP specifies NTP configuration + description: ntp specifies NTP configuration properties: enabled: - description: Enabled specifies whether NTP should + description: enabled specifies whether NTP should be enabled type: boolean servers: - description: Servers specifies which NTP servers to + description: servers specifies which NTP servers to use items: + maxLength: 512 + minLength: 1 type: string + maxItems: 100 type: array type: object postKubeadmCommands: - description: PostKubeadmCommands specifies extra commands - to run after kubeadm runs + description: |- + postKubeadmCommands specifies extra commands to run after kubeadm runs. + With cloud-init, this is appended to the runcmd module configuration, and is typically executed in + the cloud-final.service systemd unit. In Ignition, this is appended to /etc/kubeadm.sh. items: + maxLength: 10240 + minLength: 1 type: string + maxItems: 1000 type: array preKubeadmCommands: - description: PreKubeadmCommands specifies extra commands - to run before kubeadm runs + description: |- + preKubeadmCommands specifies extra commands to run before kubeadm runs. + With cloud-init, this is prepended to the runcmd module configuration, and is typically executed in + the cloud-final.service systemd unit. In Ignition, this is prepended to /etc/kubeadm.sh. items: + maxLength: 10240 + minLength: 1 type: string + maxItems: 1000 type: array useExperimentalRetryJoin: description: |- - UseExperimentalRetryJoin replaces a basic kubeadm command with a shell + useExperimentalRetryJoin replaces a basic kubeadm command with a shell script with retries for joins. - This is meant to be an experimental temporary workaround on some environments where joins fail due to timing (and other issues). The long term goal is to add retries to kubeadm proper and use that functionality. - This will add about 40KB to userdata - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. - Deprecated: This experimental fix is no longer needed and this field will be removed in a future release. When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml type: boolean users: - description: Users specifies extra users to add + description: users specifies extra users to add items: description: User defines the input for a generated user in cloud-init. properties: gecos: - description: Gecos specifies the gecos to use for + description: gecos specifies the gecos to use for the user + maxLength: 256 + minLength: 1 type: string groups: - description: Groups specifies the additional groups + description: groups specifies the additional groups for the user + maxLength: 256 + minLength: 1 type: string homeDir: - description: HomeDir specifies the home directory + description: homeDir specifies the home directory to use for the user + maxLength: 256 + minLength: 1 type: string inactive: - description: Inactive specifies whether to mark + description: inactive specifies whether to mark the user as inactive type: boolean lockPassword: - description: LockPassword specifies if password + description: lockPassword specifies if password login should be disabled type: boolean name: - description: Name specifies the user name + description: name specifies the user name + maxLength: 256 + minLength: 1 type: string passwd: - description: Passwd specifies a hashed password + description: passwd specifies a hashed password for the user + maxLength: 256 + minLength: 1 type: string passwdFrom: - description: PasswdFrom is a referenced source of + description: passwdFrom is a referenced source of passwd to populate the passwd. properties: secret: - description: Secret represents a secret that + description: secret represents a secret that should populate this password. properties: key: - description: Key is the key in the secret's + description: key is the key in the secret's data map for this value. + maxLength: 256 + minLength: 1 type: string name: - description: Name of the secret in the KubeadmBootstrapConfig's + description: name of the secret in the KubeadmBootstrapConfig's namespace to use. + maxLength: 253 + minLength: 1 type: string required: - key @@ -7596,48 +8114,79 @@ data: - secret type: object primaryGroup: - description: PrimaryGroup specifies the primary + description: primaryGroup specifies the primary group for the user + maxLength: 256 + minLength: 1 type: string shell: - description: Shell specifies the user's shell + description: shell specifies the user's shell + maxLength: 256 + minLength: 1 type: string sshAuthorizedKeys: - description: SSHAuthorizedKeys specifies a list + description: sshAuthorizedKeys specifies a list of ssh authorized keys for the user items: + maxLength: 2048 + minLength: 1 type: string + maxItems: 100 type: array sudo: - description: Sudo specifies a sudo role for the + description: sudo specifies a sudo role for the user + maxLength: 256 + minLength: 1 type: string required: - name type: object + maxItems: 100 type: array verbosity: description: |- - Verbosity is the number for the kubeadm log level verbosity. + verbosity is the number for the kubeadm log level verbosity. It overrides the `--v` flag in kubeadm commands. format: int32 type: integer type: object + machineNamingStrategy: + description: |- + machineNamingStrategy allows changing the naming pattern used when creating Machines. + InfraMachines & KubeadmConfigs will use the same name as the corresponding Machines. + properties: + template: + description: |- + template defines the template to use for generating the names of the Machine objects. + If not defined, it will fallback to `{{ .kubeadmControlPlane.name }}-{{ .random }}`. + If the generated name string exceeds 63 characters, it will be trimmed to 58 characters and will + get concatenated with a random suffix of length 5. + Length of the template string must not exceed 256 characters. + The template allows the following variables `.cluster.name`, `.kubeadmControlPlane.name` and `.random`. + The variable `.cluster.name` retrieves the name of the cluster object that owns the Machines being created. + The variable `.kubeadmControlPlane.name` retrieves the name of the KubeadmControlPlane object that owns the Machines being created. + The variable `.random` is substituted with random alphanumeric string, without vowels, of length 5. This variable is required + part of the template. If not provided, validation will fail. + maxLength: 256 + minLength: 1 + type: string + type: object machineTemplate: description: |- - MachineTemplate contains information about how machines + machineTemplate contains information about how machines should be shaped when creating or updating a control plane. properties: metadata: description: |- - Standard object's metadata. + metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata properties: annotations: additionalProperties: type: string description: |- - Annotations is an unstructured key value map stored with a resource that may be + annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations @@ -7646,7 +8195,7 @@ data: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels @@ -7654,89 +8203,87 @@ data: type: object nodeDeletionTimeout: description: |- - NodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine + nodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. If no value is provided, the default value for this property of the Machine resource will be used. type: string nodeDrainTimeout: description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node + nodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` type: string nodeVolumeDetachTimeout: description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes + nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. type: string type: object remediationStrategy: - description: The RemediationStrategy that controls how control - plane machine remediation happens. + description: remediationStrategy is the RemediationStrategy + that controls how control plane machine remediation happens. properties: maxRetry: - description: "MaxRetry is the Max number of retries while + description: "maxRetry is the Max number of retries while attempting to remediate an unhealthy machine.\nA retry happens when a machine that was created as a replacement for an unhealthy machine also fails.\nFor example, given - a control plane with three machines M1, M2, M3:\n\n\n\tM1 + a control plane with three machines M1, M2, M3:\n\n\tM1 become unhealthy; remediation happens, and M1-1 is created as a replacement.\n\tIf M1-1 (replacement of M1) has problems while bootstrapping it will become unhealthy, and then be\n\tremediated; such operation is considered a retry, remediation-retry #1.\n\tIf M1-2 (replacement of M1-1) becomes unhealthy, remediation-retry #2 will - happen, etc.\n\n\nA retry could happen only after RetryPeriod + happen, etc.\n\nA retry could happen only after RetryPeriod from the previous retry.\nIf a machine is marked as unhealthy after MinHealthyPeriod from the previous remediation expired,\nthis is not considered a retry anymore because the new issue is assumed unrelated from the previous - one.\n\n\nIf not set, the remedation will be retried - infinitely." + one.\n\nIf not set, the remedation will be retried infinitely." format: int32 type: integer minHealthyPeriod: - description: "MinHealthyPeriod defines the duration after + description: "minHealthyPeriod defines the duration after which KCP will consider any failure to a machine unrelated\nfrom the previous one. In this case the remediation is not considered a retry anymore, and thus the retry\ncounter restarts from 0. For example, assuming MinHealthyPeriod - is set to 1h (default)\n\n\n\tM1 become unhealthy; remediation + is set to 1h (default)\n\n\tM1 become unhealthy; remediation happens, and M1-1 is created as a replacement.\n\tIf M1-1 (replacement of M1) has problems within the 1hr after the creation, also\n\tthis machine will be remediated and this operation is considered a retry - a problem - related\n\tto the original issue happened to M1 -.\n\n\n\tIf + related\n\tto the original issue happened to M1 -.\n\n\tIf instead the problem on M1-1 is happening after MinHealthyPeriod expired, e.g. four days after\n\tm1-1 has been created as a remediation of M1, the problem on M1-1 is considered - unrelated to\n\tthe original issue happened to M1.\n\n\nIf + unrelated to\n\tthe original issue happened to M1.\n\nIf not set, this value is defaulted to 1h." type: string retryPeriod: description: |- - RetryPeriod is the duration that KCP should wait before remediating a machine being created as a replacement + retryPeriod is the duration that KCP should wait before remediating a machine being created as a replacement for an unhealthy machine (a retry). - If not set, a retry will happen immediately. type: string type: object rolloutAfter: description: |- - RolloutAfter is a field to indicate a rollout should be performed + rolloutAfter is a field to indicate a rollout should be performed after the specified time even if no changes have been made to the KubeadmControlPlane. format: date-time type: string rolloutBefore: description: |- - RolloutBefore is a field to indicate a rollout should be performed + rolloutBefore is a field to indicate a rollout should be performed if the specified criteria is met. properties: certificatesExpiryDays: description: |- - CertificatesExpiryDays indicates a rollout needs to be performed if the + certificatesExpiryDays indicates a rollout needs to be performed if the certificates of the machine will expire within the specified days. format: int32 type: integer @@ -7747,12 +8294,12 @@ data: maxSurge: 1 type: RollingUpdate description: |- - The RolloutStrategy to use to replace control plane machines with + rolloutStrategy is the RolloutStrategy to use to replace control plane machines with new ones. properties: rollingUpdate: description: |- - Rolling update config params. Present only if + rollingUpdate is the rolling update config params. Present only if RolloutStrategyType = RollingUpdate. properties: maxSurge: @@ -7760,7 +8307,7 @@ data: - type: integer - type: string description: |- - The maximum number of control planes that can be scheduled above or under the + maxSurge is the maximum number of control planes that can be scheduled above or under the desired number of control planes. Value can be an absolute number 1 or 0. Defaults to 1. @@ -7770,9 +8317,11 @@ data: type: object type: description: |- - Type of rollout. Currently the only supported strategy is + type of rollout. Currently the only supported strategy is "RollingUpdate". Default is RollingUpdate. + enum: + - RollingUpdate type: string type: object required: @@ -7844,6 +8393,24 @@ data: kubeadm.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true" name: capi-kubeadm-control-plane-manager-role rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - get + - list + - patch + - update + - watch - apiGroups: - apiextensions.k8s.io resources: @@ -7852,6 +8419,17 @@ data: - get - list - watch + - apiGroups: + - apiextensions.k8s.io + resourceNames: + - kubeadmcontrolplanes.controlplane.cluster.x-k8s.io + - kubeadmcontrolplanetemplates.controlplane.cluster.x-k8s.io + resources: + - customresourcedefinitions + - customresourcedefinitions/status + verbs: + - patch + - update - apiGroups: - authentication.k8s.io resources: @@ -7883,13 +8461,6 @@ data: resources: - clusters - clusters/status - verbs: - - get - - list - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - machinepools verbs: - get @@ -7908,24 +8479,6 @@ data: - patch - update - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - "" - resources: - - secrets - verbs: - - create - - get - - list - - patch - - update - - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -7997,8 +8550,7 @@ data: - --leader-elect - --diagnostics-address=${CAPI_DIAGNOSTICS_ADDRESS:=:8443} - --insecure-diagnostics=${CAPI_INSECURE_DIAGNOSTICS:=false} - - --use-deprecated-infra-machine-naming=${CAPI_USE_DEPRECATED_INFRA_MACHINE_NAMING:=false} - - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=true},ClusterTopology=${CLUSTER_TOPOLOGY:=false},KubeadmBootstrapFormatIgnition=${EXP_KUBEADM_BOOTSTRAP_FORMAT_IGNITION:=false} + - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=true},ClusterTopology=${CLUSTER_TOPOLOGY:=false},KubeadmBootstrapFormatIgnition=${EXP_KUBEADM_BOOTSTRAP_FORMAT_IGNITION:=false},PriorityQueue=${EXP_PRIORITY_QUEUE:=false} command: - /manager env: @@ -8014,7 +8566,7 @@ data: valueFrom: fieldRef: fieldPath: metadata.uid - image: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.8.0 + image: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.10.4 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -8228,6 +8780,12 @@ data: apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 kind: Metadata releaseSeries: + - major: 1 + minor: 10 + contract: v1beta1 + - major: 1 + minor: 9 + contract: v1beta1 - major: 1 minor: 8 contract: v1beta1 @@ -8260,6 +8818,6 @@ metadata: labels: provider.cluster.x-k8s.io/name: kubeadm provider.cluster.x-k8s.io/type: controlplane - provider.cluster.x-k8s.io/version: v1.8.0 - name: controlplane-kubeadm-v1.8.0 + provider.cluster.x-k8s.io/version: v1.10.4 + name: controlplane-kubeadm-v1.10.4 namespace: capi-kubeadm-control-plane-system diff --git a/test/e2e/resources/controlplane-kubeadm-v1.11.0.yaml b/test/e2e/resources/controlplane-kubeadm-v1.11.0.yaml new file mode 100644 index 000000000..26ffd6c80 --- /dev/null +++ b/test/e2e/resources/controlplane-kubeadm-v1.11.0.yaml @@ -0,0 +1,10635 @@ +apiVersion: v1 +data: + components: | + apiVersion: v1 + kind: Namespace + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + control-plane: controller-manager + name: capi-kubeadm-control-plane-system + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert + controller-gen.kubebuilder.io/version: v0.18.0 + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + cluster.x-k8s.io/v1beta1: v1beta1 + cluster.x-k8s.io/v1beta2: v1beta2 + name: kubeadmcontrolplanes.controlplane.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: controlplane.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: KubeadmControlPlane + listKind: KubeadmControlPlaneList + plural: kubeadmcontrolplanes + shortNames: + - kcp + singular: kubeadmcontrolplane + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster + jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name'] + name: Cluster + type: string + - description: This denotes whether or not the control plane has the uploaded + kubeadm-config configmap + jsonPath: .status.initialized + name: Initialized + type: boolean + - description: KubeadmControlPlane API Server is ready to receive requests + jsonPath: .status.ready + name: API Server Available + type: boolean + - description: Total number of machines desired by this control plane + jsonPath: .spec.replicas + name: Desired + priority: 10 + type: integer + - description: Total number of non-terminated machines targeted by this control + plane + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of fully running and ready control plane machines + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Total number of non-terminated machines targeted by this control + plane that have the desired template spec + jsonPath: .status.updatedReplicas + name: Updated + type: integer + - description: Total number of unavailable machines targeted by this control plane + jsonPath: .status.unavailableReplicas + name: Unavailable + type: integer + - description: Time duration since creation of KubeadmControlPlane + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this control plane + jsonPath: .spec.version + name: Version + type: string + deprecated: true + name: v1beta1 + schema: + openAPIV3Schema: + description: KubeadmControlPlane is the Schema for the KubeadmControlPlane + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the desired state of KubeadmControlPlane. + properties: + kubeadmConfigSpec: + description: |- + kubeadmConfigSpec is a KubeadmConfigSpec + to use for initializing and joining machines to the control plane. + properties: + bootCommands: + description: |- + bootCommands specifies extra commands to run very early in the boot process via the cloud-init bootcmd + module. bootcmd will run on every boot, 'cloud-init-per' command can be used to make bootcmd run exactly + once. This is typically run in the cloud-init.service systemd unit. This has no effect in Ignition. + items: + maxLength: 10240 + minLength: 1 + type: string + maxItems: 1000 + type: array + clusterConfiguration: + description: clusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: apiServer contains extra settings for the API + server control plane component + properties: + certSANs: + description: certSANs sets extra Subject Alternative Names + for the API Server signing cert. + items: + maxLength: 253 + minLength: 1 + type: string + maxItems: 100 + type: array + extraArgs: + additionalProperties: + type: string + description: extraArgs is an extra set of flags to pass + to the control plane component. + type: object + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to the control plane component. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + type: array + extraVolumes: + description: extraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: |- + HostPathMount contains elements describing volumes that are mounted from the + host. + properties: + hostPath: + description: |- + hostPath is the path in the host that will be mounted inside + the pod. + maxLength: 512 + minLength: 1 + type: string + mountPath: + description: mountPath is the path inside the pod + where hostPath will be mounted. + maxLength: 512 + minLength: 1 + type: string + name: + description: name of the volume inside the pod template. + maxLength: 512 + minLength: 1 + type: string + pathType: + description: pathType is the type of the HostPath. + type: string + readOnly: + description: readOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + maxItems: 100 + type: array + timeoutForControlPlane: + description: timeoutForControlPlane controls the timeout + that we use for API server to appear + type: string + type: object + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + certificatesDir: + description: |- + certificatesDir specifies where to store or look for all required certificates. + NB: if not provided, this will default to `/etc/kubernetes/pki` + maxLength: 512 + minLength: 1 + type: string + clusterName: + description: clusterName is the cluster name + maxLength: 63 + minLength: 1 + type: string + controlPlaneEndpoint: + description: |- + controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it + can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. + In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort + are used; in case the ControlPlaneEndpoint is specified but without a TCP port, + the BindPort is used. + Possible usages are: + e.g. In a cluster with more than one control plane instances, this field should be + assigned the address of the external load balancer in front of the + control plane instances. + e.g. in environments with enforced node recycling, the ControlPlaneEndpoint + could be used for assigning a stable DNS to the control plane. + NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. + maxLength: 512 + minLength: 1 + type: string + controllerManager: + description: controllerManager contains extra settings for + the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: extraArgs is an extra set of flags to pass + to the control plane component. + type: object + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to the control plane component. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + type: array + extraVolumes: + description: extraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: |- + HostPathMount contains elements describing volumes that are mounted from the + host. + properties: + hostPath: + description: |- + hostPath is the path in the host that will be mounted inside + the pod. + maxLength: 512 + minLength: 1 + type: string + mountPath: + description: mountPath is the path inside the pod + where hostPath will be mounted. + maxLength: 512 + minLength: 1 + type: string + name: + description: name of the volume inside the pod template. + maxLength: 512 + minLength: 1 + type: string + pathType: + description: pathType is the type of the HostPath. + type: string + readOnly: + description: readOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + maxItems: 100 + type: array + type: object + dns: + description: dns defines the options for the DNS add-on installed + in the cluster. + properties: + imageRepository: + description: |- + imageRepository sets the container registry to pull images from. + if not set, the ImageRepository defined in ClusterConfiguration will be used instead. + maxLength: 512 + minLength: 1 + type: string + imageTag: + description: |- + imageTag allows to specify a tag for the image. + In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. + maxLength: 256 + minLength: 1 + type: string + type: object + etcd: + description: |- + etcd holds configuration for etcd. + NB: This value defaults to a Local (stacked) etcd + properties: + external: + description: |- + external describes how to connect to an external etcd cluster + Local and External are mutually exclusive + properties: + caFile: + description: |- + caFile is an SSL Certificate Authority file used to secure etcd communication. + Required if using a TLS connection. + maxLength: 512 + minLength: 1 + type: string + certFile: + description: |- + certFile is an SSL certification file used to secure etcd communication. + Required if using a TLS connection. + maxLength: 512 + minLength: 1 + type: string + endpoints: + description: endpoints of etcd members. Required for + ExternalEtcd. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 50 + type: array + keyFile: + description: |- + keyFile is an SSL key file used to secure etcd communication. + Required if using a TLS connection. + maxLength: 512 + minLength: 1 + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: |- + local provides configuration knobs for configuring the local etcd instance + Local and External are mutually exclusive + properties: + dataDir: + description: |- + dataDir is the directory etcd will place its data. + Defaults to "/var/lib/etcd". + maxLength: 512 + minLength: 1 + type: string + extraArgs: + additionalProperties: + type: string + description: |- + extraArgs are extra arguments provided to the etcd binary + when run inside a static pod. + type: object + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to the control plane component. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + type: array + imageRepository: + description: |- + imageRepository sets the container registry to pull images from. + if not set, the ImageRepository defined in ClusterConfiguration will be used instead. + maxLength: 512 + minLength: 1 + type: string + imageTag: + description: |- + imageTag allows to specify a tag for the image. + In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. + maxLength: 256 + minLength: 1 + type: string + peerCertSANs: + description: peerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + maxLength: 253 + minLength: 1 + type: string + maxItems: 100 + type: array + serverCertSANs: + description: serverCertSANs sets extra Subject Alternative + Names for the etcd server signing cert. + items: + maxLength: 253 + minLength: 1 + type: string + maxItems: 100 + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: featureGates enabled by the user. + type: object + imageRepository: + description: |- + imageRepository sets the container registry to pull images from. + * If not set, the default registry of kubeadm will be used, i.e. + * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 + * k8s.gcr.io (old registry): all older versions + Please note that when imageRepository is not set we don't allow upgrades to + versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use + a newer patch version with the new registry instead (i.e. >= v1.22.17, + >= v1.23.15, >= v1.24.9, >= v1.25.0). + * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) + `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components + and for kube-proxy, while `registry.k8s.io` will be used for all the other images. + maxLength: 512 + minLength: 1 + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + kubernetesVersion: + description: |- + kubernetesVersion is the target version of the control plane. + NB: This value defaults to the Machine object spec.version + maxLength: 256 + minLength: 1 + type: string + networking: + description: |- + networking holds configuration for the networking topology of the cluster. + NB: This value defaults to the Cluster object spec.clusterNetwork. + properties: + dnsDomain: + description: dnsDomain is the dns domain used by k8s services. + Defaults to "cluster.local". + maxLength: 253 + minLength: 1 + type: string + podSubnet: + description: |- + podSubnet is the subnet used by pods. + If unset, the API server will not allocate CIDR ranges for every node. + Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set + maxLength: 1024 + minLength: 1 + type: string + serviceSubnet: + description: |- + serviceSubnet is the subnet used by k8s services. + Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or + to "10.96.0.0/12" if that's unset. + maxLength: 1024 + minLength: 1 + type: string + type: object + scheduler: + description: scheduler contains extra settings for the scheduler + control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: extraArgs is an extra set of flags to pass + to the control plane component. + type: object + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to the control plane component. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + type: array + extraVolumes: + description: extraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: |- + HostPathMount contains elements describing volumes that are mounted from the + host. + properties: + hostPath: + description: |- + hostPath is the path in the host that will be mounted inside + the pod. + maxLength: 512 + minLength: 1 + type: string + mountPath: + description: mountPath is the path inside the pod + where hostPath will be mounted. + maxLength: 512 + minLength: 1 + type: string + name: + description: name of the volume inside the pod template. + maxLength: 512 + minLength: 1 + type: string + pathType: + description: pathType is the type of the HostPath. + type: string + readOnly: + description: readOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + maxItems: 100 + type: array + type: object + type: object + diskSetup: + description: diskSetup specifies options for the creation of partition + tables and file systems on devices. + properties: + filesystems: + description: filesystems specifies the list of file systems + to setup. + items: + description: Filesystem defines the file systems to be created. + properties: + device: + description: device specifies the device name + maxLength: 256 + minLength: 1 + type: string + extraOpts: + description: extraOpts defined extra options to add + to the command for creating the file system. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + type: array + filesystem: + description: filesystem specifies the file system type. + maxLength: 128 + minLength: 1 + type: string + label: + description: label specifies the file system label to + be used. If set to None, no label is used. + maxLength: 512 + minLength: 1 + type: string + overwrite: + description: |- + overwrite defines whether or not to overwrite any existing filesystem. + If true, any pre-existing file system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'partition specifies the partition to use. + The valid options are: "auto|any", "auto", "any", + "none", and , where NUM is the actual partition + number.' + maxLength: 128 + minLength: 1 + type: string + replaceFS: + description: |- + replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . + NOTE: unless you define a label, this requires the use of the 'any' partition directive. + maxLength: 128 + minLength: 1 + type: string + required: + - device + - filesystem + type: object + maxItems: 100 + type: array + partitions: + description: partitions specifies the list of the partitions + to setup. + items: + description: Partition defines how to create and layout + a partition. + properties: + device: + description: device is the name of the device. + maxLength: 256 + minLength: 1 + type: string + layout: + description: |- + layout specifies the device layout. + If it is true, a single partition will be created for the entire device. + When layout is false, it means don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: |- + overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. + Use with caution. Default is 'false'. + type: boolean + tableType: + description: |- + tableType specifies the tupe of partition table. The following are supported: + 'mbr': default and setups a MS-DOS partition table + 'gpt': setups a GPT partition table + enum: + - mbr + - gpt + type: string + required: + - device + - layout + type: object + maxItems: 100 + type: array + type: object + files: + description: files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + append: + description: append specifies whether to append Content + to existing file if Path exists. + type: boolean + content: + description: content is the actual content of the file. + maxLength: 10240 + minLength: 1 + type: string + contentFrom: + description: contentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: secret represents a secret that should + populate this file. + properties: + key: + description: key is the key in the secret's data + map for this value. + maxLength: 256 + minLength: 1 + type: string + name: + description: name of the secret in the KubeadmBootstrapConfig's + namespace to use. + maxLength: 253 + minLength: 1 + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: encoding specifies the encoding of the file + contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: owner specifies the ownership of the file, + e.g. "root:root". + maxLength: 256 + minLength: 1 + type: string + path: + description: path specifies the full path on disk where + to store the file. + maxLength: 512 + minLength: 1 + type: string + permissions: + description: permissions specifies the permissions to assign + to the file, e.g. "0640". + maxLength: 16 + minLength: 1 + type: string + required: + - path + type: object + maxItems: 200 + type: array + format: + description: format specifies the output format of the bootstrap + data + enum: + - cloud-config + - ignition + type: string + ignition: + description: ignition contains Ignition specific configuration. + properties: + containerLinuxConfig: + description: containerLinuxConfig contains CLC specific configuration. + properties: + additionalConfig: + description: |- + additionalConfig contains additional configuration to be merged with the Ignition + configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging + + The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + maxLength: 32768 + minLength: 1 + type: string + strict: + description: strict controls if AdditionalConfig should + be strictly parsed. If so, warnings are treated as errors. + type: boolean + type: object + type: object + initConfiguration: + description: initConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + bootstrapTokens: + description: |- + bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. + This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap token, + stored as a Secret in the cluster. + properties: + description: + description: |- + description sets a human-friendly message why this token exists and what it's used + for, so other administrators can know its purpose. + maxLength: 512 + minLength: 1 + type: string + expires: + description: |- + expires specifies the timestamp when this token expires. Defaults to being set + dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. + format: date-time + type: string + groups: + description: |- + groups specifies the extra groups that this token will authenticate as when/if + used for authentication + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + type: array + token: + description: |- + token is used for establishing bidirectional trust between nodes and control-planes. + Used for joining nodes in the cluster. + type: string + ttl: + description: |- + ttl defines the time to live for this token. Defaults to 24h. + Expires and TTL are mutually exclusive. + type: string + usages: + description: |- + usages describes the ways in which this token can be used. Can by default be used + for establishing bidirectional trust, but that can be changed here. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + type: array + required: + - token + type: object + maxItems: 100 + type: array + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + localAPIEndpoint: + description: |- + localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node + In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint + is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This + configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible + on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process + fails you may set the desired value here. + properties: + advertiseAddress: + description: advertiseAddress sets the IP address for + the API server to advertise. + maxLength: 39 + minLength: 1 + type: string + bindPort: + description: |- + bindPort sets the secure port for the API Server to bind to. + Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: |- + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: criSocket is used to retrieve container runtime + info. This information will be annotated to the Node + API object, for later re-use + maxLength: 512 + minLength: 1 + type: string + ignorePreflightErrors: + description: ignorePreflightErrors provides a slice of + pre-flight errors to be ignored when the current node + is registered. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 50 + type: array + imagePullPolicy: + description: |- + imagePullPolicy specifies the policy for image pulling + during kubeadm "init" and "join" operations. The value of + this field must be one of "Always", "IfNotPresent" or + "Never". Defaults to "IfNotPresent". This can be used only + with Kubernetes version equal to 1.22 and later. + enum: + - Always + - IfNotPresent + - Never + type: string + imagePullSerial: + description: |- + imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. + This option takes effect only on Kubernetes >=1.31.0. + Default: true (defaulted in kubeadm) + type: boolean + kubeletExtraArgs: + additionalProperties: + type: string + description: |- + kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file + kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. + type: object + name: + description: |- + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field of the kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + maxLength: 253 + minLength: 1 + type: string + taints: + description: |- + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an + empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. + items: + description: |- + The node this Taint is attached to has the "effect" on + any pod that does not tolerate the Taint. + properties: + effect: + description: |- + Required. The effect of the taint on pods + that do not tolerate the taint. + Valid effects are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: |- + TimeAdded represents the time at which the taint was added. + It is only written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to the + taint key. + type: string + required: + - effect + - key + type: object + maxItems: 100 + type: array + type: object + patches: + description: |- + patches contains options related to applying patches to components deployed by kubeadm during + "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22 + properties: + directory: + description: |- + directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of + "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one + of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. + The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". + "suffix" is an optional string that can be used to determine which patches are applied + first alpha-numerically. + These files can be written into the target directory via KubeadmConfig.Files which + specifies additional files to be created on the machine, either with content inline or + by referencing a secret. + maxLength: 512 + minLength: 1 + type: string + type: object + skipPhases: + description: |- + skipPhases is a list of phases to skip during command execution. + The list of phases can be obtained with the "kubeadm init --help" command. + This option takes effect only on Kubernetes >=1.22.0. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 50 + type: array + type: object + joinConfiguration: + description: joinConfiguration is the kubeadm configuration for + the join command + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + caCertPath: + description: |- + caCertPath is the path to the SSL certificate authority used to + secure comunications between node and control-plane. + Defaults to "/etc/kubernetes/pki/ca.crt". + maxLength: 512 + minLength: 1 + type: string + controlPlane: + description: |- + controlPlane defines the additional control plane instance to be deployed on the joining node. + If nil, no additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: localAPIEndpoint represents the endpoint + of the API server instance to be deployed on this node. + properties: + advertiseAddress: + description: advertiseAddress sets the IP address + for the API server to advertise. + maxLength: 39 + minLength: 1 + type: string + bindPort: + description: |- + bindPort sets the secure port for the API Server to bind to. + Defaults to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: discovery specifies the options for the kubelet + to use during the TLS Bootstrap process + properties: + bootstrapToken: + description: |- + bootstrapToken is used to set the options for bootstrap token based discovery + BootstrapToken and File are mutually exclusive + properties: + apiServerEndpoint: + description: apiServerEndpoint is an IP or domain + name to the API server from which info will be fetched. + maxLength: 512 + minLength: 1 + type: string + caCertHashes: + description: |- + caCertHashes specifies a set of public key pins to verify + when token-based discovery is used. The root CA found during discovery + must match one of these values. Specifying an empty set disables root CA + pinning, which can be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". This is a hex-encoded + SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded + ASN.1. These hashes can be calculated using, for example, OpenSSL: + openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 100 + type: array + token: + description: |- + token is a token used to validate cluster information + fetched from the control-plane. + maxLength: 512 + minLength: 1 + type: string + unsafeSkipCAVerification: + description: |- + unsafeSkipCAVerification allows token-based discovery + without CA verification via CACertHashes. This can weaken + the security of kubeadm since other nodes can impersonate the control-plane. + type: boolean + type: object + file: + description: |- + file is used to specify a file or URL to a kubeconfig file from which to load cluster information + BootstrapToken and File are mutually exclusive + properties: + kubeConfig: + description: |- + kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information. + The file is generated at the path specified in KubeConfigPath. + + Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint. + Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret. + properties: + cluster: + description: |- + cluster contains information about how to communicate with the kubernetes cluster. + + By default the following fields are automatically populated: + - Server with the Cluster's ControlPlaneEndpoint. + - CertificateAuthorityData with the Cluster's CA certificate. + properties: + certificateAuthorityData: + description: |- + certificateAuthorityData contains PEM-encoded certificate authority certificates. + + Defaults to the Cluster's CA certificate if empty. + format: byte + maxLength: 51200 + minLength: 1 + type: string + insecureSkipTLSVerify: + description: insecureSkipTLSVerify skips the + validity check for the server's certificate. + This will make your HTTPS connections insecure. + type: boolean + proxyURL: + description: |- + proxyURL is the URL to the proxy to be used for all requests made by this + client. URLs with "http", "https", and "socks5" schemes are supported. If + this configuration is not provided or the empty string, the client + attempts to construct a proxy configuration from http_proxy and + https_proxy environment variables. If these environment variables are not + set, the client does not attempt to proxy requests. + + socks5 proxying does not currently support spdy streaming endpoints (exec, + attach, port forward). + maxLength: 512 + minLength: 1 + type: string + server: + description: |- + server is the address of the kubernetes cluster (https://hostname:port). + + Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint. + maxLength: 512 + minLength: 1 + type: string + tlsServerName: + description: tlsServerName is used to check + server certificate. If TLSServerName is + empty, the hostname used to contact the + server is used. + maxLength: 512 + minLength: 1 + type: string + type: object + user: + description: |- + user contains information that describes identity information. + This is used to tell the kubernetes cluster who you are. + properties: + authProvider: + description: authProvider specifies a custom + authentication plugin for the kubernetes + cluster. + properties: + config: + additionalProperties: + type: string + description: config holds the parameters + for the authentication plugin. + type: object + name: + description: name is the name of the authentication + plugin. + maxLength: 256 + minLength: 1 + type: string + required: + - name + type: object + exec: + description: exec specifies a custom exec-based + authentication plugin for the kubernetes + cluster. + properties: + apiVersion: + description: |- + apiVersion is preferred input version of the ExecInfo. The returned ExecCredentials MUST use + the same encoding version as the input. + Defaults to client.authentication.k8s.io/v1 if not set. + maxLength: 512 + minLength: 1 + type: string + args: + description: args is the arguments to + pass to the command when executing it. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 100 + type: array + command: + description: command to execute. + maxLength: 1024 + minLength: 1 + type: string + env: + description: |- + env defines additional environment variables to expose to the process. These + are unioned with the host's environment, as well as variables client-go uses + to pass argument to the plugin. + items: + description: |- + KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based + credential plugin. + properties: + name: + description: name of the environment + variable + maxLength: 512 + minLength: 1 + type: string + value: + description: value of the environment + variable + maxLength: 512 + minLength: 1 + type: string + required: + - name + - value + type: object + maxItems: 100 + type: array + provideClusterInfo: + description: |- + provideClusterInfo determines whether or not to provide cluster information, + which could potentially contain very large CA data, to this exec plugin as a + part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set + to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for + reading this environment variable. + type: boolean + required: + - command + type: object + type: object + required: + - user + type: object + kubeConfigPath: + description: kubeConfigPath is used to specify the + actual file path or URL to the kubeconfig file from + which to load cluster information + maxLength: 512 + minLength: 1 + type: string + required: + - kubeConfigPath + type: object + timeout: + description: timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: |- + tlsBootstrapToken is a token used for TLS bootstrapping. + If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. + If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information + maxLength: 512 + minLength: 1 + type: string + type: object + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + nodeRegistration: + description: |- + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: criSocket is used to retrieve container runtime + info. This information will be annotated to the Node + API object, for later re-use + maxLength: 512 + minLength: 1 + type: string + ignorePreflightErrors: + description: ignorePreflightErrors provides a slice of + pre-flight errors to be ignored when the current node + is registered. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 50 + type: array + imagePullPolicy: + description: |- + imagePullPolicy specifies the policy for image pulling + during kubeadm "init" and "join" operations. The value of + this field must be one of "Always", "IfNotPresent" or + "Never". Defaults to "IfNotPresent". This can be used only + with Kubernetes version equal to 1.22 and later. + enum: + - Always + - IfNotPresent + - Never + type: string + imagePullSerial: + description: |- + imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. + This option takes effect only on Kubernetes >=1.31.0. + Default: true (defaulted in kubeadm) + type: boolean + kubeletExtraArgs: + additionalProperties: + type: string + description: |- + kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file + kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. + type: object + name: + description: |- + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field of the kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + maxLength: 253 + minLength: 1 + type: string + taints: + description: |- + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an + empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. + items: + description: |- + The node this Taint is attached to has the "effect" on + any pod that does not tolerate the Taint. + properties: + effect: + description: |- + Required. The effect of the taint on pods + that do not tolerate the taint. + Valid effects are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: |- + TimeAdded represents the time at which the taint was added. + It is only written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to the + taint key. + type: string + required: + - effect + - key + type: object + maxItems: 100 + type: array + type: object + patches: + description: |- + patches contains options related to applying patches to components deployed by kubeadm during + "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22 + properties: + directory: + description: |- + directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of + "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one + of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. + The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". + "suffix" is an optional string that can be used to determine which patches are applied + first alpha-numerically. + These files can be written into the target directory via KubeadmConfig.Files which + specifies additional files to be created on the machine, either with content inline or + by referencing a secret. + maxLength: 512 + minLength: 1 + type: string + type: object + skipPhases: + description: |- + skipPhases is a list of phases to skip during command execution. + The list of phases can be obtained with the "kubeadm init --help" command. + This option takes effect only on Kubernetes >=1.22.0. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 50 + type: array + type: object + mounts: + description: mounts specifies a list of mount points to be setup. + items: + description: MountPoints defines input for generated mounts + in cloud-init. + items: + maxLength: 512 + minLength: 1 + type: string + type: array + maxItems: 100 + type: array + ntp: + description: ntp specifies NTP configuration + properties: + enabled: + description: enabled specifies whether NTP should be enabled + type: boolean + servers: + description: servers specifies which NTP servers to use + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 100 + type: array + type: object + postKubeadmCommands: + description: |- + postKubeadmCommands specifies extra commands to run after kubeadm runs. + With cloud-init, this is appended to the runcmd module configuration, and is typically executed in + the cloud-final.service systemd unit. In Ignition, this is appended to /etc/kubeadm.sh. + items: + maxLength: 10240 + minLength: 1 + type: string + maxItems: 1000 + type: array + preKubeadmCommands: + description: |- + preKubeadmCommands specifies extra commands to run before kubeadm runs. + With cloud-init, this is prepended to the runcmd module configuration, and is typically executed in + the cloud-final.service systemd unit. In Ignition, this is prepended to /etc/kubeadm.sh. + items: + maxLength: 10240 + minLength: 1 + type: string + maxItems: 1000 + type: array + useExperimentalRetryJoin: + description: |- + useExperimentalRetryJoin replaces a basic kubeadm command with a shell + script with retries for joins. + + This is meant to be an experimental temporary workaround on some environments + where joins fail due to timing (and other issues). The long term goal is to add retries to + kubeadm proper and use that functionality. + + This will add about 40KB to userdata + + For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. + + Deprecated: This experimental fix is no longer needed and this field will be removed in a future release. + When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml + type: boolean + users: + description: users specifies extra users to add + items: + description: User defines the input for a generated user in + cloud-init. + properties: + gecos: + description: gecos specifies the gecos to use for the user + maxLength: 256 + minLength: 1 + type: string + groups: + description: groups specifies the additional groups for + the user + maxLength: 256 + minLength: 1 + type: string + homeDir: + description: homeDir specifies the home directory to use + for the user + maxLength: 256 + minLength: 1 + type: string + inactive: + description: inactive specifies whether to mark the user + as inactive + type: boolean + lockPassword: + description: lockPassword specifies if password login should + be disabled + type: boolean + name: + description: name specifies the user name + maxLength: 256 + minLength: 1 + type: string + passwd: + description: passwd specifies a hashed password for the + user + maxLength: 256 + minLength: 1 + type: string + passwdFrom: + description: passwdFrom is a referenced source of passwd + to populate the passwd. + properties: + secret: + description: secret represents a secret that should + populate this password. + properties: + key: + description: key is the key in the secret's data + map for this value. + maxLength: 256 + minLength: 1 + type: string + name: + description: name of the secret in the KubeadmBootstrapConfig's + namespace to use. + maxLength: 253 + minLength: 1 + type: string + required: + - key + - name + type: object + required: + - secret + type: object + primaryGroup: + description: primaryGroup specifies the primary group for + the user + maxLength: 256 + minLength: 1 + type: string + shell: + description: shell specifies the user's shell + maxLength: 256 + minLength: 1 + type: string + sshAuthorizedKeys: + description: sshAuthorizedKeys specifies a list of ssh authorized + keys for the user + items: + maxLength: 2048 + minLength: 1 + type: string + maxItems: 100 + type: array + sudo: + description: sudo specifies a sudo role for the user + maxLength: 256 + minLength: 1 + type: string + required: + - name + type: object + maxItems: 100 + type: array + verbosity: + description: |- + verbosity is the number for the kubeadm log level verbosity. + It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + machineNamingStrategy: + description: |- + machineNamingStrategy allows changing the naming pattern used when creating Machines. + InfraMachines & KubeadmConfigs will use the same name as the corresponding Machines. + properties: + template: + description: |- + template defines the template to use for generating the names of the Machine objects. + If not defined, it will fallback to `{{ .kubeadmControlPlane.name }}-{{ .random }}`. + If the generated name string exceeds 63 characters, it will be trimmed to 58 characters and will + get concatenated with a random suffix of length 5. + Length of the template string must not exceed 256 characters. + The template allows the following variables `.cluster.name`, `.kubeadmControlPlane.name` and `.random`. + The variable `.cluster.name` retrieves the name of the cluster object that owns the Machines being created. + The variable `.kubeadmControlPlane.name` retrieves the name of the KubeadmControlPlane object that owns the Machines being created. + The variable `.random` is substituted with random alphanumeric string, without vowels, of length 5. This variable is required + part of the template. If not provided, validation will fail. + maxLength: 256 + minLength: 1 + type: string + type: object + machineTemplate: + description: |- + machineTemplate contains information about how machines + should be shaped when creating or updating a control plane. + properties: + infrastructureRef: + description: |- + infrastructureRef is a required reference to a custom resource + offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + metadata: + description: |- + metadata is the standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + nodeDeletionTimeout: + description: |- + nodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine + hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. + If no value is provided, the default value for this property of the Machine resource will be used. + type: string + nodeDrainTimeout: + description: |- + nodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + type: string + nodeVolumeDetachTimeout: + description: |- + nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + type: string + readinessGates: + description: |- + readinessGates specifies additional conditions to include when evaluating Machine Ready condition; + KubeadmControlPlane will always add readinessGates for the condition it is setting on the Machine: + APIServerPodHealthy, SchedulerPodHealthy, ControllerManagerPodHealthy, and if etcd is managed by CKP also + EtcdPodHealthy, EtcdMemberHealthy. + + This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready + computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine. + + NOTE: This field is considered only for computing v1beta2 conditions. + items: + description: MachineReadinessGate contains the type of a Machine + condition to be used as a readiness gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Machine's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this readinessGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map + required: + - infrastructureRef + type: object + remediationStrategy: + description: remediationStrategy is the RemediationStrategy that controls + how control plane machine remediation happens. + properties: + maxRetry: + description: "maxRetry is the Max number of retries while attempting + to remediate an unhealthy machine.\nA retry happens when a machine + that was created as a replacement for an unhealthy machine also + fails.\nFor example, given a control plane with three machines + M1, M2, M3:\n\n\tM1 become unhealthy; remediation happens, and + M1-1 is created as a replacement.\n\tIf M1-1 (replacement of + M1) has problems while bootstrapping it will become unhealthy, + and then be\n\tremediated; such operation is considered a retry, + remediation-retry #1.\n\tIf M1-2 (replacement of M1-1) becomes + unhealthy, remediation-retry #2 will happen, etc.\n\nA retry + could happen only after RetryPeriod from the previous retry.\nIf + a machine is marked as unhealthy after MinHealthyPeriod from + the previous remediation expired,\nthis is not considered a + retry anymore because the new issue is assumed unrelated from + the previous one.\n\nIf not set, the remedation will be retried + infinitely." + format: int32 + type: integer + minHealthyPeriod: + description: "minHealthyPeriod defines the duration after which + KCP will consider any failure to a machine unrelated\nfrom the + previous one. In this case the remediation is not considered + a retry anymore, and thus the retry\ncounter restarts from 0. + For example, assuming MinHealthyPeriod is set to 1h (default)\n\n\tM1 + become unhealthy; remediation happens, and M1-1 is created as + a replacement.\n\tIf M1-1 (replacement of M1) has problems within + the 1hr after the creation, also\n\tthis machine will be remediated + and this operation is considered a retry - a problem related\n\tto + the original issue happened to M1 -.\n\n\tIf instead the problem + on M1-1 is happening after MinHealthyPeriod expired, e.g. four + days after\n\tm1-1 has been created as a remediation of M1, + the problem on M1-1 is considered unrelated to\n\tthe original + issue happened to M1.\n\nIf not set, this value is defaulted + to 1h." + type: string + retryPeriod: + description: |- + retryPeriod is the duration that KCP should wait before remediating a machine being created as a replacement + for an unhealthy machine (a retry). + + If not set, a retry will happen immediately. + type: string + type: object + replicas: + description: |- + replicas is the number of desired machines. Defaults to 1. When stacked etcd is used only + odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). + This is a pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + rolloutAfter: + description: |- + rolloutAfter is a field to indicate a rollout should be performed + after the specified time even if no changes have been made to the + KubeadmControlPlane. + Example: In the YAML the time can be specified in the RFC3339 format. + To specify the rolloutAfter target as March 9, 2023, at 9 am UTC + use "2023-03-09T09:00:00Z". + format: date-time + type: string + rolloutBefore: + description: |- + rolloutBefore is a field to indicate a rollout should be performed + if the specified criteria is met. + properties: + certificatesExpiryDays: + description: |- + certificatesExpiryDays indicates a rollout needs to be performed if the + certificates of the machine will expire within the specified days. + format: int32 + type: integer + type: object + rolloutStrategy: + default: + rollingUpdate: + maxSurge: 1 + type: RollingUpdate + description: |- + rolloutStrategy is the RolloutStrategy to use to replace control plane machines with + new ones. + properties: + rollingUpdate: + description: |- + rollingUpdate is the rolling update config params. Present only if + RolloutStrategyType = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + maxSurge is the maximum number of control planes that can be scheduled above or under the + desired number of control planes. + Value can be an absolute number 1 or 0. + Defaults to 1. + Example: when this is set to 1, the control plane can be scaled + up immediately when the rolling update starts. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + type of rollout. Currently the only supported strategy is + "RollingUpdate". + Default is RollingUpdate. + enum: + - RollingUpdate + type: string + type: object + version: + description: |- + version defines the desired Kubernetes version. + Please note that if kubeadmConfigSpec.ClusterConfiguration.imageRepository is not set + we don't allow upgrades to versions >= v1.22.0 for which kubeadm uses the old registry (k8s.gcr.io). + Please use a newer patch version with the new registry instead. The default registries of kubeadm are: + * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 + * k8s.gcr.io (old registry): all older versions + maxLength: 256 + minLength: 1 + type: string + required: + - kubeadmConfigSpec + - machineTemplate + - version + type: object + status: + description: status is the observed state of KubeadmControlPlane. + properties: + conditions: + description: conditions defines current service state of the KubeadmControlPlane. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: |- + failureMessage indicates that there is a terminal problem reconciling the + state, and will be set to a descriptive error message. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + maxLength: 10240 + minLength: 1 + type: string + failureReason: + description: |- + failureReason indicates that there is a terminal problem reconciling the + state, and will be set to a token value suitable for + programmatic interpretation. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + type: string + initialized: + description: |- + initialized denotes that the KubeadmControlPlane API Server is initialized and thus + it can accept requests. + NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning. + The value of this field is never updated after provisioning is completed. Please use conditions + to check the operational state of the control plane. + type: boolean + lastRemediation: + description: lastRemediation stores info about last remediation performed. + properties: + machine: + description: machine is the machine name of the latest machine + being remediated. + maxLength: 253 + minLength: 1 + type: string + retryCount: + description: |- + retryCount used to keep track of remediation retry for the last remediated machine. + A retry happens when a machine that was created as a replacement for an unhealthy machine also fails. + format: int32 + type: integer + timestamp: + description: timestamp is when last remediation happened. It is + represented in RFC3339 form and is in UTC. + format: date-time + type: string + required: + - machine + - retryCount + - timestamp + type: object + observedGeneration: + description: observedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: |- + ready denotes that the KubeadmControlPlane API Server became ready during initial provisioning + to receive requests. + NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning. + The value of this field is never updated after provisioning is completed. Please use conditions + to check the operational state of the control plane. + type: boolean + readyReplicas: + description: readyReplicas is the total number of fully running and + ready control plane machines. + format: int32 + type: integer + replicas: + description: |- + replicas is the total number of non-terminated machines targeted by this control plane + (their labels match the selector). + format: int32 + type: integer + selector: + description: |- + selector is the label selector in string format to avoid introspection + by clients, and is used to provide the CRD-based integration for the + scale subresource and additional integrations for things like kubectl + describe.. The string will be in the same format as the query-param syntax. + More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors + maxLength: 4096 + minLength: 1 + type: string + unavailableReplicas: + description: |- + unavailableReplicas is the total number of unavailable machines targeted by this control plane. + This is the total number of machines that are still required for + the deployment to have 100% available capacity. They may either + be machines that are running but not yet ready or machines + that still have not been created. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + format: int32 + type: integer + updatedReplicas: + description: |- + updatedReplicas is the total number of non-terminated machines targeted by this control plane + that have the desired template spec. + format: int32 + type: integer + v1beta2: + description: v1beta2 groups all the fields that will be added or modified + in KubeadmControlPlane's status with the V1Beta2 version. + properties: + availableReplicas: + description: availableReplicas is the number of available replicas + targeted by this KubeadmControlPlane. A machine is considered + available when Machine's Available condition is true. + format: int32 + type: integer + conditions: + description: |- + conditions represents the observations of a KubeadmControlPlane's current state. + Known condition types are Available, CertificatesAvailable, EtcdClusterAvailable, MachinesReady, MachinesUpToDate, + ScalingUp, ScalingDown, Remediating, Deleting, Paused. + items: + description: Condition contains details for one aspect of the + current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + readyReplicas: + description: readyReplicas is the number of ready replicas for + this KubeadmControlPlane. A machine is considered ready when + Machine's Ready condition is true. + format: int32 + type: integer + upToDateReplicas: + description: upToDateReplicas is the number of up-to-date replicas + targeted by this KubeadmControlPlane. A machine is considered + up-to-date when Machine's UpToDate condition is true. + format: int32 + type: integer + type: object + version: + description: |- + version represents the minimum Kubernetes version for the control plane machines + in the cluster. + maxLength: 256 + minLength: 1 + type: string + type: object + type: object + served: true + storage: false + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name'] + name: Cluster + type: string + - description: Cluster pass all availability checks + jsonPath: .status.conditions[?(@.type=="Available")].status + name: Available + type: string + - description: The desired number of machines + jsonPath: .spec.replicas + name: Desired + type: integer + - description: The number of machines + jsonPath: .status.replicas + name: Current + type: integer + - description: The number of machines with Ready condition true + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: The number of machines with Available condition true + jsonPath: .status.availableReplicas + name: Available + type: integer + - description: The number of machines with UpToDate condition true + jsonPath: .status.upToDateReplicas + name: Up-to-date + type: integer + - description: Reconciliation paused + jsonPath: .status.conditions[?(@.type=="Paused")].status + name: Paused + priority: 10 + type: string + - description: This denotes whether or not the control plane can accept requests + jsonPath: .status.initialization.controlPlaneInitialized + name: Initialized + type: boolean + - description: Time duration since creation of KubeadmControlPlane + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this control plane + jsonPath: .spec.version + name: Version + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: KubeadmControlPlane is the Schema for the KubeadmControlPlane + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the desired state of KubeadmControlPlane. + properties: + kubeadmConfigSpec: + description: |- + kubeadmConfigSpec is a KubeadmConfigSpec + to use for initializing and joining machines to the control plane. + minProperties: 1 + properties: + bootCommands: + description: |- + bootCommands specifies extra commands to run very early in the boot process via the cloud-init bootcmd + module. bootcmd will run on every boot, 'cloud-init-per' command can be used to make bootcmd run exactly + once. This is typically run in the cloud-init.service systemd unit. This has no effect in Ignition. + items: + maxLength: 10240 + minLength: 1 + type: string + maxItems: 1000 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + clusterConfiguration: + description: clusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + minProperties: 1 + properties: + apiServer: + description: apiServer contains extra settings for the API + server control plane component + minProperties: 1 + properties: + certSANs: + description: certSANs sets extra Subject Alternative Names + for the API Server signing cert. + items: + maxLength: 253 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + extraArgs: + description: |- + extraArgs is a list of args to pass to the control plane component. + The arg name must match the command line flag name except without leading dash(es). + Extra arguments will override existing default arguments set by kubeadm. + items: + description: Arg represents an argument with a name + and a value. + properties: + name: + description: name is the Name of the extraArg. + maxLength: 256 + minLength: 1 + type: string + value: + description: value is the Value of the extraArg. + maxLength: 1024 + minLength: 0 + type: string + required: + - name + - value + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + - value + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: extraArgs name must be unique + rule: self.all(x, self.exists_one(y, x.name == y.name)) + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to the control plane component. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + extraVolumes: + description: extraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: |- + HostPathMount contains elements describing volumes that are mounted from the + host. + properties: + hostPath: + description: |- + hostPath is the path in the host that will be mounted inside + the pod. + maxLength: 512 + minLength: 1 + type: string + mountPath: + description: mountPath is the path inside the pod + where hostPath will be mounted. + maxLength: 512 + minLength: 1 + type: string + name: + description: name of the volume inside the pod template. + maxLength: 512 + minLength: 1 + type: string + pathType: + description: pathType is the type of the HostPath. + type: string + readOnly: + description: readOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + caCertificateValidityPeriodDays: + description: |- + caCertificateValidityPeriodDays specifies the validity period for CA certificates generated by Cluster API. + If not specified, Cluster API will use a default of 3650 days (10 years). + This field cannot be modified. + format: int32 + maximum: 36500 + minimum: 1 + type: integer + certificateValidityPeriodDays: + description: |- + certificateValidityPeriodDays specifies the validity period for non-CA certificates generated by kubeadm. + If not specified, kubeadm will use a default of 365 days (1 year). + This field is only supported with Kubernetes v1.31 or above. + format: int32 + maximum: 1095 + minimum: 1 + type: integer + certificatesDir: + description: |- + certificatesDir specifies where to store or look for all required certificates. + NB: if not provided, this will default to `/etc/kubernetes/pki` + maxLength: 512 + minLength: 1 + type: string + controlPlaneEndpoint: + description: |- + controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it + can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. + In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort + are used; in case the ControlPlaneEndpoint is specified but without a TCP port, + the BindPort is used. + Possible usages are: + e.g. In a cluster with more than one control plane instances, this field should be + assigned the address of the external load balancer in front of the + control plane instances. + e.g. in environments with enforced node recycling, the ControlPlaneEndpoint + could be used for assigning a stable DNS to the control plane. + NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. + maxLength: 512 + minLength: 1 + type: string + controllerManager: + description: controllerManager contains extra settings for + the controller manager control plane component + minProperties: 1 + properties: + extraArgs: + description: |- + extraArgs is a list of args to pass to the control plane component. + The arg name must match the command line flag name except without leading dash(es). + Extra arguments will override existing default arguments set by kubeadm. + items: + description: Arg represents an argument with a name + and a value. + properties: + name: + description: name is the Name of the extraArg. + maxLength: 256 + minLength: 1 + type: string + value: + description: value is the Value of the extraArg. + maxLength: 1024 + minLength: 0 + type: string + required: + - name + - value + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + - value + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: extraArgs name must be unique + rule: self.all(x, self.exists_one(y, x.name == y.name)) + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to the control plane component. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + extraVolumes: + description: extraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: |- + HostPathMount contains elements describing volumes that are mounted from the + host. + properties: + hostPath: + description: |- + hostPath is the path in the host that will be mounted inside + the pod. + maxLength: 512 + minLength: 1 + type: string + mountPath: + description: mountPath is the path inside the pod + where hostPath will be mounted. + maxLength: 512 + minLength: 1 + type: string + name: + description: name of the volume inside the pod template. + maxLength: 512 + minLength: 1 + type: string + pathType: + description: pathType is the type of the HostPath. + type: string + readOnly: + description: readOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + dns: + description: dns defines the options for the DNS add-on installed + in the cluster. + minProperties: 1 + properties: + imageRepository: + description: |- + imageRepository sets the container registry to pull images from. + if not set, the ImageRepository defined in ClusterConfiguration will be used instead. + maxLength: 512 + minLength: 1 + type: string + imageTag: + description: |- + imageTag allows to specify a tag for the image. + In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. + maxLength: 256 + minLength: 1 + type: string + type: object + etcd: + description: |- + etcd holds configuration for etcd. + NB: This value defaults to a Local (stacked) etcd + minProperties: 1 + properties: + external: + description: |- + external describes how to connect to an external etcd cluster + Local and External are mutually exclusive + properties: + caFile: + description: |- + caFile is an SSL Certificate Authority file used to secure etcd communication. + Required if using a TLS connection. + maxLength: 512 + minLength: 1 + type: string + certFile: + description: |- + certFile is an SSL certification file used to secure etcd communication. + Required if using a TLS connection. + maxLength: 512 + minLength: 1 + type: string + endpoints: + description: endpoints of etcd members. Required for + ExternalEtcd. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + keyFile: + description: |- + keyFile is an SSL key file used to secure etcd communication. + Required if using a TLS connection. + maxLength: 512 + minLength: 1 + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: |- + local provides configuration knobs for configuring the local etcd instance + Local and External are mutually exclusive + minProperties: 1 + properties: + dataDir: + description: |- + dataDir is the directory etcd will place its data. + Defaults to "/var/lib/etcd". + maxLength: 512 + minLength: 1 + type: string + extraArgs: + description: |- + extraArgs is a list of args to pass to etcd. + The arg name must match the command line flag name except without leading dash(es). + Extra arguments will override existing default arguments set by kubeadm. + items: + description: Arg represents an argument with a name + and a value. + properties: + name: + description: name is the Name of the extraArg. + maxLength: 256 + minLength: 1 + type: string + value: + description: value is the Value of the extraArg. + maxLength: 1024 + minLength: 0 + type: string + required: + - name + - value + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + - value + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: extraArgs name must be unique + rule: self.all(x, self.exists_one(y, x.name == y.name)) + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to etcd. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + imageRepository: + description: |- + imageRepository sets the container registry to pull images from. + if not set, the ImageRepository defined in ClusterConfiguration will be used instead. + maxLength: 512 + minLength: 1 + type: string + imageTag: + description: |- + imageTag allows to specify a tag for the image. + In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. + maxLength: 256 + minLength: 1 + type: string + peerCertSANs: + description: peerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + maxLength: 253 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + serverCertSANs: + description: serverCertSANs sets extra Subject Alternative + Names for the etcd server signing cert. + items: + maxLength: 253 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: featureGates enabled by the user. + type: object + imageRepository: + description: |- + imageRepository sets the container registry to pull images from. + * If not set, the default registry of kubeadm will be used, i.e. + * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 + * k8s.gcr.io (old registry): all older versions + Please note that when imageRepository is not set we don't allow upgrades to + versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use + a newer patch version with the new registry instead (i.e. >= v1.22.17, + >= v1.23.15, >= v1.24.9, >= v1.25.0). + * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) + `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components + and for kube-proxy, while `registry.k8s.io` will be used for all the other images. + maxLength: 512 + minLength: 1 + type: string + scheduler: + description: scheduler contains extra settings for the scheduler + control plane component + minProperties: 1 + properties: + extraArgs: + description: |- + extraArgs is a list of args to pass to the control plane component. + The arg name must match the command line flag name except without leading dash(es). + Extra arguments will override existing default arguments set by kubeadm. + items: + description: Arg represents an argument with a name + and a value. + properties: + name: + description: name is the Name of the extraArg. + maxLength: 256 + minLength: 1 + type: string + value: + description: value is the Value of the extraArg. + maxLength: 1024 + minLength: 0 + type: string + required: + - name + - value + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + - value + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: extraArgs name must be unique + rule: self.all(x, self.exists_one(y, x.name == y.name)) + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to the control plane component. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + extraVolumes: + description: extraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: |- + HostPathMount contains elements describing volumes that are mounted from the + host. + properties: + hostPath: + description: |- + hostPath is the path in the host that will be mounted inside + the pod. + maxLength: 512 + minLength: 1 + type: string + mountPath: + description: mountPath is the path inside the pod + where hostPath will be mounted. + maxLength: 512 + minLength: 1 + type: string + name: + description: name of the volume inside the pod template. + maxLength: 512 + minLength: 1 + type: string + pathType: + description: pathType is the type of the HostPath. + type: string + readOnly: + description: readOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + type: object + diskSetup: + description: diskSetup specifies options for the creation of partition + tables and file systems on devices. + minProperties: 1 + properties: + filesystems: + description: filesystems specifies the list of file systems + to setup. + items: + description: Filesystem defines the file systems to be created. + properties: + device: + description: device specifies the device name + maxLength: 256 + minLength: 1 + type: string + extraOpts: + description: extraOpts defined extra options to add + to the command for creating the file system. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + type: array + x-kubernetes-list-type: atomic + filesystem: + description: filesystem specifies the file system type. + maxLength: 128 + minLength: 1 + type: string + label: + description: label specifies the file system label to + be used. If set to None, no label is used. + maxLength: 512 + minLength: 1 + type: string + overwrite: + description: |- + overwrite defines whether or not to overwrite any existing filesystem. + If true, any pre-existing file system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'partition specifies the partition to use. + The valid options are: "auto|any", "auto", "any", + "none", and , where NUM is the actual partition + number.' + maxLength: 128 + minLength: 1 + type: string + replaceFS: + description: |- + replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . + NOTE: unless you define a label, this requires the use of the 'any' partition directive. + maxLength: 128 + minLength: 1 + type: string + required: + - device + - filesystem + type: object + maxItems: 100 + type: array + x-kubernetes-list-type: atomic + partitions: + description: partitions specifies the list of the partitions + to setup. + items: + description: Partition defines how to create and layout + a partition. + properties: + device: + description: device is the name of the device. + maxLength: 256 + minLength: 1 + type: string + layout: + description: |- + layout specifies the device layout. + If it is true, a single partition will be created for the entire device. + When layout is false, it means don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: |- + overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. + Use with caution. Default is 'false'. + type: boolean + tableType: + description: |- + tableType specifies the tupe of partition table. The following are supported: + 'mbr': default and setups a MS-DOS partition table + 'gpt': setups a GPT partition table + enum: + - mbr + - gpt + type: string + required: + - device + - layout + type: object + maxItems: 100 + type: array + x-kubernetes-list-type: atomic + type: object + files: + description: files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + append: + description: append specifies whether to append Content + to existing file if Path exists. + type: boolean + content: + description: content is the actual content of the file. + maxLength: 10240 + minLength: 1 + type: string + contentFrom: + description: contentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: secret represents a secret that should + populate this file. + properties: + key: + description: key is the key in the secret's data + map for this value. + maxLength: 256 + minLength: 1 + type: string + name: + description: name of the secret in the KubeadmBootstrapConfig's + namespace to use. + maxLength: 253 + minLength: 1 + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: encoding specifies the encoding of the file + contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: owner specifies the ownership of the file, + e.g. "root:root". + maxLength: 256 + minLength: 1 + type: string + path: + description: path specifies the full path on disk where + to store the file. + maxLength: 512 + minLength: 1 + type: string + permissions: + description: permissions specifies the permissions to assign + to the file, e.g. "0640". + maxLength: 16 + minLength: 1 + type: string + required: + - path + type: object + maxItems: 200 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + format: + description: |- + format specifies the output format of the bootstrap data. + Defaults to cloud-config if not set. + enum: + - cloud-config + - ignition + type: string + ignition: + description: ignition contains Ignition specific configuration. + minProperties: 1 + properties: + containerLinuxConfig: + description: containerLinuxConfig contains CLC specific configuration. + minProperties: 1 + properties: + additionalConfig: + description: |- + additionalConfig contains additional configuration to be merged with the Ignition + configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging + + The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + maxLength: 32768 + minLength: 1 + type: string + strict: + description: strict controls if AdditionalConfig should + be strictly parsed. If so, warnings are treated as errors. + type: boolean + type: object + type: object + initConfiguration: + description: initConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + minProperties: 1 + properties: + bootstrapTokens: + description: |- + bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. + This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap token, + stored as a Secret in the cluster. + properties: + description: + description: |- + description sets a human-friendly message why this token exists and what it's used + for, so other administrators can know its purpose. + maxLength: 512 + minLength: 1 + type: string + expires: + description: |- + expires specifies the timestamp when this token expires. Defaults to being set + dynamically at runtime based on the ttlSeconds. Expires and ttlSeconds are mutually exclusive. + format: date-time + type: string + groups: + description: |- + groups specifies the extra groups that this token will authenticate as when/if + used for authentication + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + token: + description: |- + token is used for establishing bidirectional trust between nodes and control-planes. + Used for joining nodes in the cluster. + maxLength: 23 + minLength: 1 + type: string + ttlSeconds: + description: |- + ttlSeconds defines the time to live for this token. Defaults to 24h. + Expires and ttlSeconds are mutually exclusive. + format: int32 + minimum: 0 + type: integer + usages: + description: |- + usages describes the ways in which this token can be used. Can by default be used + for establishing bidirectional trust, but that can be changed here. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + required: + - token + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + localAPIEndpoint: + description: |- + localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node + In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint + is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This + configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible + on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process + fails you may set the desired value here. + minProperties: 1 + properties: + advertiseAddress: + description: advertiseAddress sets the IP address for + the API server to advertise. + maxLength: 39 + minLength: 1 + type: string + bindPort: + description: |- + bindPort sets the secure port for the API Server to bind to. + Defaults to 6443. + format: int32 + minimum: 1 + type: integer + type: object + nodeRegistration: + description: |- + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + minProperties: 1 + properties: + criSocket: + description: criSocket is used to retrieve container runtime + info. This information will be annotated to the Node + API object, for later re-use + maxLength: 512 + minLength: 1 + type: string + ignorePreflightErrors: + description: |- + ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered, e.g. 'IsPrivilegedUser,Swap'. + Value 'all' ignores errors from all checks. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + imagePullPolicy: + description: |- + imagePullPolicy specifies the policy for image pulling + during kubeadm "init" and "join" operations. The value of + this field must be one of "Always", "IfNotPresent" or + "Never". Defaults to "IfNotPresent" if not set. + enum: + - Always + - IfNotPresent + - Never + type: string + imagePullSerial: + description: |- + imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. + This option takes effect only on Kubernetes >=1.31.0. + Default: true (defaulted in kubeadm) + type: boolean + kubeletExtraArgs: + description: |- + kubeletExtraArgs is a list of args to pass to kubelet. + The arg name must match the command line flag name except without leading dash(es). + Extra arguments will override existing default arguments set by kubeadm. + items: + description: Arg represents an argument with a name + and a value. + properties: + name: + description: name is the Name of the extraArg. + maxLength: 256 + minLength: 1 + type: string + value: + description: value is the Value of the extraArg. + maxLength: 1024 + minLength: 0 + type: string + required: + - name + - value + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + - value + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: kubeletExtraArgs name must be unique + rule: self.all(x, self.exists_one(y, x.name == y.name)) + name: + description: |- + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field of the kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + maxLength: 253 + minLength: 1 + type: string + taints: + description: |- + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an + empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. + items: + description: |- + The node this Taint is attached to has the "effect" on + any pod that does not tolerate the Taint. + properties: + effect: + description: |- + Required. The effect of the taint on pods + that do not tolerate the taint. + Valid effects are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: |- + TimeAdded represents the time at which the taint was added. + It is only written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to the + taint key. + type: string + required: + - effect + - key + type: object + maxItems: 100 + minItems: 0 + type: array + type: object + patches: + description: |- + patches contains options related to applying patches to components deployed by kubeadm during + "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22 + minProperties: 1 + properties: + directory: + description: |- + directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of + "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one + of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. + The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". + "suffix" is an optional string that can be used to determine which patches are applied + first alpha-numerically. + These files can be written into the target directory via KubeadmConfig.Files which + specifies additional files to be created on the machine, either with content inline or + by referencing a secret. + maxLength: 512 + minLength: 1 + type: string + type: object + skipPhases: + description: |- + skipPhases is a list of phases to skip during command execution. + The list of phases can be obtained with the "kubeadm init --help" command. + This option takes effect only on Kubernetes >=1.22.0. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + timeouts: + description: timeouts holds various timeouts that apply to + kubeadm commands. + minProperties: 1 + properties: + controlPlaneComponentHealthCheckSeconds: + description: |- + controlPlaneComponentHealthCheckSeconds is the amount of time to wait for a control plane + component, such as the API server, to be healthy during "kubeadm init" and "kubeadm join". + If not set, it defaults to 4m (240s). + format: int32 + minimum: 0 + type: integer + discoverySeconds: + description: |- + discoverySeconds is the amount of time to wait for kubeadm to validate the API server identity + for a joining node. + If not set, it defaults to 5m (300s). + format: int32 + minimum: 0 + type: integer + etcdAPICallSeconds: + description: |- + etcdAPICallSeconds is the amount of time to wait for the kubeadm etcd client to complete a request to + the etcd cluster. + If not set, it defaults to 2m (120s). + format: int32 + minimum: 0 + type: integer + kubeletHealthCheckSeconds: + description: |- + kubeletHealthCheckSeconds is the amount of time to wait for the kubelet to be healthy + during "kubeadm init" and "kubeadm join". + If not set, it defaults to 4m (240s). + format: int32 + minimum: 0 + type: integer + kubernetesAPICallSeconds: + description: |- + kubernetesAPICallSeconds is the amount of time to wait for the kubeadm client to complete a request to + the API server. This applies to all types of methods (GET, POST, etc). + If not set, it defaults to 1m (60s). + format: int32 + minimum: 0 + type: integer + tlsBootstrapSeconds: + description: |- + tlsBootstrapSeconds is the amount of time to wait for the kubelet to complete TLS bootstrap + for a joining node. + If not set, it defaults to 5m (300s). + format: int32 + minimum: 0 + type: integer + type: object + type: object + joinConfiguration: + description: joinConfiguration is the kubeadm configuration for + the join command + minProperties: 1 + properties: + caCertPath: + description: |- + caCertPath is the path to the SSL certificate authority used to + secure communications between node and control-plane. + Defaults to "/etc/kubernetes/pki/ca.crt". + maxLength: 512 + minLength: 1 + type: string + controlPlane: + description: |- + controlPlane defines the additional control plane instance to be deployed on the joining node. + If nil, no additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: localAPIEndpoint represents the endpoint + of the API server instance to be deployed on this node. + minProperties: 1 + properties: + advertiseAddress: + description: advertiseAddress sets the IP address + for the API server to advertise. + maxLength: 39 + minLength: 1 + type: string + bindPort: + description: |- + bindPort sets the secure port for the API Server to bind to. + Defaults to 6443. + format: int32 + minimum: 1 + type: integer + type: object + type: object + discovery: + description: discovery specifies the options for the kubelet + to use during the TLS Bootstrap process + minProperties: 1 + properties: + bootstrapToken: + description: |- + bootstrapToken is used to set the options for bootstrap token based discovery + BootstrapToken and File are mutually exclusive + minProperties: 1 + properties: + apiServerEndpoint: + description: apiServerEndpoint is an IP or domain + name to the API server from which info will be fetched. + maxLength: 512 + minLength: 1 + type: string + caCertHashes: + description: |- + caCertHashes specifies a set of public key pins to verify + when token-based discovery is used. The root CA found during discovery + must match one of these values. Specifying an empty set disables root CA + pinning, which can be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". This is a hex-encoded + SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded + ASN.1. These hashes can be calculated using, for example, OpenSSL: + openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + token: + description: |- + token is a token used to validate cluster information + fetched from the control-plane. + maxLength: 512 + minLength: 1 + type: string + unsafeSkipCAVerification: + description: |- + unsafeSkipCAVerification allows token-based discovery + without CA verification via CACertHashes. This can weaken + the security of kubeadm since other nodes can impersonate the control-plane. + type: boolean + type: object + file: + description: |- + file is used to specify a file or URL to a kubeconfig file from which to load cluster information + BootstrapToken and File are mutually exclusive + properties: + kubeConfig: + description: |- + kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information. + The file is generated at the path specified in KubeConfigPath. + + Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint. + Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret. + properties: + cluster: + description: |- + cluster contains information about how to communicate with the kubernetes cluster. + + By default the following fields are automatically populated: + - Server with the Cluster's ControlPlaneEndpoint. + - CertificateAuthorityData with the Cluster's CA certificate. + minProperties: 1 + properties: + certificateAuthorityData: + description: |- + certificateAuthorityData contains PEM-encoded certificate authority certificates. + + Defaults to the Cluster's CA certificate if empty. + format: byte + maxLength: 51200 + minLength: 1 + type: string + insecureSkipTLSVerify: + description: insecureSkipTLSVerify skips the + validity check for the server's certificate. + This will make your HTTPS connections insecure. + type: boolean + proxyURL: + description: |- + proxyURL is the URL to the proxy to be used for all requests made by this + client. URLs with "http", "https", and "socks5" schemes are supported. If + this configuration is not provided or the empty string, the client + attempts to construct a proxy configuration from http_proxy and + https_proxy environment variables. If these environment variables are not + set, the client does not attempt to proxy requests. + + socks5 proxying does not currently support spdy streaming endpoints (exec, + attach, port forward). + maxLength: 512 + minLength: 1 + type: string + server: + description: |- + server is the address of the kubernetes cluster (https://hostname:port). + + Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint. + maxLength: 512 + minLength: 1 + type: string + tlsServerName: + description: tlsServerName is used to check + server certificate. If TLSServerName is + empty, the hostname used to contact the + server is used. + maxLength: 512 + minLength: 1 + type: string + type: object + user: + description: |- + user contains information that describes identity information. + This is used to tell the kubernetes cluster who you are. + minProperties: 1 + properties: + authProvider: + description: authProvider specifies a custom + authentication plugin for the kubernetes + cluster. + properties: + config: + additionalProperties: + type: string + description: config holds the parameters + for the authentication plugin. + type: object + name: + description: name is the name of the authentication + plugin. + maxLength: 256 + minLength: 1 + type: string + required: + - name + type: object + exec: + description: exec specifies a custom exec-based + authentication plugin for the kubernetes + cluster. + properties: + apiVersion: + description: |- + apiVersion is preferred input version of the ExecInfo. The returned ExecCredentials MUST use + the same encoding version as the input. + Defaults to client.authentication.k8s.io/v1 if not set. + maxLength: 512 + minLength: 1 + type: string + args: + description: args is the arguments to + pass to the command when executing it. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + command: + description: command to execute. + maxLength: 1024 + minLength: 1 + type: string + env: + description: |- + env defines additional environment variables to expose to the process. These + are unioned with the host's environment, as well as variables client-go uses + to pass argument to the plugin. + items: + description: |- + KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based + credential plugin. + properties: + name: + description: name of the environment + variable + maxLength: 512 + minLength: 1 + type: string + value: + description: value of the environment + variable + maxLength: 512 + minLength: 1 + type: string + required: + - name + - value + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + provideClusterInfo: + description: |- + provideClusterInfo determines whether or not to provide cluster information, + which could potentially contain very large CA data, to this exec plugin as a + part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set + to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for + reading this environment variable. + type: boolean + required: + - command + type: object + type: object + required: + - user + type: object + kubeConfigPath: + description: kubeConfigPath is used to specify the + actual file path or URL to the kubeconfig file from + which to load cluster information + maxLength: 512 + minLength: 1 + type: string + required: + - kubeConfigPath + type: object + tlsBootstrapToken: + description: |- + tlsBootstrapToken is a token used for TLS bootstrapping. + If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. + If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information + maxLength: 512 + minLength: 1 + type: string + type: object + nodeRegistration: + description: |- + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + minProperties: 1 + properties: + criSocket: + description: criSocket is used to retrieve container runtime + info. This information will be annotated to the Node + API object, for later re-use + maxLength: 512 + minLength: 1 + type: string + ignorePreflightErrors: + description: |- + ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered, e.g. 'IsPrivilegedUser,Swap'. + Value 'all' ignores errors from all checks. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + imagePullPolicy: + description: |- + imagePullPolicy specifies the policy for image pulling + during kubeadm "init" and "join" operations. The value of + this field must be one of "Always", "IfNotPresent" or + "Never". Defaults to "IfNotPresent" if not set. + enum: + - Always + - IfNotPresent + - Never + type: string + imagePullSerial: + description: |- + imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. + This option takes effect only on Kubernetes >=1.31.0. + Default: true (defaulted in kubeadm) + type: boolean + kubeletExtraArgs: + description: |- + kubeletExtraArgs is a list of args to pass to kubelet. + The arg name must match the command line flag name except without leading dash(es). + Extra arguments will override existing default arguments set by kubeadm. + items: + description: Arg represents an argument with a name + and a value. + properties: + name: + description: name is the Name of the extraArg. + maxLength: 256 + minLength: 1 + type: string + value: + description: value is the Value of the extraArg. + maxLength: 1024 + minLength: 0 + type: string + required: + - name + - value + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + - value + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: kubeletExtraArgs name must be unique + rule: self.all(x, self.exists_one(y, x.name == y.name)) + name: + description: |- + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field of the kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + maxLength: 253 + minLength: 1 + type: string + taints: + description: |- + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an + empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. + items: + description: |- + The node this Taint is attached to has the "effect" on + any pod that does not tolerate the Taint. + properties: + effect: + description: |- + Required. The effect of the taint on pods + that do not tolerate the taint. + Valid effects are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: |- + TimeAdded represents the time at which the taint was added. + It is only written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to the + taint key. + type: string + required: + - effect + - key + type: object + maxItems: 100 + minItems: 0 + type: array + type: object + patches: + description: |- + patches contains options related to applying patches to components deployed by kubeadm during + "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22 + minProperties: 1 + properties: + directory: + description: |- + directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of + "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one + of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. + The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". + "suffix" is an optional string that can be used to determine which patches are applied + first alpha-numerically. + These files can be written into the target directory via KubeadmConfig.Files which + specifies additional files to be created on the machine, either with content inline or + by referencing a secret. + maxLength: 512 + minLength: 1 + type: string + type: object + skipPhases: + description: |- + skipPhases is a list of phases to skip during command execution. + The list of phases can be obtained with the "kubeadm init --help" command. + This option takes effect only on Kubernetes >=1.22.0. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + timeouts: + description: timeouts holds various timeouts that apply to + kubeadm commands. + minProperties: 1 + properties: + controlPlaneComponentHealthCheckSeconds: + description: |- + controlPlaneComponentHealthCheckSeconds is the amount of time to wait for a control plane + component, such as the API server, to be healthy during "kubeadm init" and "kubeadm join". + If not set, it defaults to 4m (240s). + format: int32 + minimum: 0 + type: integer + discoverySeconds: + description: |- + discoverySeconds is the amount of time to wait for kubeadm to validate the API server identity + for a joining node. + If not set, it defaults to 5m (300s). + format: int32 + minimum: 0 + type: integer + etcdAPICallSeconds: + description: |- + etcdAPICallSeconds is the amount of time to wait for the kubeadm etcd client to complete a request to + the etcd cluster. + If not set, it defaults to 2m (120s). + format: int32 + minimum: 0 + type: integer + kubeletHealthCheckSeconds: + description: |- + kubeletHealthCheckSeconds is the amount of time to wait for the kubelet to be healthy + during "kubeadm init" and "kubeadm join". + If not set, it defaults to 4m (240s). + format: int32 + minimum: 0 + type: integer + kubernetesAPICallSeconds: + description: |- + kubernetesAPICallSeconds is the amount of time to wait for the kubeadm client to complete a request to + the API server. This applies to all types of methods (GET, POST, etc). + If not set, it defaults to 1m (60s). + format: int32 + minimum: 0 + type: integer + tlsBootstrapSeconds: + description: |- + tlsBootstrapSeconds is the amount of time to wait for the kubelet to complete TLS bootstrap + for a joining node. + If not set, it defaults to 5m (300s). + format: int32 + minimum: 0 + type: integer + type: object + type: object + mounts: + description: mounts specifies a list of mount points to be setup. + items: + description: MountPoints defines input for generated mounts + in cloud-init. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + ntp: + description: ntp specifies NTP configuration + minProperties: 1 + properties: + enabled: + description: enabled specifies whether NTP should be enabled + type: boolean + servers: + description: servers specifies which NTP servers to use + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 100 + type: array + x-kubernetes-list-type: atomic + type: object + postKubeadmCommands: + description: |- + postKubeadmCommands specifies extra commands to run after kubeadm runs. + With cloud-init, this is appended to the runcmd module configuration, and is typically executed in + the cloud-final.service systemd unit. In Ignition, this is appended to /etc/kubeadm.sh. + items: + maxLength: 10240 + minLength: 1 + type: string + maxItems: 1000 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + preKubeadmCommands: + description: |- + preKubeadmCommands specifies extra commands to run before kubeadm runs. + With cloud-init, this is prepended to the runcmd module configuration, and is typically executed in + the cloud-final.service systemd unit. In Ignition, this is prepended to /etc/kubeadm.sh. + items: + maxLength: 10240 + minLength: 1 + type: string + maxItems: 1000 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + users: + description: users specifies extra users to add + items: + description: User defines the input for a generated user in + cloud-init. + properties: + gecos: + description: gecos specifies the gecos to use for the user + maxLength: 256 + minLength: 1 + type: string + groups: + description: groups specifies the additional groups for + the user + maxLength: 256 + minLength: 1 + type: string + homeDir: + description: homeDir specifies the home directory to use + for the user + maxLength: 256 + minLength: 1 + type: string + inactive: + description: inactive specifies whether to mark the user + as inactive + type: boolean + lockPassword: + description: lockPassword specifies if password login should + be disabled + type: boolean + name: + description: name specifies the user name + maxLength: 256 + minLength: 1 + type: string + passwd: + description: passwd specifies a hashed password for the + user + maxLength: 256 + minLength: 1 + type: string + passwdFrom: + description: passwdFrom is a referenced source of passwd + to populate the passwd. + properties: + secret: + description: secret represents a secret that should + populate this password. + properties: + key: + description: key is the key in the secret's data + map for this value. + maxLength: 256 + minLength: 1 + type: string + name: + description: name of the secret in the KubeadmBootstrapConfig's + namespace to use. + maxLength: 253 + minLength: 1 + type: string + required: + - key + - name + type: object + required: + - secret + type: object + primaryGroup: + description: primaryGroup specifies the primary group for + the user + maxLength: 256 + minLength: 1 + type: string + shell: + description: shell specifies the user's shell + maxLength: 256 + minLength: 1 + type: string + sshAuthorizedKeys: + description: sshAuthorizedKeys specifies a list of ssh authorized + keys for the user + items: + maxLength: 2048 + minLength: 1 + type: string + maxItems: 100 + type: array + x-kubernetes-list-type: atomic + sudo: + description: sudo specifies a sudo role for the user + maxLength: 256 + minLength: 1 + type: string + required: + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + verbosity: + description: |- + verbosity is the number for the kubeadm log level verbosity. + It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + machineNaming: + description: |- + machineNaming allows changing the naming pattern used when creating Machines. + InfraMachines & KubeadmConfigs will use the same name as the corresponding Machines. + minProperties: 1 + properties: + template: + description: |- + template defines the template to use for generating the names of the Machine objects. + If not defined, it will fallback to `{{ .kubeadmControlPlane.name }}-{{ .random }}`. + If the generated name string exceeds 63 characters, it will be trimmed to 58 characters and will + get concatenated with a random suffix of length 5. + Length of the template string must not exceed 256 characters. + The template allows the following variables `.cluster.name`, `.kubeadmControlPlane.name` and `.random`. + The variable `.cluster.name` retrieves the name of the cluster object that owns the Machines being created. + The variable `.kubeadmControlPlane.name` retrieves the name of the KubeadmControlPlane object that owns the Machines being created. + The variable `.random` is substituted with random alphanumeric string, without vowels, of length 5. This variable is required + part of the template. If not provided, validation will fail. + maxLength: 256 + minLength: 1 + type: string + type: object + machineTemplate: + description: |- + machineTemplate contains information about how machines + should be shaped when creating or updating a control plane. + properties: + metadata: + description: |- + metadata is the standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + minProperties: 1 + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + spec defines the spec for Machines + in a KubeadmControlPlane object. + properties: + deletion: + description: deletion contains configuration options for Machine + deletion. + minProperties: 1 + properties: + nodeDeletionTimeoutSeconds: + description: |- + nodeDeletionTimeoutSeconds defines how long the machine controller will attempt to delete the Node that the Machine + hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. + If no value is provided, the default value for this property of the Machine resource will be used. + format: int32 + minimum: 0 + type: integer + nodeDrainTimeoutSeconds: + description: |- + nodeDrainTimeoutSeconds is the total amount of time that the controller will spend on draining a controlplane node + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: nodeDrainTimeoutSeconds is different from `kubectl drain --timeout` + format: int32 + minimum: 0 + type: integer + nodeVolumeDetachTimeoutSeconds: + description: |- + nodeVolumeDetachTimeoutSeconds is the total amount of time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + format: int32 + minimum: 0 + type: integer + type: object + infrastructureRef: + description: |- + infrastructureRef is a required reference to a custom resource + offered by an infrastructure provider. + properties: + apiGroup: + description: |- + apiGroup is the group of the resource being referenced. + apiGroup must be fully qualified domain name. + The corresponding version for this reference will be looked up from the contract + labels of the corresponding CRD of the resource being referenced. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: |- + kind of the resource being referenced. + kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: |- + name of the resource being referenced. + name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - apiGroup + - kind + - name + type: object + readinessGates: + description: |- + readinessGates specifies additional conditions to include when evaluating Machine Ready condition; + KubeadmControlPlane will always add readinessGates for the condition it is setting on the Machine: + APIServerPodHealthy, SchedulerPodHealthy, ControllerManagerPodHealthy, and if etcd is managed by CKP also + EtcdPodHealthy, EtcdMemberHealthy. + + This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready + computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine. + items: + description: MachineReadinessGate contains the type of a + Machine condition to be used as a readiness gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Machine's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this readinessGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map + required: + - infrastructureRef + type: object + required: + - spec + type: object + remediation: + description: remediation controls how unhealthy Machines are remediated. + minProperties: 1 + properties: + maxRetry: + description: "maxRetry is the Max number of retries while attempting + to remediate an unhealthy machine.\nA retry happens when a machine + that was created as a replacement for an unhealthy machine also + fails.\nFor example, given a control plane with three machines + M1, M2, M3:\n\n\tM1 become unhealthy; remediation happens, and + M1-1 is created as a replacement.\n\tIf M1-1 (replacement of + M1) has problems while bootstrapping it will become unhealthy, + and then be\n\tremediated; such operation is considered a retry, + remediation-retry #1.\n\tIf M1-2 (replacement of M1-1) becomes + unhealthy, remediation-retry #2 will happen, etc.\n\nA retry + could happen only after retryPeriodSeconds from the previous + retry.\nIf a machine is marked as unhealthy after minHealthyPeriodSeconds + from the previous remediation expired,\nthis is not considered + a retry anymore because the new issue is assumed unrelated from + the previous one.\n\nIf not set, the remedation will be retried + infinitely." + format: int32 + type: integer + minHealthyPeriodSeconds: + description: "minHealthyPeriodSeconds defines the duration after + which KCP will consider any failure to a machine unrelated\nfrom + the previous one. In this case the remediation is not considered + a retry anymore, and thus the retry\ncounter restarts from 0. + For example, assuming minHealthyPeriodSeconds is set to 1h (default)\n\n\tM1 + become unhealthy; remediation happens, and M1-1 is created as + a replacement.\n\tIf M1-1 (replacement of M1) has problems within + the 1hr after the creation, also\n\tthis machine will be remediated + and this operation is considered a retry - a problem related\n\tto + the original issue happened to M1 -.\n\n\tIf instead the problem + on M1-1 is happening after minHealthyPeriodSeconds expired, + e.g. four days after\n\tm1-1 has been created as a remediation + of M1, the problem on M1-1 is considered unrelated to\n\tthe + original issue happened to M1.\n\nIf not set, this value is + defaulted to 1h." + format: int32 + minimum: 0 + type: integer + retryPeriodSeconds: + description: |- + retryPeriodSeconds is the duration that KCP should wait before remediating a machine being created as a replacement + for an unhealthy machine (a retry). + + If not set, a retry will happen immediately. + format: int32 + minimum: 0 + type: integer + type: object + replicas: + description: |- + replicas is the number of desired machines. Defaults to 1. When stacked etcd is used only + odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). + This is a pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + rollout: + description: |- + rollout allows you to configure the behaviour of rolling updates to the control plane Machines. + It allows you to require that all Machines are replaced before or after a certain time, + and allows you to define the strategy used during rolling replacements. + minProperties: 1 + properties: + after: + description: |- + after is a field to indicate a rollout should be performed + after the specified time even if no changes have been made to the + KubeadmControlPlane. + Example: In the YAML the time can be specified in the RFC3339 format. + To specify the rolloutAfter target as March 9, 2023, at 9 am UTC + use "2023-03-09T09:00:00Z". + format: date-time + type: string + before: + description: |- + before is a field to indicate a rollout should be performed + if the specified criteria is met. + minProperties: 1 + properties: + certificatesExpiryDays: + description: |- + certificatesExpiryDays indicates a rollout needs to be performed if the + certificates of the machine will expire within the specified days. + The minimum for this field is 7. + format: int32 + minimum: 7 + type: integer + type: object + strategy: + description: strategy specifies how to roll out control plane + Machines. + minProperties: 1 + properties: + rollingUpdate: + description: |- + rollingUpdate is the rolling update config params. Present only if + type = RollingUpdate. + minProperties: 1 + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + maxSurge is the maximum number of control planes that can be scheduled above or under the + desired number of control planes. + Value can be an absolute number 1 or 0. + Defaults to 1. + Example: when this is set to 1, the control plane can be scaled + up immediately when the rolling update starts. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + type of rollout. Currently the only supported strategy is + "RollingUpdate". + Default is RollingUpdate. + enum: + - RollingUpdate + type: string + required: + - type + type: object + type: object + version: + description: |- + version defines the desired Kubernetes version. + Please note that if kubeadmConfigSpec.ClusterConfiguration.imageRepository is not set + we don't allow upgrades to versions >= v1.22.0 for which kubeadm uses the old registry (k8s.gcr.io). + Please use a newer patch version with the new registry instead. The default registries of kubeadm are: + * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 + * k8s.gcr.io (old registry): all older versions + maxLength: 256 + minLength: 1 + type: string + required: + - machineTemplate + - version + type: object + status: + description: status is the observed state of KubeadmControlPlane. + minProperties: 1 + properties: + availableReplicas: + description: availableReplicas is the number of available replicas + targeted by this KubeadmControlPlane. A machine is considered available + when Machine's Available condition is true. + format: int32 + type: integer + conditions: + description: |- + conditions represents the observations of a KubeadmControlPlane's current state. + Known condition types are Available, CertificatesAvailable, EtcdClusterAvailable, MachinesReady, MachinesUpToDate, + ScalingUp, ScalingDown, Remediating, Deleting, Paused. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + deprecated: + description: deprecated groups all the status fields that are deprecated + and will be removed when all the nested field are removed. + properties: + v1beta1: + description: v1beta1 groups all the status fields that are deprecated + and will be removed when support for v1beta1 will be dropped. + properties: + conditions: + description: |- + conditions defines current service state of the KubeadmControlPlane. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + items: + description: Condition defines an observation of a Cluster + API resource operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, + Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: |- + failureMessage indicates that there is a terminal problem reconciling the + state, and will be set to a descriptive error message. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + maxLength: 10240 + minLength: 1 + type: string + failureReason: + description: |- + failureReason indicates that there is a terminal problem reconciling the + state, and will be set to a token value suitable for + programmatic interpretation. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + type: string + readyReplicas: + description: |- + readyReplicas is the total number of fully running and ready control plane machines. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + format: int32 + type: integer + unavailableReplicas: + description: |- + unavailableReplicas is the total number of unavailable machines targeted by this control plane. + This is the total number of machines that are still required for + the deployment to have 100% available capacity. They may either + be machines that are running but not yet ready or machines + that still have not been created. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + format: int32 + type: integer + updatedReplicas: + description: |- + updatedReplicas is the total number of non-terminated machines targeted by this control plane + that have the desired template spec. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + format: int32 + type: integer + type: object + type: object + initialization: + description: |- + initialization provides observations of the KubeadmControlPlane initialization process. + NOTE: Fields in this struct are part of the Cluster API contract and are used to orchestrate initial Machine provisioning. + minProperties: 1 + properties: + controlPlaneInitialized: + description: |- + controlPlaneInitialized is true when the KubeadmControlPlane provider reports that the Kubernetes control plane is initialized; + A control plane is considered initialized when it can accept requests, no matter if this happens before + the control plane is fully provisioned or not. + NOTE: this field is part of the Cluster API contract, and it is used to orchestrate initial Machine provisioning. + type: boolean + type: object + lastRemediation: + description: lastRemediation stores info about last remediation performed. + properties: + machine: + description: machine is the machine name of the latest machine + being remediated. + maxLength: 253 + minLength: 1 + type: string + retryCount: + description: |- + retryCount used to keep track of remediation retry for the last remediated machine. + A retry happens when a machine that was created as a replacement for an unhealthy machine also fails. + format: int32 + minimum: 0 + type: integer + time: + description: time is when last remediation happened. It is represented + in RFC3339 form and is in UTC. + format: date-time + type: string + required: + - machine + - retryCount + - time + type: object + observedGeneration: + description: observedGeneration is the latest generation observed + by the controller. + format: int64 + minimum: 1 + type: integer + readyReplicas: + description: readyReplicas is the number of ready replicas for this + KubeadmControlPlane. A machine is considered ready when Machine's + Ready condition is true. + format: int32 + type: integer + replicas: + description: |- + replicas is the total number of non-terminated machines targeted by this control plane + (their labels match the selector). + format: int32 + type: integer + selector: + description: |- + selector is the label selector in string format to avoid introspection + by clients, and is used to provide the CRD-based integration for the + scale subresource and additional integrations for things like kubectl + describe.. The string will be in the same format as the query-param syntax. + More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors + maxLength: 4096 + minLength: 1 + type: string + upToDateReplicas: + description: upToDateReplicas is the number of up-to-date replicas + targeted by this KubeadmControlPlane. A machine is considered up-to-date + when Machine's UpToDate condition is true. + format: int32 + type: integer + version: + description: |- + version represents the minimum Kubernetes version for the control plane machines + in the cluster. + maxLength: 256 + minLength: 1 + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert + controller-gen.kubebuilder.io/version: v0.18.0 + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + cluster.x-k8s.io/v1beta1: v1beta1 + cluster.x-k8s.io/v1beta2: v1beta2 + name: kubeadmcontrolplanetemplates.controlplane.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: controlplane.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: KubeadmControlPlaneTemplate + listKind: KubeadmControlPlaneTemplateList + plural: kubeadmcontrolplanetemplates + singular: kubeadmcontrolplanetemplate + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of KubeadmControlPlaneTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1beta1 + schema: + openAPIV3Schema: + description: KubeadmControlPlaneTemplate is the Schema for the kubeadmcontrolplanetemplates + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the desired state of KubeadmControlPlaneTemplate. + properties: + template: + description: template defines the desired state of KubeadmControlPlaneTemplate. + properties: + metadata: + description: |- + metadata is the standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: spec is the desired state of KubeadmControlPlaneTemplateResource. + properties: + kubeadmConfigSpec: + description: |- + kubeadmConfigSpec is a KubeadmConfigSpec + to use for initializing and joining machines to the control plane. + properties: + bootCommands: + description: |- + bootCommands specifies extra commands to run very early in the boot process via the cloud-init bootcmd + module. bootcmd will run on every boot, 'cloud-init-per' command can be used to make bootcmd run exactly + once. This is typically run in the cloud-init.service systemd unit. This has no effect in Ignition. + items: + maxLength: 10240 + minLength: 1 + type: string + maxItems: 1000 + type: array + clusterConfiguration: + description: clusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: apiServer contains extra settings for + the API server control plane component + properties: + certSANs: + description: certSANs sets extra Subject Alternative + Names for the API Server signing cert. + items: + maxLength: 253 + minLength: 1 + type: string + maxItems: 100 + type: array + extraArgs: + additionalProperties: + type: string + description: extraArgs is an extra set of flags + to pass to the control plane component. + type: object + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to the control plane component. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + type: array + extraVolumes: + description: extraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: |- + HostPathMount contains elements describing volumes that are mounted from the + host. + properties: + hostPath: + description: |- + hostPath is the path in the host that will be mounted inside + the pod. + maxLength: 512 + minLength: 1 + type: string + mountPath: + description: mountPath is the path inside + the pod where hostPath will be mounted. + maxLength: 512 + minLength: 1 + type: string + name: + description: name of the volume inside the + pod template. + maxLength: 512 + minLength: 1 + type: string + pathType: + description: pathType is the type of the + HostPath. + type: string + readOnly: + description: readOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + maxItems: 100 + type: array + timeoutForControlPlane: + description: timeoutForControlPlane controls the + timeout that we use for API server to appear + type: string + type: object + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + certificatesDir: + description: |- + certificatesDir specifies where to store or look for all required certificates. + NB: if not provided, this will default to `/etc/kubernetes/pki` + maxLength: 512 + minLength: 1 + type: string + clusterName: + description: clusterName is the cluster name + maxLength: 63 + minLength: 1 + type: string + controlPlaneEndpoint: + description: |- + controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it + can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. + In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort + are used; in case the ControlPlaneEndpoint is specified but without a TCP port, + the BindPort is used. + Possible usages are: + e.g. In a cluster with more than one control plane instances, this field should be + assigned the address of the external load balancer in front of the + control plane instances. + e.g. in environments with enforced node recycling, the ControlPlaneEndpoint + could be used for assigning a stable DNS to the control plane. + NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. + maxLength: 512 + minLength: 1 + type: string + controllerManager: + description: controllerManager contains extra settings + for the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: extraArgs is an extra set of flags + to pass to the control plane component. + type: object + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to the control plane component. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + type: array + extraVolumes: + description: extraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: |- + HostPathMount contains elements describing volumes that are mounted from the + host. + properties: + hostPath: + description: |- + hostPath is the path in the host that will be mounted inside + the pod. + maxLength: 512 + minLength: 1 + type: string + mountPath: + description: mountPath is the path inside + the pod where hostPath will be mounted. + maxLength: 512 + minLength: 1 + type: string + name: + description: name of the volume inside the + pod template. + maxLength: 512 + minLength: 1 + type: string + pathType: + description: pathType is the type of the + HostPath. + type: string + readOnly: + description: readOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + maxItems: 100 + type: array + type: object + dns: + description: dns defines the options for the DNS add-on + installed in the cluster. + properties: + imageRepository: + description: |- + imageRepository sets the container registry to pull images from. + if not set, the ImageRepository defined in ClusterConfiguration will be used instead. + maxLength: 512 + minLength: 1 + type: string + imageTag: + description: |- + imageTag allows to specify a tag for the image. + In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. + maxLength: 256 + minLength: 1 + type: string + type: object + etcd: + description: |- + etcd holds configuration for etcd. + NB: This value defaults to a Local (stacked) etcd + properties: + external: + description: |- + external describes how to connect to an external etcd cluster + Local and External are mutually exclusive + properties: + caFile: + description: |- + caFile is an SSL Certificate Authority file used to secure etcd communication. + Required if using a TLS connection. + maxLength: 512 + minLength: 1 + type: string + certFile: + description: |- + certFile is an SSL certification file used to secure etcd communication. + Required if using a TLS connection. + maxLength: 512 + minLength: 1 + type: string + endpoints: + description: endpoints of etcd members. Required + for ExternalEtcd. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 50 + type: array + keyFile: + description: |- + keyFile is an SSL key file used to secure etcd communication. + Required if using a TLS connection. + maxLength: 512 + minLength: 1 + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: |- + local provides configuration knobs for configuring the local etcd instance + Local and External are mutually exclusive + properties: + dataDir: + description: |- + dataDir is the directory etcd will place its data. + Defaults to "/var/lib/etcd". + maxLength: 512 + minLength: 1 + type: string + extraArgs: + additionalProperties: + type: string + description: |- + extraArgs are extra arguments provided to the etcd binary + when run inside a static pod. + type: object + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to the control plane component. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment + variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if + value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a + ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the + schema the FieldPath is written + in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a + secret in the pod's namespace + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + type: array + imageRepository: + description: |- + imageRepository sets the container registry to pull images from. + if not set, the ImageRepository defined in ClusterConfiguration will be used instead. + maxLength: 512 + minLength: 1 + type: string + imageTag: + description: |- + imageTag allows to specify a tag for the image. + In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. + maxLength: 256 + minLength: 1 + type: string + peerCertSANs: + description: peerCertSANs sets extra Subject + Alternative Names for the etcd peer signing + cert. + items: + maxLength: 253 + minLength: 1 + type: string + maxItems: 100 + type: array + serverCertSANs: + description: serverCertSANs sets extra Subject + Alternative Names for the etcd server signing + cert. + items: + maxLength: 253 + minLength: 1 + type: string + maxItems: 100 + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: featureGates enabled by the user. + type: object + imageRepository: + description: |- + imageRepository sets the container registry to pull images from. + * If not set, the default registry of kubeadm will be used, i.e. + * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 + * k8s.gcr.io (old registry): all older versions + Please note that when imageRepository is not set we don't allow upgrades to + versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use + a newer patch version with the new registry instead (i.e. >= v1.22.17, + >= v1.23.15, >= v1.24.9, >= v1.25.0). + * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) + `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components + and for kube-proxy, while `registry.k8s.io` will be used for all the other images. + maxLength: 512 + minLength: 1 + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + kubernetesVersion: + description: |- + kubernetesVersion is the target version of the control plane. + NB: This value defaults to the Machine object spec.version + maxLength: 256 + minLength: 1 + type: string + networking: + description: |- + networking holds configuration for the networking topology of the cluster. + NB: This value defaults to the Cluster object spec.clusterNetwork. + properties: + dnsDomain: + description: dnsDomain is the dns domain used + by k8s services. Defaults to "cluster.local". + maxLength: 253 + minLength: 1 + type: string + podSubnet: + description: |- + podSubnet is the subnet used by pods. + If unset, the API server will not allocate CIDR ranges for every node. + Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set + maxLength: 1024 + minLength: 1 + type: string + serviceSubnet: + description: |- + serviceSubnet is the subnet used by k8s services. + Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or + to "10.96.0.0/12" if that's unset. + maxLength: 1024 + minLength: 1 + type: string + type: object + scheduler: + description: scheduler contains extra settings for + the scheduler control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: extraArgs is an extra set of flags + to pass to the control plane component. + type: object + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to the control plane component. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + type: array + extraVolumes: + description: extraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: |- + HostPathMount contains elements describing volumes that are mounted from the + host. + properties: + hostPath: + description: |- + hostPath is the path in the host that will be mounted inside + the pod. + maxLength: 512 + minLength: 1 + type: string + mountPath: + description: mountPath is the path inside + the pod where hostPath will be mounted. + maxLength: 512 + minLength: 1 + type: string + name: + description: name of the volume inside the + pod template. + maxLength: 512 + minLength: 1 + type: string + pathType: + description: pathType is the type of the + HostPath. + type: string + readOnly: + description: readOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + maxItems: 100 + type: array + type: object + type: object + diskSetup: + description: diskSetup specifies options for the creation + of partition tables and file systems on devices. + properties: + filesystems: + description: filesystems specifies the list of file + systems to setup. + items: + description: Filesystem defines the file systems + to be created. + properties: + device: + description: device specifies the device name + maxLength: 256 + minLength: 1 + type: string + extraOpts: + description: extraOpts defined extra options + to add to the command for creating the file + system. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + type: array + filesystem: + description: filesystem specifies the file system + type. + maxLength: 128 + minLength: 1 + type: string + label: + description: label specifies the file system + label to be used. If set to None, no label + is used. + maxLength: 512 + minLength: 1 + type: string + overwrite: + description: |- + overwrite defines whether or not to overwrite any existing filesystem. + If true, any pre-existing file system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'partition specifies the partition + to use. The valid options are: "auto|any", + "auto", "any", "none", and , where NUM + is the actual partition number.' + maxLength: 128 + minLength: 1 + type: string + replaceFS: + description: |- + replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . + NOTE: unless you define a label, this requires the use of the 'any' partition directive. + maxLength: 128 + minLength: 1 + type: string + required: + - device + - filesystem + type: object + maxItems: 100 + type: array + partitions: + description: partitions specifies the list of the + partitions to setup. + items: + description: Partition defines how to create and + layout a partition. + properties: + device: + description: device is the name of the device. + maxLength: 256 + minLength: 1 + type: string + layout: + description: |- + layout specifies the device layout. + If it is true, a single partition will be created for the entire device. + When layout is false, it means don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: |- + overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. + Use with caution. Default is 'false'. + type: boolean + tableType: + description: |- + tableType specifies the tupe of partition table. The following are supported: + 'mbr': default and setups a MS-DOS partition table + 'gpt': setups a GPT partition table + enum: + - mbr + - gpt + type: string + required: + - device + - layout + type: object + maxItems: 100 + type: array + type: object + files: + description: files specifies extra files to be passed + to user_data upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + append: + description: append specifies whether to append + Content to existing file if Path exists. + type: boolean + content: + description: content is the actual content of the + file. + maxLength: 10240 + minLength: 1 + type: string + contentFrom: + description: contentFrom is a referenced source + of content to populate the file. + properties: + secret: + description: secret represents a secret that + should populate this file. + properties: + key: + description: key is the key in the secret's + data map for this value. + maxLength: 256 + minLength: 1 + type: string + name: + description: name of the secret in the KubeadmBootstrapConfig's + namespace to use. + maxLength: 253 + minLength: 1 + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: encoding specifies the encoding of + the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: owner specifies the ownership of the + file, e.g. "root:root". + maxLength: 256 + minLength: 1 + type: string + path: + description: path specifies the full path on disk + where to store the file. + maxLength: 512 + minLength: 1 + type: string + permissions: + description: permissions specifies the permissions + to assign to the file, e.g. "0640". + maxLength: 16 + minLength: 1 + type: string + required: + - path + type: object + maxItems: 200 + type: array + format: + description: format specifies the output format of the + bootstrap data + enum: + - cloud-config + - ignition + type: string + ignition: + description: ignition contains Ignition specific configuration. + properties: + containerLinuxConfig: + description: containerLinuxConfig contains CLC specific + configuration. + properties: + additionalConfig: + description: |- + additionalConfig contains additional configuration to be merged with the Ignition + configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging + + The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + maxLength: 32768 + minLength: 1 + type: string + strict: + description: strict controls if AdditionalConfig + should be strictly parsed. If so, warnings are + treated as errors. + type: boolean + type: object + type: object + initConfiguration: + description: initConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + bootstrapTokens: + description: |- + bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. + This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap + token, stored as a Secret in the cluster. + properties: + description: + description: |- + description sets a human-friendly message why this token exists and what it's used + for, so other administrators can know its purpose. + maxLength: 512 + minLength: 1 + type: string + expires: + description: |- + expires specifies the timestamp when this token expires. Defaults to being set + dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. + format: date-time + type: string + groups: + description: |- + groups specifies the extra groups that this token will authenticate as when/if + used for authentication + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + type: array + token: + description: |- + token is used for establishing bidirectional trust between nodes and control-planes. + Used for joining nodes in the cluster. + type: string + ttl: + description: |- + ttl defines the time to live for this token. Defaults to 24h. + Expires and TTL are mutually exclusive. + type: string + usages: + description: |- + usages describes the ways in which this token can be used. Can by default be used + for establishing bidirectional trust, but that can be changed here. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + type: array + required: + - token + type: object + maxItems: 100 + type: array + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + localAPIEndpoint: + description: |- + localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node + In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint + is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This + configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible + on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process + fails you may set the desired value here. + properties: + advertiseAddress: + description: advertiseAddress sets the IP address + for the API server to advertise. + maxLength: 39 + minLength: 1 + type: string + bindPort: + description: |- + bindPort sets the secure port for the API Server to bind to. + Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: |- + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: criSocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + maxLength: 512 + minLength: 1 + type: string + ignorePreflightErrors: + description: ignorePreflightErrors provides a + slice of pre-flight errors to be ignored when + the current node is registered. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 50 + type: array + imagePullPolicy: + description: |- + imagePullPolicy specifies the policy for image pulling + during kubeadm "init" and "join" operations. The value of + this field must be one of "Always", "IfNotPresent" or + "Never". Defaults to "IfNotPresent". This can be used only + with Kubernetes version equal to 1.22 and later. + enum: + - Always + - IfNotPresent + - Never + type: string + imagePullSerial: + description: |- + imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. + This option takes effect only on Kubernetes >=1.31.0. + Default: true (defaulted in kubeadm) + type: boolean + kubeletExtraArgs: + additionalProperties: + type: string + description: |- + kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file + kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. + type: object + name: + description: |- + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field of the kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + maxLength: 253 + minLength: 1 + type: string + taints: + description: |- + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an + empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. + items: + description: |- + The node this Taint is attached to has the "effect" on + any pod that does not tolerate the Taint. + properties: + effect: + description: |- + Required. The effect of the taint on pods + that do not tolerate the taint. + Valid effects are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to + be applied to a node. + type: string + timeAdded: + description: |- + TimeAdded represents the time at which the taint was added. + It is only written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding + to the taint key. + type: string + required: + - effect + - key + type: object + maxItems: 100 + type: array + type: object + patches: + description: |- + patches contains options related to applying patches to components deployed by kubeadm during + "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22 + properties: + directory: + description: |- + directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of + "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one + of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. + The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". + "suffix" is an optional string that can be used to determine which patches are applied + first alpha-numerically. + These files can be written into the target directory via KubeadmConfig.Files which + specifies additional files to be created on the machine, either with content inline or + by referencing a secret. + maxLength: 512 + minLength: 1 + type: string + type: object + skipPhases: + description: |- + skipPhases is a list of phases to skip during command execution. + The list of phases can be obtained with the "kubeadm init --help" command. + This option takes effect only on Kubernetes >=1.22.0. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 50 + type: array + type: object + joinConfiguration: + description: joinConfiguration is the kubeadm configuration + for the join command + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + caCertPath: + description: |- + caCertPath is the path to the SSL certificate authority used to + secure comunications between node and control-plane. + Defaults to "/etc/kubernetes/pki/ca.crt". + maxLength: 512 + minLength: 1 + type: string + controlPlane: + description: |- + controlPlane defines the additional control plane instance to be deployed on the joining node. + If nil, no additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: localAPIEndpoint represents the endpoint + of the API server instance to be deployed on + this node. + properties: + advertiseAddress: + description: advertiseAddress sets the IP + address for the API server to advertise. + maxLength: 39 + minLength: 1 + type: string + bindPort: + description: |- + bindPort sets the secure port for the API Server to bind to. + Defaults to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: discovery specifies the options for the + kubelet to use during the TLS Bootstrap process + properties: + bootstrapToken: + description: |- + bootstrapToken is used to set the options for bootstrap token based discovery + BootstrapToken and File are mutually exclusive + properties: + apiServerEndpoint: + description: apiServerEndpoint is an IP or + domain name to the API server from which + info will be fetched. + maxLength: 512 + minLength: 1 + type: string + caCertHashes: + description: |- + caCertHashes specifies a set of public key pins to verify + when token-based discovery is used. The root CA found during discovery + must match one of these values. Specifying an empty set disables root CA + pinning, which can be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". This is a hex-encoded + SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded + ASN.1. These hashes can be calculated using, for example, OpenSSL: + openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 100 + type: array + token: + description: |- + token is a token used to validate cluster information + fetched from the control-plane. + maxLength: 512 + minLength: 1 + type: string + unsafeSkipCAVerification: + description: |- + unsafeSkipCAVerification allows token-based discovery + without CA verification via CACertHashes. This can weaken + the security of kubeadm since other nodes can impersonate the control-plane. + type: boolean + type: object + file: + description: |- + file is used to specify a file or URL to a kubeconfig file from which to load cluster information + BootstrapToken and File are mutually exclusive + properties: + kubeConfig: + description: |- + kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information. + The file is generated at the path specified in KubeConfigPath. + + Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint. + Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret. + properties: + cluster: + description: |- + cluster contains information about how to communicate with the kubernetes cluster. + + By default the following fields are automatically populated: + - Server with the Cluster's ControlPlaneEndpoint. + - CertificateAuthorityData with the Cluster's CA certificate. + properties: + certificateAuthorityData: + description: |- + certificateAuthorityData contains PEM-encoded certificate authority certificates. + + Defaults to the Cluster's CA certificate if empty. + format: byte + maxLength: 51200 + minLength: 1 + type: string + insecureSkipTLSVerify: + description: insecureSkipTLSVerify + skips the validity check for the + server's certificate. This will + make your HTTPS connections insecure. + type: boolean + proxyURL: + description: |- + proxyURL is the URL to the proxy to be used for all requests made by this + client. URLs with "http", "https", and "socks5" schemes are supported. If + this configuration is not provided or the empty string, the client + attempts to construct a proxy configuration from http_proxy and + https_proxy environment variables. If these environment variables are not + set, the client does not attempt to proxy requests. + + socks5 proxying does not currently support spdy streaming endpoints (exec, + attach, port forward). + maxLength: 512 + minLength: 1 + type: string + server: + description: |- + server is the address of the kubernetes cluster (https://hostname:port). + + Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint. + maxLength: 512 + minLength: 1 + type: string + tlsServerName: + description: tlsServerName is used + to check server certificate. If + TLSServerName is empty, the hostname + used to contact the server is used. + maxLength: 512 + minLength: 1 + type: string + type: object + user: + description: |- + user contains information that describes identity information. + This is used to tell the kubernetes cluster who you are. + properties: + authProvider: + description: authProvider specifies + a custom authentication plugin for + the kubernetes cluster. + properties: + config: + additionalProperties: + type: string + description: config holds the + parameters for the authentication + plugin. + type: object + name: + description: name is the name + of the authentication plugin. + maxLength: 256 + minLength: 1 + type: string + required: + - name + type: object + exec: + description: exec specifies a custom + exec-based authentication plugin + for the kubernetes cluster. + properties: + apiVersion: + description: |- + apiVersion is preferred input version of the ExecInfo. The returned ExecCredentials MUST use + the same encoding version as the input. + Defaults to client.authentication.k8s.io/v1 if not set. + maxLength: 512 + minLength: 1 + type: string + args: + description: args is the arguments + to pass to the command when + executing it. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 100 + type: array + command: + description: command to execute. + maxLength: 1024 + minLength: 1 + type: string + env: + description: |- + env defines additional environment variables to expose to the process. These + are unioned with the host's environment, as well as variables client-go uses + to pass argument to the plugin. + items: + description: |- + KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based + credential plugin. + properties: + name: + description: name of the + environment variable + maxLength: 512 + minLength: 1 + type: string + value: + description: value of the + environment variable + maxLength: 512 + minLength: 1 + type: string + required: + - name + - value + type: object + maxItems: 100 + type: array + provideClusterInfo: + description: |- + provideClusterInfo determines whether or not to provide cluster information, + which could potentially contain very large CA data, to this exec plugin as a + part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set + to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for + reading this environment variable. + type: boolean + required: + - command + type: object + type: object + required: + - user + type: object + kubeConfigPath: + description: kubeConfigPath is used to specify + the actual file path or URL to the kubeconfig + file from which to load cluster information + maxLength: 512 + minLength: 1 + type: string + required: + - kubeConfigPath + type: object + timeout: + description: timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: |- + tlsBootstrapToken is a token used for TLS bootstrapping. + If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. + If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information + maxLength: 512 + minLength: 1 + type: string + type: object + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + nodeRegistration: + description: |- + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: criSocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + maxLength: 512 + minLength: 1 + type: string + ignorePreflightErrors: + description: ignorePreflightErrors provides a + slice of pre-flight errors to be ignored when + the current node is registered. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 50 + type: array + imagePullPolicy: + description: |- + imagePullPolicy specifies the policy for image pulling + during kubeadm "init" and "join" operations. The value of + this field must be one of "Always", "IfNotPresent" or + "Never". Defaults to "IfNotPresent". This can be used only + with Kubernetes version equal to 1.22 and later. + enum: + - Always + - IfNotPresent + - Never + type: string + imagePullSerial: + description: |- + imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. + This option takes effect only on Kubernetes >=1.31.0. + Default: true (defaulted in kubeadm) + type: boolean + kubeletExtraArgs: + additionalProperties: + type: string + description: |- + kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file + kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. + type: object + name: + description: |- + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field of the kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + maxLength: 253 + minLength: 1 + type: string + taints: + description: |- + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an + empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. + items: + description: |- + The node this Taint is attached to has the "effect" on + any pod that does not tolerate the Taint. + properties: + effect: + description: |- + Required. The effect of the taint on pods + that do not tolerate the taint. + Valid effects are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to + be applied to a node. + type: string + timeAdded: + description: |- + TimeAdded represents the time at which the taint was added. + It is only written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding + to the taint key. + type: string + required: + - effect + - key + type: object + maxItems: 100 + type: array + type: object + patches: + description: |- + patches contains options related to applying patches to components deployed by kubeadm during + "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22 + properties: + directory: + description: |- + directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of + "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one + of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. + The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". + "suffix" is an optional string that can be used to determine which patches are applied + first alpha-numerically. + These files can be written into the target directory via KubeadmConfig.Files which + specifies additional files to be created on the machine, either with content inline or + by referencing a secret. + maxLength: 512 + minLength: 1 + type: string + type: object + skipPhases: + description: |- + skipPhases is a list of phases to skip during command execution. + The list of phases can be obtained with the "kubeadm init --help" command. + This option takes effect only on Kubernetes >=1.22.0. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 50 + type: array + type: object + mounts: + description: mounts specifies a list of mount points to + be setup. + items: + description: MountPoints defines input for generated + mounts in cloud-init. + items: + maxLength: 512 + minLength: 1 + type: string + type: array + maxItems: 100 + type: array + ntp: + description: ntp specifies NTP configuration + properties: + enabled: + description: enabled specifies whether NTP should + be enabled + type: boolean + servers: + description: servers specifies which NTP servers to + use + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 100 + type: array + type: object + postKubeadmCommands: + description: |- + postKubeadmCommands specifies extra commands to run after kubeadm runs. + With cloud-init, this is appended to the runcmd module configuration, and is typically executed in + the cloud-final.service systemd unit. In Ignition, this is appended to /etc/kubeadm.sh. + items: + maxLength: 10240 + minLength: 1 + type: string + maxItems: 1000 + type: array + preKubeadmCommands: + description: |- + preKubeadmCommands specifies extra commands to run before kubeadm runs. + With cloud-init, this is prepended to the runcmd module configuration, and is typically executed in + the cloud-final.service systemd unit. In Ignition, this is prepended to /etc/kubeadm.sh. + items: + maxLength: 10240 + minLength: 1 + type: string + maxItems: 1000 + type: array + useExperimentalRetryJoin: + description: |- + useExperimentalRetryJoin replaces a basic kubeadm command with a shell + script with retries for joins. + + This is meant to be an experimental temporary workaround on some environments + where joins fail due to timing (and other issues). The long term goal is to add retries to + kubeadm proper and use that functionality. + + This will add about 40KB to userdata + + For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. + + Deprecated: This experimental fix is no longer needed and this field will be removed in a future release. + When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml + type: boolean + users: + description: users specifies extra users to add + items: + description: User defines the input for a generated + user in cloud-init. + properties: + gecos: + description: gecos specifies the gecos to use for + the user + maxLength: 256 + minLength: 1 + type: string + groups: + description: groups specifies the additional groups + for the user + maxLength: 256 + minLength: 1 + type: string + homeDir: + description: homeDir specifies the home directory + to use for the user + maxLength: 256 + minLength: 1 + type: string + inactive: + description: inactive specifies whether to mark + the user as inactive + type: boolean + lockPassword: + description: lockPassword specifies if password + login should be disabled + type: boolean + name: + description: name specifies the user name + maxLength: 256 + minLength: 1 + type: string + passwd: + description: passwd specifies a hashed password + for the user + maxLength: 256 + minLength: 1 + type: string + passwdFrom: + description: passwdFrom is a referenced source of + passwd to populate the passwd. + properties: + secret: + description: secret represents a secret that + should populate this password. + properties: + key: + description: key is the key in the secret's + data map for this value. + maxLength: 256 + minLength: 1 + type: string + name: + description: name of the secret in the KubeadmBootstrapConfig's + namespace to use. + maxLength: 253 + minLength: 1 + type: string + required: + - key + - name + type: object + required: + - secret + type: object + primaryGroup: + description: primaryGroup specifies the primary + group for the user + maxLength: 256 + minLength: 1 + type: string + shell: + description: shell specifies the user's shell + maxLength: 256 + minLength: 1 + type: string + sshAuthorizedKeys: + description: sshAuthorizedKeys specifies a list + of ssh authorized keys for the user + items: + maxLength: 2048 + minLength: 1 + type: string + maxItems: 100 + type: array + sudo: + description: sudo specifies a sudo role for the + user + maxLength: 256 + minLength: 1 + type: string + required: + - name + type: object + maxItems: 100 + type: array + verbosity: + description: |- + verbosity is the number for the kubeadm log level verbosity. + It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + machineNamingStrategy: + description: |- + machineNamingStrategy allows changing the naming pattern used when creating Machines. + InfraMachines & KubeadmConfigs will use the same name as the corresponding Machines. + properties: + template: + description: |- + template defines the template to use for generating the names of the Machine objects. + If not defined, it will fallback to `{{ .kubeadmControlPlane.name }}-{{ .random }}`. + If the generated name string exceeds 63 characters, it will be trimmed to 58 characters and will + get concatenated with a random suffix of length 5. + Length of the template string must not exceed 256 characters. + The template allows the following variables `.cluster.name`, `.kubeadmControlPlane.name` and `.random`. + The variable `.cluster.name` retrieves the name of the cluster object that owns the Machines being created. + The variable `.kubeadmControlPlane.name` retrieves the name of the KubeadmControlPlane object that owns the Machines being created. + The variable `.random` is substituted with random alphanumeric string, without vowels, of length 5. This variable is required + part of the template. If not provided, validation will fail. + maxLength: 256 + minLength: 1 + type: string + type: object + machineTemplate: + description: |- + machineTemplate contains information about how machines + should be shaped when creating or updating a control plane. + properties: + metadata: + description: |- + metadata is the standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + nodeDeletionTimeout: + description: |- + nodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine + hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. + If no value is provided, the default value for this property of the Machine resource will be used. + type: string + nodeDrainTimeout: + description: |- + nodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + type: string + nodeVolumeDetachTimeout: + description: |- + nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + type: string + type: object + remediationStrategy: + description: remediationStrategy is the RemediationStrategy + that controls how control plane machine remediation happens. + properties: + maxRetry: + description: "maxRetry is the Max number of retries while + attempting to remediate an unhealthy machine.\nA retry + happens when a machine that was created as a replacement + for an unhealthy machine also fails.\nFor example, given + a control plane with three machines M1, M2, M3:\n\n\tM1 + become unhealthy; remediation happens, and M1-1 is created + as a replacement.\n\tIf M1-1 (replacement of M1) has + problems while bootstrapping it will become unhealthy, + and then be\n\tremediated; such operation is considered + a retry, remediation-retry #1.\n\tIf M1-2 (replacement + of M1-1) becomes unhealthy, remediation-retry #2 will + happen, etc.\n\nA retry could happen only after RetryPeriod + from the previous retry.\nIf a machine is marked as + unhealthy after MinHealthyPeriod from the previous remediation + expired,\nthis is not considered a retry anymore because + the new issue is assumed unrelated from the previous + one.\n\nIf not set, the remedation will be retried infinitely." + format: int32 + type: integer + minHealthyPeriod: + description: "minHealthyPeriod defines the duration after + which KCP will consider any failure to a machine unrelated\nfrom + the previous one. In this case the remediation is not + considered a retry anymore, and thus the retry\ncounter + restarts from 0. For example, assuming MinHealthyPeriod + is set to 1h (default)\n\n\tM1 become unhealthy; remediation + happens, and M1-1 is created as a replacement.\n\tIf + M1-1 (replacement of M1) has problems within the 1hr + after the creation, also\n\tthis machine will be remediated + and this operation is considered a retry - a problem + related\n\tto the original issue happened to M1 -.\n\n\tIf + instead the problem on M1-1 is happening after MinHealthyPeriod + expired, e.g. four days after\n\tm1-1 has been created + as a remediation of M1, the problem on M1-1 is considered + unrelated to\n\tthe original issue happened to M1.\n\nIf + not set, this value is defaulted to 1h." + type: string + retryPeriod: + description: |- + retryPeriod is the duration that KCP should wait before remediating a machine being created as a replacement + for an unhealthy machine (a retry). + + If not set, a retry will happen immediately. + type: string + type: object + rolloutAfter: + description: |- + rolloutAfter is a field to indicate a rollout should be performed + after the specified time even if no changes have been made to the + KubeadmControlPlane. + format: date-time + type: string + rolloutBefore: + description: |- + rolloutBefore is a field to indicate a rollout should be performed + if the specified criteria is met. + properties: + certificatesExpiryDays: + description: |- + certificatesExpiryDays indicates a rollout needs to be performed if the + certificates of the machine will expire within the specified days. + format: int32 + type: integer + type: object + rolloutStrategy: + default: + rollingUpdate: + maxSurge: 1 + type: RollingUpdate + description: |- + rolloutStrategy is the RolloutStrategy to use to replace control plane machines with + new ones. + properties: + rollingUpdate: + description: |- + rollingUpdate is the rolling update config params. Present only if + RolloutStrategyType = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + maxSurge is the maximum number of control planes that can be scheduled above or under the + desired number of control planes. + Value can be an absolute number 1 or 0. + Defaults to 1. + Example: when this is set to 1, the control plane can be scaled + up immediately when the rolling update starts. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + type of rollout. Currently the only supported strategy is + "RollingUpdate". + Default is RollingUpdate. + enum: + - RollingUpdate + type: string + type: object + required: + - kubeadmConfigSpec + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: false + subresources: {} + - additionalPrinterColumns: + - description: Name of the ClusterClass owning this template + jsonPath: .metadata.ownerReferences[?(@.kind=="ClusterClass")].name + name: ClusterClass + type: string + - description: Time duration since creation of KubeadmControlPlaneTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: |- + KubeadmControlPlaneTemplate is the Schema for the kubeadmcontrolplanetemplates API. + NOTE: This CRD can only be used if the ClusterTopology feature gate is enabled. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the desired state of KubeadmControlPlaneTemplate. + properties: + template: + description: template defines the desired state of KubeadmControlPlaneTemplate. + minProperties: 1 + properties: + metadata: + description: |- + metadata is the standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + minProperties: 1 + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: spec is the desired state of KubeadmControlPlaneTemplateResource. + minProperties: 1 + properties: + kubeadmConfigSpec: + description: |- + kubeadmConfigSpec is a KubeadmConfigSpec + to use for initializing and joining machines to the control plane. + minProperties: 1 + properties: + bootCommands: + description: |- + bootCommands specifies extra commands to run very early in the boot process via the cloud-init bootcmd + module. bootcmd will run on every boot, 'cloud-init-per' command can be used to make bootcmd run exactly + once. This is typically run in the cloud-init.service systemd unit. This has no effect in Ignition. + items: + maxLength: 10240 + minLength: 1 + type: string + maxItems: 1000 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + clusterConfiguration: + description: clusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + minProperties: 1 + properties: + apiServer: + description: apiServer contains extra settings for + the API server control plane component + minProperties: 1 + properties: + certSANs: + description: certSANs sets extra Subject Alternative + Names for the API Server signing cert. + items: + maxLength: 253 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + extraArgs: + description: |- + extraArgs is a list of args to pass to the control plane component. + The arg name must match the command line flag name except without leading dash(es). + Extra arguments will override existing default arguments set by kubeadm. + items: + description: Arg represents an argument with + a name and a value. + properties: + name: + description: name is the Name of the extraArg. + maxLength: 256 + minLength: 1 + type: string + value: + description: value is the Value of the extraArg. + maxLength: 1024 + minLength: 0 + type: string + required: + - name + - value + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + - value + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: extraArgs name must be unique + rule: self.all(x, self.exists_one(y, x.name + == y.name)) + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to the control plane component. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + extraVolumes: + description: extraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: |- + HostPathMount contains elements describing volumes that are mounted from the + host. + properties: + hostPath: + description: |- + hostPath is the path in the host that will be mounted inside + the pod. + maxLength: 512 + minLength: 1 + type: string + mountPath: + description: mountPath is the path inside + the pod where hostPath will be mounted. + maxLength: 512 + minLength: 1 + type: string + name: + description: name of the volume inside the + pod template. + maxLength: 512 + minLength: 1 + type: string + pathType: + description: pathType is the type of the + HostPath. + type: string + readOnly: + description: readOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + caCertificateValidityPeriodDays: + description: |- + caCertificateValidityPeriodDays specifies the validity period for CA certificates generated by Cluster API. + If not specified, Cluster API will use a default of 3650 days (10 years). + This field cannot be modified. + format: int32 + maximum: 36500 + minimum: 1 + type: integer + certificateValidityPeriodDays: + description: |- + certificateValidityPeriodDays specifies the validity period for non-CA certificates generated by kubeadm. + If not specified, kubeadm will use a default of 365 days (1 year). + This field is only supported with Kubernetes v1.31 or above. + format: int32 + maximum: 1095 + minimum: 1 + type: integer + certificatesDir: + description: |- + certificatesDir specifies where to store or look for all required certificates. + NB: if not provided, this will default to `/etc/kubernetes/pki` + maxLength: 512 + minLength: 1 + type: string + controlPlaneEndpoint: + description: |- + controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it + can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. + In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort + are used; in case the ControlPlaneEndpoint is specified but without a TCP port, + the BindPort is used. + Possible usages are: + e.g. In a cluster with more than one control plane instances, this field should be + assigned the address of the external load balancer in front of the + control plane instances. + e.g. in environments with enforced node recycling, the ControlPlaneEndpoint + could be used for assigning a stable DNS to the control plane. + NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. + maxLength: 512 + minLength: 1 + type: string + controllerManager: + description: controllerManager contains extra settings + for the controller manager control plane component + minProperties: 1 + properties: + extraArgs: + description: |- + extraArgs is a list of args to pass to the control plane component. + The arg name must match the command line flag name except without leading dash(es). + Extra arguments will override existing default arguments set by kubeadm. + items: + description: Arg represents an argument with + a name and a value. + properties: + name: + description: name is the Name of the extraArg. + maxLength: 256 + minLength: 1 + type: string + value: + description: value is the Value of the extraArg. + maxLength: 1024 + minLength: 0 + type: string + required: + - name + - value + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + - value + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: extraArgs name must be unique + rule: self.all(x, self.exists_one(y, x.name + == y.name)) + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to the control plane component. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + extraVolumes: + description: extraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: |- + HostPathMount contains elements describing volumes that are mounted from the + host. + properties: + hostPath: + description: |- + hostPath is the path in the host that will be mounted inside + the pod. + maxLength: 512 + minLength: 1 + type: string + mountPath: + description: mountPath is the path inside + the pod where hostPath will be mounted. + maxLength: 512 + minLength: 1 + type: string + name: + description: name of the volume inside the + pod template. + maxLength: 512 + minLength: 1 + type: string + pathType: + description: pathType is the type of the + HostPath. + type: string + readOnly: + description: readOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + dns: + description: dns defines the options for the DNS add-on + installed in the cluster. + minProperties: 1 + properties: + imageRepository: + description: |- + imageRepository sets the container registry to pull images from. + if not set, the ImageRepository defined in ClusterConfiguration will be used instead. + maxLength: 512 + minLength: 1 + type: string + imageTag: + description: |- + imageTag allows to specify a tag for the image. + In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. + maxLength: 256 + minLength: 1 + type: string + type: object + etcd: + description: |- + etcd holds configuration for etcd. + NB: This value defaults to a Local (stacked) etcd + minProperties: 1 + properties: + external: + description: |- + external describes how to connect to an external etcd cluster + Local and External are mutually exclusive + properties: + caFile: + description: |- + caFile is an SSL Certificate Authority file used to secure etcd communication. + Required if using a TLS connection. + maxLength: 512 + minLength: 1 + type: string + certFile: + description: |- + certFile is an SSL certification file used to secure etcd communication. + Required if using a TLS connection. + maxLength: 512 + minLength: 1 + type: string + endpoints: + description: endpoints of etcd members. Required + for ExternalEtcd. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + keyFile: + description: |- + keyFile is an SSL key file used to secure etcd communication. + Required if using a TLS connection. + maxLength: 512 + minLength: 1 + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: |- + local provides configuration knobs for configuring the local etcd instance + Local and External are mutually exclusive + minProperties: 1 + properties: + dataDir: + description: |- + dataDir is the directory etcd will place its data. + Defaults to "/var/lib/etcd". + maxLength: 512 + minLength: 1 + type: string + extraArgs: + description: |- + extraArgs is a list of args to pass to etcd. + The arg name must match the command line flag name except without leading dash(es). + Extra arguments will override existing default arguments set by kubeadm. + items: + description: Arg represents an argument + with a name and a value. + properties: + name: + description: name is the Name of the + extraArg. + maxLength: 256 + minLength: 1 + type: string + value: + description: value is the Value of the + extraArg. + maxLength: 1024 + minLength: 0 + type: string + required: + - name + - value + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + - value + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: extraArgs name must be unique + rule: self.all(x, self.exists_one(y, x.name + == y.name)) + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to etcd. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment + variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if + value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a + ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the + schema the FieldPath is written + in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a + secret in the pod's namespace + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + imageRepository: + description: |- + imageRepository sets the container registry to pull images from. + if not set, the ImageRepository defined in ClusterConfiguration will be used instead. + maxLength: 512 + minLength: 1 + type: string + imageTag: + description: |- + imageTag allows to specify a tag for the image. + In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. + maxLength: 256 + minLength: 1 + type: string + peerCertSANs: + description: peerCertSANs sets extra Subject + Alternative Names for the etcd peer signing + cert. + items: + maxLength: 253 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + serverCertSANs: + description: serverCertSANs sets extra Subject + Alternative Names for the etcd server signing + cert. + items: + maxLength: 253 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: featureGates enabled by the user. + type: object + imageRepository: + description: |- + imageRepository sets the container registry to pull images from. + * If not set, the default registry of kubeadm will be used, i.e. + * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 + * k8s.gcr.io (old registry): all older versions + Please note that when imageRepository is not set we don't allow upgrades to + versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use + a newer patch version with the new registry instead (i.e. >= v1.22.17, + >= v1.23.15, >= v1.24.9, >= v1.25.0). + * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) + `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components + and for kube-proxy, while `registry.k8s.io` will be used for all the other images. + maxLength: 512 + minLength: 1 + type: string + scheduler: + description: scheduler contains extra settings for + the scheduler control plane component + minProperties: 1 + properties: + extraArgs: + description: |- + extraArgs is a list of args to pass to the control plane component. + The arg name must match the command line flag name except without leading dash(es). + Extra arguments will override existing default arguments set by kubeadm. + items: + description: Arg represents an argument with + a name and a value. + properties: + name: + description: name is the Name of the extraArg. + maxLength: 256 + minLength: 1 + type: string + value: + description: value is the Value of the extraArg. + maxLength: 1024 + minLength: 0 + type: string + required: + - name + - value + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + - value + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: extraArgs name must be unique + rule: self.all(x, self.exists_one(y, x.name + == y.name)) + extraEnvs: + description: |- + extraEnvs is an extra set of environment variables to pass to the control plane component. + Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + This option takes effect only on Kubernetes >=1.31.0. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + extraVolumes: + description: extraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: |- + HostPathMount contains elements describing volumes that are mounted from the + host. + properties: + hostPath: + description: |- + hostPath is the path in the host that will be mounted inside + the pod. + maxLength: 512 + minLength: 1 + type: string + mountPath: + description: mountPath is the path inside + the pod where hostPath will be mounted. + maxLength: 512 + minLength: 1 + type: string + name: + description: name of the volume inside the + pod template. + maxLength: 512 + minLength: 1 + type: string + pathType: + description: pathType is the type of the + HostPath. + type: string + readOnly: + description: readOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + type: object + diskSetup: + description: diskSetup specifies options for the creation + of partition tables and file systems on devices. + minProperties: 1 + properties: + filesystems: + description: filesystems specifies the list of file + systems to setup. + items: + description: Filesystem defines the file systems + to be created. + properties: + device: + description: device specifies the device name + maxLength: 256 + minLength: 1 + type: string + extraOpts: + description: extraOpts defined extra options + to add to the command for creating the file + system. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + type: array + x-kubernetes-list-type: atomic + filesystem: + description: filesystem specifies the file system + type. + maxLength: 128 + minLength: 1 + type: string + label: + description: label specifies the file system + label to be used. If set to None, no label + is used. + maxLength: 512 + minLength: 1 + type: string + overwrite: + description: |- + overwrite defines whether or not to overwrite any existing filesystem. + If true, any pre-existing file system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'partition specifies the partition + to use. The valid options are: "auto|any", + "auto", "any", "none", and , where NUM + is the actual partition number.' + maxLength: 128 + minLength: 1 + type: string + replaceFS: + description: |- + replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . + NOTE: unless you define a label, this requires the use of the 'any' partition directive. + maxLength: 128 + minLength: 1 + type: string + required: + - device + - filesystem + type: object + maxItems: 100 + type: array + x-kubernetes-list-type: atomic + partitions: + description: partitions specifies the list of the + partitions to setup. + items: + description: Partition defines how to create and + layout a partition. + properties: + device: + description: device is the name of the device. + maxLength: 256 + minLength: 1 + type: string + layout: + description: |- + layout specifies the device layout. + If it is true, a single partition will be created for the entire device. + When layout is false, it means don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: |- + overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. + Use with caution. Default is 'false'. + type: boolean + tableType: + description: |- + tableType specifies the tupe of partition table. The following are supported: + 'mbr': default and setups a MS-DOS partition table + 'gpt': setups a GPT partition table + enum: + - mbr + - gpt + type: string + required: + - device + - layout + type: object + maxItems: 100 + type: array + x-kubernetes-list-type: atomic + type: object + files: + description: files specifies extra files to be passed + to user_data upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + append: + description: append specifies whether to append + Content to existing file if Path exists. + type: boolean + content: + description: content is the actual content of the + file. + maxLength: 10240 + minLength: 1 + type: string + contentFrom: + description: contentFrom is a referenced source + of content to populate the file. + properties: + secret: + description: secret represents a secret that + should populate this file. + properties: + key: + description: key is the key in the secret's + data map for this value. + maxLength: 256 + minLength: 1 + type: string + name: + description: name of the secret in the KubeadmBootstrapConfig's + namespace to use. + maxLength: 253 + minLength: 1 + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: encoding specifies the encoding of + the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: owner specifies the ownership of the + file, e.g. "root:root". + maxLength: 256 + minLength: 1 + type: string + path: + description: path specifies the full path on disk + where to store the file. + maxLength: 512 + minLength: 1 + type: string + permissions: + description: permissions specifies the permissions + to assign to the file, e.g. "0640". + maxLength: 16 + minLength: 1 + type: string + required: + - path + type: object + maxItems: 200 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + format: + description: |- + format specifies the output format of the bootstrap data. + Defaults to cloud-config if not set. + enum: + - cloud-config + - ignition + type: string + ignition: + description: ignition contains Ignition specific configuration. + minProperties: 1 + properties: + containerLinuxConfig: + description: containerLinuxConfig contains CLC specific + configuration. + minProperties: 1 + properties: + additionalConfig: + description: |- + additionalConfig contains additional configuration to be merged with the Ignition + configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging + + The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + maxLength: 32768 + minLength: 1 + type: string + strict: + description: strict controls if AdditionalConfig + should be strictly parsed. If so, warnings are + treated as errors. + type: boolean + type: object + type: object + initConfiguration: + description: initConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + minProperties: 1 + properties: + bootstrapTokens: + description: |- + bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. + This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap + token, stored as a Secret in the cluster. + properties: + description: + description: |- + description sets a human-friendly message why this token exists and what it's used + for, so other administrators can know its purpose. + maxLength: 512 + minLength: 1 + type: string + expires: + description: |- + expires specifies the timestamp when this token expires. Defaults to being set + dynamically at runtime based on the ttlSeconds. Expires and ttlSeconds are mutually exclusive. + format: date-time + type: string + groups: + description: |- + groups specifies the extra groups that this token will authenticate as when/if + used for authentication + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + token: + description: |- + token is used for establishing bidirectional trust between nodes and control-planes. + Used for joining nodes in the cluster. + maxLength: 23 + minLength: 1 + type: string + ttlSeconds: + description: |- + ttlSeconds defines the time to live for this token. Defaults to 24h. + Expires and ttlSeconds are mutually exclusive. + format: int32 + minimum: 0 + type: integer + usages: + description: |- + usages describes the ways in which this token can be used. Can by default be used + for establishing bidirectional trust, but that can be changed here. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + required: + - token + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + localAPIEndpoint: + description: |- + localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node + In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint + is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This + configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible + on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process + fails you may set the desired value here. + minProperties: 1 + properties: + advertiseAddress: + description: advertiseAddress sets the IP address + for the API server to advertise. + maxLength: 39 + minLength: 1 + type: string + bindPort: + description: |- + bindPort sets the secure port for the API Server to bind to. + Defaults to 6443. + format: int32 + minimum: 1 + type: integer + type: object + nodeRegistration: + description: |- + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + minProperties: 1 + properties: + criSocket: + description: criSocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + maxLength: 512 + minLength: 1 + type: string + ignorePreflightErrors: + description: |- + ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered, e.g. 'IsPrivilegedUser,Swap'. + Value 'all' ignores errors from all checks. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + imagePullPolicy: + description: |- + imagePullPolicy specifies the policy for image pulling + during kubeadm "init" and "join" operations. The value of + this field must be one of "Always", "IfNotPresent" or + "Never". Defaults to "IfNotPresent" if not set. + enum: + - Always + - IfNotPresent + - Never + type: string + imagePullSerial: + description: |- + imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. + This option takes effect only on Kubernetes >=1.31.0. + Default: true (defaulted in kubeadm) + type: boolean + kubeletExtraArgs: + description: |- + kubeletExtraArgs is a list of args to pass to kubelet. + The arg name must match the command line flag name except without leading dash(es). + Extra arguments will override existing default arguments set by kubeadm. + items: + description: Arg represents an argument with + a name and a value. + properties: + name: + description: name is the Name of the extraArg. + maxLength: 256 + minLength: 1 + type: string + value: + description: value is the Value of the extraArg. + maxLength: 1024 + minLength: 0 + type: string + required: + - name + - value + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + - value + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: kubeletExtraArgs name must be unique + rule: self.all(x, self.exists_one(y, x.name + == y.name)) + name: + description: |- + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field of the kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + maxLength: 253 + minLength: 1 + type: string + taints: + description: |- + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an + empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. + items: + description: |- + The node this Taint is attached to has the "effect" on + any pod that does not tolerate the Taint. + properties: + effect: + description: |- + Required. The effect of the taint on pods + that do not tolerate the taint. + Valid effects are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to + be applied to a node. + type: string + timeAdded: + description: |- + TimeAdded represents the time at which the taint was added. + It is only written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding + to the taint key. + type: string + required: + - effect + - key + type: object + maxItems: 100 + minItems: 0 + type: array + type: object + patches: + description: |- + patches contains options related to applying patches to components deployed by kubeadm during + "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22 + minProperties: 1 + properties: + directory: + description: |- + directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of + "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one + of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. + The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". + "suffix" is an optional string that can be used to determine which patches are applied + first alpha-numerically. + These files can be written into the target directory via KubeadmConfig.Files which + specifies additional files to be created on the machine, either with content inline or + by referencing a secret. + maxLength: 512 + minLength: 1 + type: string + type: object + skipPhases: + description: |- + skipPhases is a list of phases to skip during command execution. + The list of phases can be obtained with the "kubeadm init --help" command. + This option takes effect only on Kubernetes >=1.22.0. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + timeouts: + description: timeouts holds various timeouts that + apply to kubeadm commands. + minProperties: 1 + properties: + controlPlaneComponentHealthCheckSeconds: + description: |- + controlPlaneComponentHealthCheckSeconds is the amount of time to wait for a control plane + component, such as the API server, to be healthy during "kubeadm init" and "kubeadm join". + If not set, it defaults to 4m (240s). + format: int32 + minimum: 0 + type: integer + discoverySeconds: + description: |- + discoverySeconds is the amount of time to wait for kubeadm to validate the API server identity + for a joining node. + If not set, it defaults to 5m (300s). + format: int32 + minimum: 0 + type: integer + etcdAPICallSeconds: + description: |- + etcdAPICallSeconds is the amount of time to wait for the kubeadm etcd client to complete a request to + the etcd cluster. + If not set, it defaults to 2m (120s). + format: int32 + minimum: 0 + type: integer + kubeletHealthCheckSeconds: + description: |- + kubeletHealthCheckSeconds is the amount of time to wait for the kubelet to be healthy + during "kubeadm init" and "kubeadm join". + If not set, it defaults to 4m (240s). + format: int32 + minimum: 0 + type: integer + kubernetesAPICallSeconds: + description: |- + kubernetesAPICallSeconds is the amount of time to wait for the kubeadm client to complete a request to + the API server. This applies to all types of methods (GET, POST, etc). + If not set, it defaults to 1m (60s). + format: int32 + minimum: 0 + type: integer + tlsBootstrapSeconds: + description: |- + tlsBootstrapSeconds is the amount of time to wait for the kubelet to complete TLS bootstrap + for a joining node. + If not set, it defaults to 5m (300s). + format: int32 + minimum: 0 + type: integer + type: object + type: object + joinConfiguration: + description: joinConfiguration is the kubeadm configuration + for the join command + minProperties: 1 + properties: + caCertPath: + description: |- + caCertPath is the path to the SSL certificate authority used to + secure communications between node and control-plane. + Defaults to "/etc/kubernetes/pki/ca.crt". + maxLength: 512 + minLength: 1 + type: string + controlPlane: + description: |- + controlPlane defines the additional control plane instance to be deployed on the joining node. + If nil, no additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: localAPIEndpoint represents the endpoint + of the API server instance to be deployed on + this node. + minProperties: 1 + properties: + advertiseAddress: + description: advertiseAddress sets the IP + address for the API server to advertise. + maxLength: 39 + minLength: 1 + type: string + bindPort: + description: |- + bindPort sets the secure port for the API Server to bind to. + Defaults to 6443. + format: int32 + minimum: 1 + type: integer + type: object + type: object + discovery: + description: discovery specifies the options for the + kubelet to use during the TLS Bootstrap process + minProperties: 1 + properties: + bootstrapToken: + description: |- + bootstrapToken is used to set the options for bootstrap token based discovery + BootstrapToken and File are mutually exclusive + minProperties: 1 + properties: + apiServerEndpoint: + description: apiServerEndpoint is an IP or + domain name to the API server from which + info will be fetched. + maxLength: 512 + minLength: 1 + type: string + caCertHashes: + description: |- + caCertHashes specifies a set of public key pins to verify + when token-based discovery is used. The root CA found during discovery + must match one of these values. Specifying an empty set disables root CA + pinning, which can be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". This is a hex-encoded + SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded + ASN.1. These hashes can be calculated using, for example, OpenSSL: + openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + token: + description: |- + token is a token used to validate cluster information + fetched from the control-plane. + maxLength: 512 + minLength: 1 + type: string + unsafeSkipCAVerification: + description: |- + unsafeSkipCAVerification allows token-based discovery + without CA verification via CACertHashes. This can weaken + the security of kubeadm since other nodes can impersonate the control-plane. + type: boolean + type: object + file: + description: |- + file is used to specify a file or URL to a kubeconfig file from which to load cluster information + BootstrapToken and File are mutually exclusive + properties: + kubeConfig: + description: |- + kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information. + The file is generated at the path specified in KubeConfigPath. + + Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint. + Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret. + properties: + cluster: + description: |- + cluster contains information about how to communicate with the kubernetes cluster. + + By default the following fields are automatically populated: + - Server with the Cluster's ControlPlaneEndpoint. + - CertificateAuthorityData with the Cluster's CA certificate. + minProperties: 1 + properties: + certificateAuthorityData: + description: |- + certificateAuthorityData contains PEM-encoded certificate authority certificates. + + Defaults to the Cluster's CA certificate if empty. + format: byte + maxLength: 51200 + minLength: 1 + type: string + insecureSkipTLSVerify: + description: insecureSkipTLSVerify + skips the validity check for the + server's certificate. This will + make your HTTPS connections insecure. + type: boolean + proxyURL: + description: |- + proxyURL is the URL to the proxy to be used for all requests made by this + client. URLs with "http", "https", and "socks5" schemes are supported. If + this configuration is not provided or the empty string, the client + attempts to construct a proxy configuration from http_proxy and + https_proxy environment variables. If these environment variables are not + set, the client does not attempt to proxy requests. + + socks5 proxying does not currently support spdy streaming endpoints (exec, + attach, port forward). + maxLength: 512 + minLength: 1 + type: string + server: + description: |- + server is the address of the kubernetes cluster (https://hostname:port). + + Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint. + maxLength: 512 + minLength: 1 + type: string + tlsServerName: + description: tlsServerName is used + to check server certificate. If + TLSServerName is empty, the hostname + used to contact the server is used. + maxLength: 512 + minLength: 1 + type: string + type: object + user: + description: |- + user contains information that describes identity information. + This is used to tell the kubernetes cluster who you are. + minProperties: 1 + properties: + authProvider: + description: authProvider specifies + a custom authentication plugin for + the kubernetes cluster. + properties: + config: + additionalProperties: + type: string + description: config holds the + parameters for the authentication + plugin. + type: object + name: + description: name is the name + of the authentication plugin. + maxLength: 256 + minLength: 1 + type: string + required: + - name + type: object + exec: + description: exec specifies a custom + exec-based authentication plugin + for the kubernetes cluster. + properties: + apiVersion: + description: |- + apiVersion is preferred input version of the ExecInfo. The returned ExecCredentials MUST use + the same encoding version as the input. + Defaults to client.authentication.k8s.io/v1 if not set. + maxLength: 512 + minLength: 1 + type: string + args: + description: args is the arguments + to pass to the command when + executing it. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + command: + description: command to execute. + maxLength: 1024 + minLength: 1 + type: string + env: + description: |- + env defines additional environment variables to expose to the process. These + are unioned with the host's environment, as well as variables client-go uses + to pass argument to the plugin. + items: + description: |- + KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based + credential plugin. + properties: + name: + description: name of the + environment variable + maxLength: 512 + minLength: 1 + type: string + value: + description: value of the + environment variable + maxLength: 512 + minLength: 1 + type: string + required: + - name + - value + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + provideClusterInfo: + description: |- + provideClusterInfo determines whether or not to provide cluster information, + which could potentially contain very large CA data, to this exec plugin as a + part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set + to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for + reading this environment variable. + type: boolean + required: + - command + type: object + type: object + required: + - user + type: object + kubeConfigPath: + description: kubeConfigPath is used to specify + the actual file path or URL to the kubeconfig + file from which to load cluster information + maxLength: 512 + minLength: 1 + type: string + required: + - kubeConfigPath + type: object + tlsBootstrapToken: + description: |- + tlsBootstrapToken is a token used for TLS bootstrapping. + If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. + If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information + maxLength: 512 + minLength: 1 + type: string + type: object + nodeRegistration: + description: |- + nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + minProperties: 1 + properties: + criSocket: + description: criSocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + maxLength: 512 + minLength: 1 + type: string + ignorePreflightErrors: + description: |- + ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered, e.g. 'IsPrivilegedUser,Swap'. + Value 'all' ignores errors from all checks. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + imagePullPolicy: + description: |- + imagePullPolicy specifies the policy for image pulling + during kubeadm "init" and "join" operations. The value of + this field must be one of "Always", "IfNotPresent" or + "Never". Defaults to "IfNotPresent" if not set. + enum: + - Always + - IfNotPresent + - Never + type: string + imagePullSerial: + description: |- + imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. + This option takes effect only on Kubernetes >=1.31.0. + Default: true (defaulted in kubeadm) + type: boolean + kubeletExtraArgs: + description: |- + kubeletExtraArgs is a list of args to pass to kubelet. + The arg name must match the command line flag name except without leading dash(es). + Extra arguments will override existing default arguments set by kubeadm. + items: + description: Arg represents an argument with + a name and a value. + properties: + name: + description: name is the Name of the extraArg. + maxLength: 256 + minLength: 1 + type: string + value: + description: value is the Value of the extraArg. + maxLength: 1024 + minLength: 0 + type: string + required: + - name + - value + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + - value + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: kubeletExtraArgs name must be unique + rule: self.all(x, self.exists_one(y, x.name + == y.name)) + name: + description: |- + name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field of the kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + maxLength: 253 + minLength: 1 + type: string + taints: + description: |- + taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an + empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. + items: + description: |- + The node this Taint is attached to has the "effect" on + any pod that does not tolerate the Taint. + properties: + effect: + description: |- + Required. The effect of the taint on pods + that do not tolerate the taint. + Valid effects are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to + be applied to a node. + type: string + timeAdded: + description: |- + TimeAdded represents the time at which the taint was added. + It is only written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding + to the taint key. + type: string + required: + - effect + - key + type: object + maxItems: 100 + minItems: 0 + type: array + type: object + patches: + description: |- + patches contains options related to applying patches to components deployed by kubeadm during + "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22 + minProperties: 1 + properties: + directory: + description: |- + directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of + "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one + of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. + The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". + "suffix" is an optional string that can be used to determine which patches are applied + first alpha-numerically. + These files can be written into the target directory via KubeadmConfig.Files which + specifies additional files to be created on the machine, either with content inline or + by referencing a secret. + maxLength: 512 + minLength: 1 + type: string + type: object + skipPhases: + description: |- + skipPhases is a list of phases to skip during command execution. + The list of phases can be obtained with the "kubeadm init --help" command. + This option takes effect only on Kubernetes >=1.22.0. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + timeouts: + description: timeouts holds various timeouts that + apply to kubeadm commands. + minProperties: 1 + properties: + controlPlaneComponentHealthCheckSeconds: + description: |- + controlPlaneComponentHealthCheckSeconds is the amount of time to wait for a control plane + component, such as the API server, to be healthy during "kubeadm init" and "kubeadm join". + If not set, it defaults to 4m (240s). + format: int32 + minimum: 0 + type: integer + discoverySeconds: + description: |- + discoverySeconds is the amount of time to wait for kubeadm to validate the API server identity + for a joining node. + If not set, it defaults to 5m (300s). + format: int32 + minimum: 0 + type: integer + etcdAPICallSeconds: + description: |- + etcdAPICallSeconds is the amount of time to wait for the kubeadm etcd client to complete a request to + the etcd cluster. + If not set, it defaults to 2m (120s). + format: int32 + minimum: 0 + type: integer + kubeletHealthCheckSeconds: + description: |- + kubeletHealthCheckSeconds is the amount of time to wait for the kubelet to be healthy + during "kubeadm init" and "kubeadm join". + If not set, it defaults to 4m (240s). + format: int32 + minimum: 0 + type: integer + kubernetesAPICallSeconds: + description: |- + kubernetesAPICallSeconds is the amount of time to wait for the kubeadm client to complete a request to + the API server. This applies to all types of methods (GET, POST, etc). + If not set, it defaults to 1m (60s). + format: int32 + minimum: 0 + type: integer + tlsBootstrapSeconds: + description: |- + tlsBootstrapSeconds is the amount of time to wait for the kubelet to complete TLS bootstrap + for a joining node. + If not set, it defaults to 5m (300s). + format: int32 + minimum: 0 + type: integer + type: object + type: object + mounts: + description: mounts specifies a list of mount points to + be setup. + items: + description: MountPoints defines input for generated + mounts in cloud-init. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + ntp: + description: ntp specifies NTP configuration + minProperties: 1 + properties: + enabled: + description: enabled specifies whether NTP should + be enabled + type: boolean + servers: + description: servers specifies which NTP servers to + use + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 100 + type: array + x-kubernetes-list-type: atomic + type: object + postKubeadmCommands: + description: |- + postKubeadmCommands specifies extra commands to run after kubeadm runs. + With cloud-init, this is appended to the runcmd module configuration, and is typically executed in + the cloud-final.service systemd unit. In Ignition, this is appended to /etc/kubeadm.sh. + items: + maxLength: 10240 + minLength: 1 + type: string + maxItems: 1000 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + preKubeadmCommands: + description: |- + preKubeadmCommands specifies extra commands to run before kubeadm runs. + With cloud-init, this is prepended to the runcmd module configuration, and is typically executed in + the cloud-final.service systemd unit. In Ignition, this is prepended to /etc/kubeadm.sh. + items: + maxLength: 10240 + minLength: 1 + type: string + maxItems: 1000 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + users: + description: users specifies extra users to add + items: + description: User defines the input for a generated + user in cloud-init. + properties: + gecos: + description: gecos specifies the gecos to use for + the user + maxLength: 256 + minLength: 1 + type: string + groups: + description: groups specifies the additional groups + for the user + maxLength: 256 + minLength: 1 + type: string + homeDir: + description: homeDir specifies the home directory + to use for the user + maxLength: 256 + minLength: 1 + type: string + inactive: + description: inactive specifies whether to mark + the user as inactive + type: boolean + lockPassword: + description: lockPassword specifies if password + login should be disabled + type: boolean + name: + description: name specifies the user name + maxLength: 256 + minLength: 1 + type: string + passwd: + description: passwd specifies a hashed password + for the user + maxLength: 256 + minLength: 1 + type: string + passwdFrom: + description: passwdFrom is a referenced source of + passwd to populate the passwd. + properties: + secret: + description: secret represents a secret that + should populate this password. + properties: + key: + description: key is the key in the secret's + data map for this value. + maxLength: 256 + minLength: 1 + type: string + name: + description: name of the secret in the KubeadmBootstrapConfig's + namespace to use. + maxLength: 253 + minLength: 1 + type: string + required: + - key + - name + type: object + required: + - secret + type: object + primaryGroup: + description: primaryGroup specifies the primary + group for the user + maxLength: 256 + minLength: 1 + type: string + shell: + description: shell specifies the user's shell + maxLength: 256 + minLength: 1 + type: string + sshAuthorizedKeys: + description: sshAuthorizedKeys specifies a list + of ssh authorized keys for the user + items: + maxLength: 2048 + minLength: 1 + type: string + maxItems: 100 + type: array + x-kubernetes-list-type: atomic + sudo: + description: sudo specifies a sudo role for the + user + maxLength: 256 + minLength: 1 + type: string + required: + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + verbosity: + description: |- + verbosity is the number for the kubeadm log level verbosity. + It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + machineNaming: + description: |- + machineNaming allows changing the naming pattern used when creating Machines. + InfraMachines & KubeadmConfigs will use the same name as the corresponding Machines. + minProperties: 1 + properties: + template: + description: |- + template defines the template to use for generating the names of the Machine objects. + If not defined, it will fallback to `{{ .kubeadmControlPlane.name }}-{{ .random }}`. + If the generated name string exceeds 63 characters, it will be trimmed to 58 characters and will + get concatenated with a random suffix of length 5. + Length of the template string must not exceed 256 characters. + The template allows the following variables `.cluster.name`, `.kubeadmControlPlane.name` and `.random`. + The variable `.cluster.name` retrieves the name of the cluster object that owns the Machines being created. + The variable `.kubeadmControlPlane.name` retrieves the name of the KubeadmControlPlane object that owns the Machines being created. + The variable `.random` is substituted with random alphanumeric string, without vowels, of length 5. This variable is required + part of the template. If not provided, validation will fail. + maxLength: 256 + minLength: 1 + type: string + type: object + machineTemplate: + description: |- + machineTemplate contains information about how machines + should be shaped when creating or updating a control plane. + minProperties: 1 + properties: + metadata: + description: |- + metadata is the standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + minProperties: 1 + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + spec defines the spec for Machines + in a KubeadmControlPlane object. + minProperties: 1 + properties: + deletion: + description: deletion contains configuration options + for Machine deletion. + minProperties: 1 + properties: + nodeDeletionTimeoutSeconds: + description: |- + nodeDeletionTimeoutSeconds defines how long the machine controller will attempt to delete the Node that the Machine + hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. + If no value is provided, the default value for this property of the Machine resource will be used. + format: int32 + minimum: 0 + type: integer + nodeDrainTimeoutSeconds: + description: |- + nodeDrainTimeoutSeconds is the total amount of time that the controller will spend on draining a controlplane node + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: nodeDrainTimeoutSeconds is different from `kubectl drain --timeout` + format: int32 + minimum: 0 + type: integer + nodeVolumeDetachTimeoutSeconds: + description: |- + nodeVolumeDetachTimeoutSeconds is the total amount of time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + format: int32 + minimum: 0 + type: integer + type: object + type: object + type: object + remediation: + description: remediation controls how unhealthy Machines are + remediated. + minProperties: 1 + properties: + maxRetry: + description: "maxRetry is the Max number of retries while + attempting to remediate an unhealthy machine.\nA retry + happens when a machine that was created as a replacement + for an unhealthy machine also fails.\nFor example, given + a control plane with three machines M1, M2, M3:\n\n\tM1 + become unhealthy; remediation happens, and M1-1 is created + as a replacement.\n\tIf M1-1 (replacement of M1) has + problems while bootstrapping it will become unhealthy, + and then be\n\tremediated; such operation is considered + a retry, remediation-retry #1.\n\tIf M1-2 (replacement + of M1-1) becomes unhealthy, remediation-retry #2 will + happen, etc.\n\nA retry could happen only after retryPeriodSeconds + from the previous retry.\nIf a machine is marked as + unhealthy after minHealthyPeriodSeconds from the previous + remediation expired,\nthis is not considered a retry + anymore because the new issue is assumed unrelated from + the previous one.\n\nIf not set, the remedation will + be retried infinitely." + format: int32 + type: integer + minHealthyPeriodSeconds: + description: "minHealthyPeriodSeconds defines the duration + after which KCP will consider any failure to a machine + unrelated\nfrom the previous one. In this case the remediation + is not considered a retry anymore, and thus the retry\ncounter + restarts from 0. For example, assuming minHealthyPeriodSeconds + is set to 1h (default)\n\n\tM1 become unhealthy; remediation + happens, and M1-1 is created as a replacement.\n\tIf + M1-1 (replacement of M1) has problems within the 1hr + after the creation, also\n\tthis machine will be remediated + and this operation is considered a retry - a problem + related\n\tto the original issue happened to M1 -.\n\n\tIf + instead the problem on M1-1 is happening after minHealthyPeriodSeconds + expired, e.g. four days after\n\tm1-1 has been created + as a remediation of M1, the problem on M1-1 is considered + unrelated to\n\tthe original issue happened to M1.\n\nIf + not set, this value is defaulted to 1h." + format: int32 + minimum: 0 + type: integer + retryPeriodSeconds: + description: |- + retryPeriodSeconds is the duration that KCP should wait before remediating a machine being created as a replacement + for an unhealthy machine (a retry). + + If not set, a retry will happen immediately. + format: int32 + minimum: 0 + type: integer + type: object + rollout: + description: |- + rollout allows you to configure the behaviour of rolling updates to the control plane Machines. + It allows you to require that all Machines are replaced before or after a certain time, + and allows you to define the strategy used during rolling replacements. + minProperties: 1 + properties: + after: + description: |- + after is a field to indicate a rollout should be performed + after the specified time even if no changes have been made to the + KubeadmControlPlane. + Example: In the YAML the time can be specified in the RFC3339 format. + To specify the rolloutAfter target as March 9, 2023, at 9 am UTC + use "2023-03-09T09:00:00Z". + format: date-time + type: string + before: + description: |- + before is a field to indicate a rollout should be performed + if the specified criteria is met. + minProperties: 1 + properties: + certificatesExpiryDays: + description: |- + certificatesExpiryDays indicates a rollout needs to be performed if the + certificates of the machine will expire within the specified days. + The minimum for this field is 7. + format: int32 + minimum: 7 + type: integer + type: object + strategy: + description: strategy specifies how to roll out control + plane Machines. + minProperties: 1 + properties: + rollingUpdate: + description: |- + rollingUpdate is the rolling update config params. Present only if + type = RollingUpdate. + minProperties: 1 + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + maxSurge is the maximum number of control planes that can be scheduled above or under the + desired number of control planes. + Value can be an absolute number 1 or 0. + Defaults to 1. + Example: when this is set to 1, the control plane can be scaled + up immediately when the rolling update starts. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + type of rollout. Currently the only supported strategy is + "RollingUpdate". + Default is RollingUpdate. + enum: + - RollingUpdate + type: string + required: + - type + type: object + type: object + type: object + type: object + required: + - template + type: object + type: object + served: true + storage: true + subresources: {} + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-manager + namespace: capi-kubeadm-control-plane-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-leader-election-role + namespace: capi-kubeadm-control-plane-system + rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + --- + aggregationRule: + clusterRoleSelectors: + - matchLabels: + kubeadm.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true" + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-aggregated-manager-role + rules: [] + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + kubeadm.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true" + name: capi-kubeadm-control-plane-manager-role + rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resourceNames: + - kubeadmcontrolplanes.controlplane.cluster.x-k8s.io + - kubeadmcontrolplanetemplates.controlplane.cluster.x-k8s.io + resources: + - customresourcedefinitions + - customresourcedefinitions/status + verbs: + - patch + - update + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - bootstrap.cluster.x-k8s.io + - controlplane.cluster.x-k8s.io + - infrastructure.cluster.x-k8s.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + - machinepools + verbs: + - get + - list + - watch + - apiGroups: + - cluster.x-k8s.io + resources: + - machines + - machines/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-leader-election-rolebinding + namespace: capi-kubeadm-control-plane-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capi-kubeadm-control-plane-leader-election-role + subjects: + - kind: ServiceAccount + name: capi-kubeadm-control-plane-manager + namespace: capi-kubeadm-control-plane-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-manager-rolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capi-kubeadm-control-plane-aggregated-manager-role + subjects: + - kind: ServiceAccount + name: capi-kubeadm-control-plane-manager + namespace: capi-kubeadm-control-plane-system + --- + apiVersion: v1 + kind: Service + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: control-plane-kubeadm + --- + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + control-plane: controller-manager + name: capi-kubeadm-control-plane-controller-manager + namespace: capi-kubeadm-control-plane-system + spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: control-plane-kubeadm + control-plane: controller-manager + template: + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + control-plane: controller-manager + spec: + containers: + - args: + - --leader-elect + - --diagnostics-address=${CAPI_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${CAPI_INSECURE_DIAGNOSTICS:=false} + - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=true},ClusterTopology=${CLUSTER_TOPOLOGY:=false},KubeadmBootstrapFormatIgnition=${EXP_KUBEADM_BOOTSTRAP_FORMAT_IGNITION:=false},PriorityQueue=${EXP_PRIORITY_QUEUE:=false} + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + image: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.11.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: capi-kubeadm-control-plane-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + secretName: capi-kubeadm-control-plane-webhook-service-cert + --- + apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-serving-cert + namespace: capi-kubeadm-control-plane-system + spec: + dnsNames: + - capi-kubeadm-control-plane-webhook-service.capi-kubeadm-control-plane-system.svc + - capi-kubeadm-control-plane-webhook-service.capi-kubeadm-control-plane-system.svc.cluster.local + issuerRef: + kind: Issuer + name: capi-kubeadm-control-plane-selfsigned-issuer + secretName: capi-kubeadm-control-plane-webhook-service-cert + subject: + organizations: + - k8s-sig-cluster-lifecycle + --- + apiVersion: cert-manager.io/v1 + kind: Issuer + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-selfsigned-issuer + namespace: capi-kubeadm-control-plane-system + spec: + selfSigned: {} + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: MutatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-mutating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /mutate-controlplane-cluster-x-k8s-io-v1beta2-kubeadmcontrolplane + failurePolicy: Fail + matchPolicy: Equivalent + name: default.kubeadmcontrolplane.controlplane.cluster.x-k8s.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - kubeadmcontrolplanes + sideEffects: None + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-validating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /validate-scale-controlplane-cluster-x-k8s-io-v1beta2-kubeadmcontrolplane + failurePolicy: Fail + matchPolicy: Equivalent + name: validation-scale.kubeadmcontrolplane.controlplane.cluster.x-k8s.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - UPDATE + resources: + - kubeadmcontrolplanes/scale + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /validate-controlplane-cluster-x-k8s-io-v1beta2-kubeadmcontrolplane + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.kubeadmcontrolplane.controlplane.cluster.x-k8s.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - kubeadmcontrolplanes + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /validate-controlplane-cluster-x-k8s-io-v1beta2-kubeadmcontrolplanetemplate + failurePolicy: Fail + name: validation.kubeadmcontrolplanetemplate.controlplane.cluster.x-k8s.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - kubeadmcontrolplanetemplates + sideEffects: None + metadata: | + apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 + kind: Metadata + releaseSeries: + - major: 1 + minor: 11 + contract: v1beta2 + - major: 1 + minor: 10 + contract: v1beta1 + - major: 1 + minor: 9 + contract: v1beta1 + - major: 1 + minor: 8 + contract: v1beta1 + - major: 1 + minor: 7 + contract: v1beta1 + - major: 1 + minor: 6 + contract: v1beta1 + - major: 1 + minor: 5 + contract: v1beta1 + - major: 1 + minor: 4 + contract: v1beta1 + - major: 1 + minor: 3 + contract: v1beta1 + - major: 1 + minor: 2 + contract: v1beta1 + - major: 1 + minor: 1 + contract: v1beta1 + - major: 1 + minor: 0 + contract: v1beta1 +kind: ConfigMap +metadata: + labels: + provider.cluster.x-k8s.io/name: kubeadm + provider.cluster.x-k8s.io/type: controlplane + provider.cluster.x-k8s.io/version: v1.11.0 + name: controlplane-kubeadm-v1.11.0 + namespace: capi-kubeadm-control-plane-system \ No newline at end of file diff --git a/test/e2e/resources/controlplane-kubeadm-v1.7.7.yaml b/test/e2e/resources/controlplane-kubeadm-v1.7.7.yaml deleted file mode 100644 index 50f4ba83a..000000000 --- a/test/e2e/resources/controlplane-kubeadm-v1.7.7.yaml +++ /dev/null @@ -1,7184 +0,0 @@ -apiVersion: v1 -data: - components: | - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert - controller-gen.kubebuilder.io/version: v0.14.0 - labels: - cluster.x-k8s.io/provider: control-plane-kubeadm - cluster.x-k8s.io/v1beta1: v1beta1 - name: kubeadmcontrolplanes.controlplane.cluster.x-k8s.io - spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-kubeadm-control-plane-webhook-service - namespace: capi-kubeadm-control-plane-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: controlplane.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: KubeadmControlPlane - listKind: KubeadmControlPlaneList - plural: kubeadmcontrolplanes - shortNames: - - kcp - singular: kubeadmcontrolplane - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: This denotes whether or not the control plane has the uploaded - kubeadm-config configmap - jsonPath: .status.initialized - name: Initialized - type: boolean - - description: KubeadmControlPlane API Server is ready to receive requests - jsonPath: .status.ready - name: API Server Available - type: boolean - - description: Kubernetes version associated with this control plane - jsonPath: .spec.version - name: Version - type: string - - description: Total number of non-terminated machines targeted by this control - plane - jsonPath: .status.replicas - name: Replicas - type: integer - - description: Total number of fully running and ready control plane machines - jsonPath: .status.readyReplicas - name: Ready - type: integer - - description: Total number of non-terminated machines targeted by this control - plane that have the desired template spec - jsonPath: .status.updatedReplicas - name: Updated - type: integer - - description: Total number of unavailable machines targeted by this control plane - jsonPath: .status.unavailableReplicas - name: Unavailable - type: integer - deprecated: true - name: v1alpha3 - schema: - openAPIV3Schema: - description: |- - KubeadmControlPlane is the Schema for the KubeadmControlPlane API. - - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane. - properties: - infrastructureTemplate: - description: |- - InfrastructureTemplate is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - kubeadmConfigSpec: - description: |- - KubeadmConfigSpec is a KubeadmConfigSpec - to use for initializing and joining machines to the control plane. - properties: - clusterConfiguration: - description: ClusterConfiguration along with InitConfiguration - are the configurations necessary for the init command - properties: - apiServer: - description: APIServer contains extra settings for the API - server control plane component - properties: - certSANs: - description: CertSANs sets extra Subject Alternative Names - for the API Server signing cert. - items: - type: string - type: array - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the pod - where hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access to the - volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - timeoutForControlPlane: - description: TimeoutForControlPlane controls the timeout - that we use for API server to appear - type: string - type: object - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - certificatesDir: - description: |- - CertificatesDir specifies where to store or look for all required certificates. - NB: if not provided, this will default to `/etc/kubernetes/pki` - type: string - clusterName: - description: The cluster name - type: string - controlPlaneEndpoint: - description: |- - ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it - can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. - In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort - are used; in case the ControlPlaneEndpoint is specified but without a TCP port, - the BindPort is used. - Possible usages are: - e.g. In a cluster with more than one control plane instances, this field should be - assigned the address of the external load balancer in front of the - control plane instances. - e.g. in environments with enforced node recycling, the ControlPlaneEndpoint - could be used for assigning a stable DNS to the control plane. - NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. - type: string - controllerManager: - description: ControllerManager contains extra settings for - the controller manager control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the pod - where hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access to the - volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - dns: - description: DNS defines the options for the DNS add-on installed - in the cluster. - properties: - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - ImageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - type: - description: Type defines the DNS add-on to be used - type: string - type: object - etcd: - description: |- - Etcd holds configuration for etcd. - NB: This value defaults to a Local (stacked) etcd - properties: - external: - description: |- - External describes how to connect to an external etcd cluster - Local and External are mutually exclusive - properties: - caFile: - description: |- - CAFile is an SSL Certificate Authority file used to secure etcd communication. - Required if using a TLS connection. - type: string - certFile: - description: |- - CertFile is an SSL certification file used to secure etcd communication. - Required if using a TLS connection. - type: string - endpoints: - description: Endpoints of etcd members. Required for - ExternalEtcd. - items: - type: string - type: array - keyFile: - description: |- - KeyFile is an SSL key file used to secure etcd communication. - Required if using a TLS connection. - type: string - required: - - caFile - - certFile - - endpoints - - keyFile - type: object - local: - description: |- - Local provides configuration knobs for configuring the local etcd instance - Local and External are mutually exclusive - properties: - dataDir: - description: |- - DataDir is the directory etcd will place its data. - Defaults to "/var/lib/etcd". - type: string - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs are extra arguments provided to the etcd binary - when run inside a static pod. - type: object - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - ImageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - peerCertSANs: - description: PeerCertSANs sets extra Subject Alternative - Names for the etcd peer signing cert. - items: - type: string - type: array - serverCertSANs: - description: ServerCertSANs sets extra Subject Alternative - Names for the etcd server signing cert. - items: - type: string - type: array - type: object - type: object - featureGates: - additionalProperties: - type: boolean - description: FeatureGates enabled by the user. - type: object - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - If empty, `k8s.gcr.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) - `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `k8s.gcr.io` - will be used for all the other images. - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - kubernetesVersion: - description: |- - KubernetesVersion is the target version of the control plane. - NB: This value defaults to the Machine object spec.version - type: string - networking: - description: |- - Networking holds configuration for the networking topology of the cluster. - NB: This value defaults to the Cluster object spec.clusterNetwork. - properties: - dnsDomain: - description: DNSDomain is the dns domain used by k8s services. - Defaults to "cluster.local". - type: string - podSubnet: - description: |- - PodSubnet is the subnet used by pods. - If unset, the API server will not allocate CIDR ranges for every node. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set - type: string - serviceSubnet: - description: |- - ServiceSubnet is the subnet used by k8s services. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or - to "10.96.0.0/12" if that's unset. - type: string - type: object - scheduler: - description: Scheduler contains extra settings for the scheduler - control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the pod - where hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access to the - volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - useHyperKubeImage: - description: UseHyperKubeImage controls if hyperkube should - be used for Kubernetes components instead of their respective - separate images - type: boolean - type: object - diskSetup: - description: DiskSetup specifies options for the creation of partition - tables and file systems on devices. - properties: - filesystems: - description: Filesystems specifies the list of file systems - to setup. - items: - description: Filesystem defines the file systems to be created. - properties: - device: - description: Device specifies the device name - type: string - extraOpts: - description: ExtraOpts defined extra options to add - to the command for creating the file system. - items: - type: string - type: array - filesystem: - description: Filesystem specifies the file system type. - type: string - label: - description: Label specifies the file system label to - be used. If set to None, no label is used. - type: string - overwrite: - description: |- - Overwrite defines whether or not to overwrite any existing filesystem. - If true, any pre-existing file system will be destroyed. Use with Caution. - type: boolean - partition: - description: 'Partition specifies the partition to use. - The valid options are: "auto|any", "auto", "any", - "none", and , where NUM is the actual partition - number.' - type: string - replaceFS: - description: |- - ReplaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . - NOTE: unless you define a label, this requires the use of the 'any' partition directive. - type: string - required: - - device - - filesystem - - label - type: object - type: array - partitions: - description: Partitions specifies the list of the partitions - to setup. - items: - description: Partition defines how to create and layout - a partition. - properties: - device: - description: Device is the name of the device. - type: string - layout: - description: |- - Layout specifies the device layout. - If it is true, a single partition will be created for the entire device. - When layout is false, it means don't partition or ignore existing partitioning. - type: boolean - overwrite: - description: |- - Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. - Use with caution. Default is 'false'. - type: boolean - tableType: - description: |- - TableType specifies the tupe of partition table. The following are supported: - 'mbr': default and setups a MS-DOS partition table - 'gpt': setups a GPT partition table - type: string - required: - - device - - layout - type: object - type: array - type: object - files: - description: Files specifies extra files to be passed to user_data - upon creation. - items: - description: File defines the input for generating write_files - in cloud-init. - properties: - content: - description: Content is the actual content of the file. - type: string - contentFrom: - description: ContentFrom is a referenced source of content - to populate the file. - properties: - secret: - description: Secret represents a secret that should - populate this file. - properties: - key: - description: Key is the key in the secret's data - map for this value. - type: string - name: - description: Name of the secret in the KubeadmBootstrapConfig's - namespace to use. - type: string - required: - - key - - name - type: object - required: - - secret - type: object - encoding: - description: Encoding specifies the encoding of the file - contents. - enum: - - base64 - - gzip - - gzip+base64 - type: string - owner: - description: Owner specifies the ownership of the file, - e.g. "root:root". - type: string - path: - description: Path specifies the full path on disk where - to store the file. - type: string - permissions: - description: Permissions specifies the permissions to assign - to the file, e.g. "0640". - type: string - required: - - path - type: object - type: array - format: - description: Format specifies the output format of the bootstrap - data - enum: - - cloud-config - type: string - initConfiguration: - description: InitConfiguration along with ClusterConfiguration - are the configurations necessary for the init command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - bootstrapTokens: - description: |- - BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. - This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature - items: - description: BootstrapToken describes one bootstrap token, - stored as a Secret in the cluster. - properties: - description: - description: |- - Description sets a human-friendly message why this token exists and what it's used - for, so other administrators can know its purpose. - type: string - expires: - description: |- - Expires specifies the timestamp when this token expires. Defaults to being set - dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. - format: date-time - type: string - groups: - description: |- - Groups specifies the extra groups that this token will authenticate as when/if - used for authentication - items: - type: string - type: array - token: - description: |- - Token is used for establishing bidirectional trust between nodes and control-planes. - Used for joining nodes in the cluster. - type: string - ttl: - description: |- - TTL defines the time to live for this token. Defaults to 24h. - Expires and TTL are mutually exclusive. - type: string - usages: - description: |- - Usages describes the ways in which this token can be used. Can by default be used - for establishing bidirectional trust, but that can be changed here. - items: - type: string - type: array - required: - - token - type: object - type: array - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - localAPIEndpoint: - description: |- - LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node - In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint - is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This - configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible - on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process - fails you may set the desired value here. - properties: - advertiseAddress: - description: AdvertiseAddress sets the IP address for - the API server to advertise. - type: string - bindPort: - description: |- - BindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - required: - - advertiseAddress - - bindPort - type: object - nodeRegistration: - description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: CRISocket is used to retrieve container runtime - info. This information will be annotated to the Node - API object, for later re-use - type: string - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied - to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to the - taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - type: object - joinConfiguration: - description: JoinConfiguration is the kubeadm configuration for - the join command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - caCertPath: - description: |- - CACertPath is the path to the SSL certificate authority used to - secure comunications between node and control-plane. - Defaults to "/etc/kubernetes/pki/ca.crt". - TODO: revisit when there is defaulting from k/k - type: string - controlPlane: - description: |- - ControlPlane defines the additional control plane instance to be deployed on the joining node. - If nil, no additional control plane instance will be deployed. - properties: - localAPIEndpoint: - description: LocalAPIEndpoint represents the endpoint - of the API server instance to be deployed on this node. - properties: - advertiseAddress: - description: AdvertiseAddress sets the IP address - for the API server to advertise. - type: string - bindPort: - description: |- - BindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - required: - - advertiseAddress - - bindPort - type: object - type: object - discovery: - description: |- - Discovery specifies the options for the kubelet to use during the TLS Bootstrap process - TODO: revisit when there is defaulting from k/k - properties: - bootstrapToken: - description: |- - BootstrapToken is used to set the options for bootstrap token based discovery - BootstrapToken and File are mutually exclusive - properties: - apiServerEndpoint: - description: APIServerEndpoint is an IP or domain - name to the API server from which info will be fetched. - type: string - caCertHashes: - description: |- - CACertHashes specifies a set of public key pins to verify - when token-based discovery is used. The root CA found during discovery - must match one of these values. Specifying an empty set disables root CA - pinning, which can be unsafe. Each hash is specified as ":", - where the only currently supported type is "sha256". This is a hex-encoded - SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded - ASN.1. These hashes can be calculated using, for example, OpenSSL: - openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex - items: - type: string - type: array - token: - description: |- - Token is a token used to validate cluster information - fetched from the control-plane. - type: string - unsafeSkipCAVerification: - description: |- - UnsafeSkipCAVerification allows token-based discovery - without CA verification via CACertHashes. This can weaken - the security of kubeadm since other nodes can impersonate the control-plane. - type: boolean - required: - - token - - unsafeSkipCAVerification - type: object - file: - description: |- - File is used to specify a file or URL to a kubeconfig file from which to load cluster information - BootstrapToken and File are mutually exclusive - properties: - kubeConfigPath: - description: KubeConfigPath is used to specify the - actual file path or URL to the kubeconfig file from - which to load cluster information - type: string - required: - - kubeConfigPath - type: object - timeout: - description: Timeout modifies the discovery timeout - type: string - tlsBootstrapToken: - description: |- - TLSBootstrapToken is a token used for TLS bootstrapping. - If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. - If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information - TODO: revisit when there is defaulting from k/k - type: string - type: object - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - nodeRegistration: - description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: CRISocket is used to retrieve container runtime - info. This information will be annotated to the Node - API object, for later re-use - type: string - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied - to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to the - taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - type: object - mounts: - description: Mounts specifies a list of mount points to be setup. - items: - description: MountPoints defines input for generated mounts - in cloud-init. - items: - type: string - type: array - type: array - ntp: - description: NTP specifies NTP configuration - properties: - enabled: - description: Enabled specifies whether NTP should be enabled - type: boolean - servers: - description: Servers specifies which NTP servers to use - items: - type: string - type: array - type: object - postKubeadmCommands: - description: PostKubeadmCommands specifies extra commands to run - after kubeadm runs - items: - type: string - type: array - preKubeadmCommands: - description: PreKubeadmCommands specifies extra commands to run - before kubeadm runs - items: - type: string - type: array - useExperimentalRetryJoin: - description: |- - UseExperimentalRetryJoin replaces a basic kubeadm command with a shell - script with retries for joins. - - - This is meant to be an experimental temporary workaround on some environments - where joins fail due to timing (and other issues). The long term goal is to add retries to - kubeadm proper and use that functionality. - - - This will add about 40KB to userdata - - - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. - type: boolean - users: - description: Users specifies extra users to add - items: - description: User defines the input for a generated user in - cloud-init. - properties: - gecos: - description: Gecos specifies the gecos to use for the user - type: string - groups: - description: Groups specifies the additional groups for - the user - type: string - homeDir: - description: HomeDir specifies the home directory to use - for the user - type: string - inactive: - description: Inactive specifies whether to mark the user - as inactive - type: boolean - lockPassword: - description: LockPassword specifies if password login should - be disabled - type: boolean - name: - description: Name specifies the user name - type: string - passwd: - description: Passwd specifies a hashed password for the - user - type: string - primaryGroup: - description: PrimaryGroup specifies the primary group for - the user - type: string - shell: - description: Shell specifies the user's shell - type: string - sshAuthorizedKeys: - description: SSHAuthorizedKeys specifies a list of ssh authorized - keys for the user - items: - type: string - type: array - sudo: - description: Sudo specifies a sudo role for the user - type: string - required: - - name - type: object - type: array - verbosity: - description: |- - Verbosity is the number for the kubeadm log level verbosity. - It overrides the `--v` flag in kubeadm commands. - format: int32 - type: integer - type: object - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - replicas: - description: |- - Number of desired machines. Defaults to 1. When stacked etcd is used only - odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). - This is a pointer to distinguish between explicit zero and not specified. - format: int32 - type: integer - rolloutStrategy: - description: |- - The RolloutStrategy to use to replace control plane machines with - new ones. - properties: - rollingUpdate: - description: |- - Rolling update config params. Present only if - RolloutStrategyType = RollingUpdate. - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of control planes that can be scheduled above or under the - desired number of control planes. - Value can be an absolute number 1 or 0. - Defaults to 1. - Example: when this is set to 1, the control plane can be scaled - up immediately when the rolling update starts. - x-kubernetes-int-or-string: true - type: object - type: - description: |- - Type of rollout. Currently the only supported strategy is - "RollingUpdate". - Default is RollingUpdate. - type: string - type: object - upgradeAfter: - description: |- - UpgradeAfter is a field to indicate an upgrade should be performed - after the specified time even if no changes have been made to the - KubeadmControlPlane - format: date-time - type: string - version: - description: Version defines the desired Kubernetes version. - type: string - required: - - infrastructureTemplate - - kubeadmConfigSpec - - version - type: object - status: - description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane. - properties: - conditions: - description: Conditions defines current service state of the KubeadmControlPlane. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - failureMessage: - description: |- - ErrorMessage indicates that there is a terminal problem reconciling the - state, and will be set to a descriptive error message. - type: string - failureReason: - description: |- - FailureReason indicates that there is a terminal problem reconciling the - state, and will be set to a token value suitable for - programmatic interpretation. - type: string - initialized: - description: |- - Initialized denotes whether or not the control plane has the - uploaded kubeadm-config configmap. - type: boolean - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - ready: - description: |- - Ready denotes that the KubeadmControlPlane API Server is ready to - receive requests. - type: boolean - readyReplicas: - description: Total number of fully running and ready control plane - machines. - format: int32 - type: integer - replicas: - description: |- - Total number of non-terminated machines targeted by this control plane - (their labels match the selector). - format: int32 - type: integer - selector: - description: |- - Selector is the label selector in string format to avoid introspection - by clients, and is used to provide the CRD-based integration for the - scale subresource and additional integrations for things like kubectl - describe.. The string will be in the same format as the query-param syntax. - More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors - type: string - unavailableReplicas: - description: |- - Total number of unavailable machines targeted by this control plane. - This is the total number of machines that are still required for - the deployment to have 100% available capacity. They may either - be machines that are running but not yet ready or machines - that still have not been created. - format: int32 - type: integer - updatedReplicas: - description: |- - Total number of non-terminated machines targeted by this control plane - that have the desired template spec. - format: int32 - type: integer - type: object - type: object - served: false - storage: false - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - - additionalPrinterColumns: - - description: Time duration since creation of KubeadmControlPlane - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: This denotes whether or not the control plane has the uploaded - kubeadm-config configmap - jsonPath: .status.initialized - name: Initialized - type: boolean - - description: KubeadmControlPlane API Server is ready to receive requests - jsonPath: .status.ready - name: API Server Available - type: boolean - - description: Kubernetes version associated with this control plane - jsonPath: .spec.version - name: Version - type: string - - description: Total number of non-terminated machines targeted by this control - plane - jsonPath: .status.replicas - name: Replicas - type: integer - - description: Total number of fully running and ready control plane machines - jsonPath: .status.readyReplicas - name: Ready - type: integer - - description: Total number of non-terminated machines targeted by this control - plane that have the desired template spec - jsonPath: .status.updatedReplicas - name: Updated - type: integer - - description: Total number of unavailable machines targeted by this control plane - jsonPath: .status.unavailableReplicas - name: Unavailable - type: integer - deprecated: true - name: v1alpha4 - schema: - openAPIV3Schema: - description: |- - KubeadmControlPlane is the Schema for the KubeadmControlPlane API. - - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane. - properties: - kubeadmConfigSpec: - description: |- - KubeadmConfigSpec is a KubeadmConfigSpec - to use for initializing and joining machines to the control plane. - properties: - clusterConfiguration: - description: ClusterConfiguration along with InitConfiguration - are the configurations necessary for the init command - properties: - apiServer: - description: APIServer contains extra settings for the API - server control plane component - properties: - certSANs: - description: CertSANs sets extra Subject Alternative Names - for the API Server signing cert. - items: - type: string - type: array - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the pod - where hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access to the - volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - timeoutForControlPlane: - description: TimeoutForControlPlane controls the timeout - that we use for API server to appear - type: string - type: object - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - certificatesDir: - description: |- - CertificatesDir specifies where to store or look for all required certificates. - NB: if not provided, this will default to `/etc/kubernetes/pki` - type: string - clusterName: - description: The cluster name - type: string - controlPlaneEndpoint: - description: |- - ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it - can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. - In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort - are used; in case the ControlPlaneEndpoint is specified but without a TCP port, - the BindPort is used. - Possible usages are: - e.g. In a cluster with more than one control plane instances, this field should be - assigned the address of the external load balancer in front of the - control plane instances. - e.g. in environments with enforced node recycling, the ControlPlaneEndpoint - could be used for assigning a stable DNS to the control plane. - NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. - type: string - controllerManager: - description: ControllerManager contains extra settings for - the controller manager control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the pod - where hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access to the - volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - dns: - description: DNS defines the options for the DNS add-on installed - in the cluster. - properties: - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - ImageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - type: object - etcd: - description: |- - Etcd holds configuration for etcd. - NB: This value defaults to a Local (stacked) etcd - properties: - external: - description: |- - External describes how to connect to an external etcd cluster - Local and External are mutually exclusive - properties: - caFile: - description: |- - CAFile is an SSL Certificate Authority file used to secure etcd communication. - Required if using a TLS connection. - type: string - certFile: - description: |- - CertFile is an SSL certification file used to secure etcd communication. - Required if using a TLS connection. - type: string - endpoints: - description: Endpoints of etcd members. Required for - ExternalEtcd. - items: - type: string - type: array - keyFile: - description: |- - KeyFile is an SSL key file used to secure etcd communication. - Required if using a TLS connection. - type: string - required: - - caFile - - certFile - - endpoints - - keyFile - type: object - local: - description: |- - Local provides configuration knobs for configuring the local etcd instance - Local and External are mutually exclusive - properties: - dataDir: - description: |- - DataDir is the directory etcd will place its data. - Defaults to "/var/lib/etcd". - type: string - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs are extra arguments provided to the etcd binary - when run inside a static pod. - type: object - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - ImageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - peerCertSANs: - description: PeerCertSANs sets extra Subject Alternative - Names for the etcd peer signing cert. - items: - type: string - type: array - serverCertSANs: - description: ServerCertSANs sets extra Subject Alternative - Names for the etcd server signing cert. - items: - type: string - type: array - type: object - type: object - featureGates: - additionalProperties: - type: boolean - description: FeatureGates enabled by the user. - type: object - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - If empty, `registry.k8s.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) - `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `registry.k8s.io` - will be used for all the other images. - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - kubernetesVersion: - description: |- - KubernetesVersion is the target version of the control plane. - NB: This value defaults to the Machine object spec.version - type: string - networking: - description: |- - Networking holds configuration for the networking topology of the cluster. - NB: This value defaults to the Cluster object spec.clusterNetwork. - properties: - dnsDomain: - description: DNSDomain is the dns domain used by k8s services. - Defaults to "cluster.local". - type: string - podSubnet: - description: |- - PodSubnet is the subnet used by pods. - If unset, the API server will not allocate CIDR ranges for every node. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set - type: string - serviceSubnet: - description: |- - ServiceSubnet is the subnet used by k8s services. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or - to "10.96.0.0/12" if that's unset. - type: string - type: object - scheduler: - description: Scheduler contains extra settings for the scheduler - control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the pod - where hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access to the - volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - type: object - diskSetup: - description: DiskSetup specifies options for the creation of partition - tables and file systems on devices. - properties: - filesystems: - description: Filesystems specifies the list of file systems - to setup. - items: - description: Filesystem defines the file systems to be created. - properties: - device: - description: Device specifies the device name - type: string - extraOpts: - description: ExtraOpts defined extra options to add - to the command for creating the file system. - items: - type: string - type: array - filesystem: - description: Filesystem specifies the file system type. - type: string - label: - description: Label specifies the file system label to - be used. If set to None, no label is used. - type: string - overwrite: - description: |- - Overwrite defines whether or not to overwrite any existing filesystem. - If true, any pre-existing file system will be destroyed. Use with Caution. - type: boolean - partition: - description: 'Partition specifies the partition to use. - The valid options are: "auto|any", "auto", "any", - "none", and , where NUM is the actual partition - number.' - type: string - replaceFS: - description: |- - ReplaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . - NOTE: unless you define a label, this requires the use of the 'any' partition directive. - type: string - required: - - device - - filesystem - - label - type: object - type: array - partitions: - description: Partitions specifies the list of the partitions - to setup. - items: - description: Partition defines how to create and layout - a partition. - properties: - device: - description: Device is the name of the device. - type: string - layout: - description: |- - Layout specifies the device layout. - If it is true, a single partition will be created for the entire device. - When layout is false, it means don't partition or ignore existing partitioning. - type: boolean - overwrite: - description: |- - Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. - Use with caution. Default is 'false'. - type: boolean - tableType: - description: |- - TableType specifies the tupe of partition table. The following are supported: - 'mbr': default and setups a MS-DOS partition table - 'gpt': setups a GPT partition table - type: string - required: - - device - - layout - type: object - type: array - type: object - files: - description: Files specifies extra files to be passed to user_data - upon creation. - items: - description: File defines the input for generating write_files - in cloud-init. - properties: - content: - description: Content is the actual content of the file. - type: string - contentFrom: - description: ContentFrom is a referenced source of content - to populate the file. - properties: - secret: - description: Secret represents a secret that should - populate this file. - properties: - key: - description: Key is the key in the secret's data - map for this value. - type: string - name: - description: Name of the secret in the KubeadmBootstrapConfig's - namespace to use. - type: string - required: - - key - - name - type: object - required: - - secret - type: object - encoding: - description: Encoding specifies the encoding of the file - contents. - enum: - - base64 - - gzip - - gzip+base64 - type: string - owner: - description: Owner specifies the ownership of the file, - e.g. "root:root". - type: string - path: - description: Path specifies the full path on disk where - to store the file. - type: string - permissions: - description: Permissions specifies the permissions to assign - to the file, e.g. "0640". - type: string - required: - - path - type: object - type: array - format: - description: Format specifies the output format of the bootstrap - data - enum: - - cloud-config - type: string - initConfiguration: - description: InitConfiguration along with ClusterConfiguration - are the configurations necessary for the init command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - bootstrapTokens: - description: |- - BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. - This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature - items: - description: BootstrapToken describes one bootstrap token, - stored as a Secret in the cluster. - properties: - description: - description: |- - Description sets a human-friendly message why this token exists and what it's used - for, so other administrators can know its purpose. - type: string - expires: - description: |- - Expires specifies the timestamp when this token expires. Defaults to being set - dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. - format: date-time - type: string - groups: - description: |- - Groups specifies the extra groups that this token will authenticate as when/if - used for authentication - items: - type: string - type: array - token: - description: |- - Token is used for establishing bidirectional trust between nodes and control-planes. - Used for joining nodes in the cluster. - type: string - ttl: - description: |- - TTL defines the time to live for this token. Defaults to 24h. - Expires and TTL are mutually exclusive. - type: string - usages: - description: |- - Usages describes the ways in which this token can be used. Can by default be used - for establishing bidirectional trust, but that can be changed here. - items: - type: string - type: array - required: - - token - type: object - type: array - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - localAPIEndpoint: - description: |- - LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node - In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint - is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This - configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible - on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process - fails you may set the desired value here. - properties: - advertiseAddress: - description: AdvertiseAddress sets the IP address for - the API server to advertise. - type: string - bindPort: - description: |- - BindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - nodeRegistration: - description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: CRISocket is used to retrieve container runtime - info. This information will be annotated to the Node - API object, for later re-use - type: string - ignorePreflightErrors: - description: IgnorePreflightErrors provides a slice of - pre-flight errors to be ignored when the current node - is registered. - items: - type: string - type: array - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied - to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to the - taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - type: object - joinConfiguration: - description: JoinConfiguration is the kubeadm configuration for - the join command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - caCertPath: - description: |- - CACertPath is the path to the SSL certificate authority used to - secure comunications between node and control-plane. - Defaults to "/etc/kubernetes/pki/ca.crt". - TODO: revisit when there is defaulting from k/k - type: string - controlPlane: - description: |- - ControlPlane defines the additional control plane instance to be deployed on the joining node. - If nil, no additional control plane instance will be deployed. - properties: - localAPIEndpoint: - description: LocalAPIEndpoint represents the endpoint - of the API server instance to be deployed on this node. - properties: - advertiseAddress: - description: AdvertiseAddress sets the IP address - for the API server to advertise. - type: string - bindPort: - description: |- - BindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - type: object - discovery: - description: |- - Discovery specifies the options for the kubelet to use during the TLS Bootstrap process - TODO: revisit when there is defaulting from k/k - properties: - bootstrapToken: - description: |- - BootstrapToken is used to set the options for bootstrap token based discovery - BootstrapToken and File are mutually exclusive - properties: - apiServerEndpoint: - description: APIServerEndpoint is an IP or domain - name to the API server from which info will be fetched. - type: string - caCertHashes: - description: |- - CACertHashes specifies a set of public key pins to verify - when token-based discovery is used. The root CA found during discovery - must match one of these values. Specifying an empty set disables root CA - pinning, which can be unsafe. Each hash is specified as ":", - where the only currently supported type is "sha256". This is a hex-encoded - SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded - ASN.1. These hashes can be calculated using, for example, OpenSSL: - openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex - items: - type: string - type: array - token: - description: |- - Token is a token used to validate cluster information - fetched from the control-plane. - type: string - unsafeSkipCAVerification: - description: |- - UnsafeSkipCAVerification allows token-based discovery - without CA verification via CACertHashes. This can weaken - the security of kubeadm since other nodes can impersonate the control-plane. - type: boolean - required: - - token - type: object - file: - description: |- - File is used to specify a file or URL to a kubeconfig file from which to load cluster information - BootstrapToken and File are mutually exclusive - properties: - kubeConfigPath: - description: KubeConfigPath is used to specify the - actual file path or URL to the kubeconfig file from - which to load cluster information - type: string - required: - - kubeConfigPath - type: object - timeout: - description: Timeout modifies the discovery timeout - type: string - tlsBootstrapToken: - description: |- - TLSBootstrapToken is a token used for TLS bootstrapping. - If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. - If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information - type: string - type: object - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - nodeRegistration: - description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: CRISocket is used to retrieve container runtime - info. This information will be annotated to the Node - API object, for later re-use - type: string - ignorePreflightErrors: - description: IgnorePreflightErrors provides a slice of - pre-flight errors to be ignored when the current node - is registered. - items: - type: string - type: array - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied - to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to the - taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - type: object - mounts: - description: Mounts specifies a list of mount points to be setup. - items: - description: MountPoints defines input for generated mounts - in cloud-init. - items: - type: string - type: array - type: array - ntp: - description: NTP specifies NTP configuration - properties: - enabled: - description: Enabled specifies whether NTP should be enabled - type: boolean - servers: - description: Servers specifies which NTP servers to use - items: - type: string - type: array - type: object - postKubeadmCommands: - description: PostKubeadmCommands specifies extra commands to run - after kubeadm runs - items: - type: string - type: array - preKubeadmCommands: - description: PreKubeadmCommands specifies extra commands to run - before kubeadm runs - items: - type: string - type: array - useExperimentalRetryJoin: - description: |- - UseExperimentalRetryJoin replaces a basic kubeadm command with a shell - script with retries for joins. - - - This is meant to be an experimental temporary workaround on some environments - where joins fail due to timing (and other issues). The long term goal is to add retries to - kubeadm proper and use that functionality. - - - This will add about 40KB to userdata - - - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. - type: boolean - users: - description: Users specifies extra users to add - items: - description: User defines the input for a generated user in - cloud-init. - properties: - gecos: - description: Gecos specifies the gecos to use for the user - type: string - groups: - description: Groups specifies the additional groups for - the user - type: string - homeDir: - description: HomeDir specifies the home directory to use - for the user - type: string - inactive: - description: Inactive specifies whether to mark the user - as inactive - type: boolean - lockPassword: - description: LockPassword specifies if password login should - be disabled - type: boolean - name: - description: Name specifies the user name - type: string - passwd: - description: Passwd specifies a hashed password for the - user - type: string - primaryGroup: - description: PrimaryGroup specifies the primary group for - the user - type: string - shell: - description: Shell specifies the user's shell - type: string - sshAuthorizedKeys: - description: SSHAuthorizedKeys specifies a list of ssh authorized - keys for the user - items: - type: string - type: array - sudo: - description: Sudo specifies a sudo role for the user - type: string - required: - - name - type: object - type: array - verbosity: - description: |- - Verbosity is the number for the kubeadm log level verbosity. - It overrides the `--v` flag in kubeadm commands. - format: int32 - type: integer - type: object - machineTemplate: - description: |- - MachineTemplate contains information about how machines - should be shaped when creating or updating a control plane. - properties: - infrastructureRef: - description: |- - InfrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - required: - - infrastructureRef - type: object - replicas: - description: |- - Number of desired machines. Defaults to 1. When stacked etcd is used only - odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). - This is a pointer to distinguish between explicit zero and not specified. - format: int32 - type: integer - rolloutAfter: - description: |- - RolloutAfter is a field to indicate a rollout should be performed - after the specified time even if no changes have been made to the - KubeadmControlPlane. - format: date-time - type: string - rolloutStrategy: - default: - rollingUpdate: - maxSurge: 1 - type: RollingUpdate - description: |- - The RolloutStrategy to use to replace control plane machines with - new ones. - properties: - rollingUpdate: - description: |- - Rolling update config params. Present only if - RolloutStrategyType = RollingUpdate. - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of control planes that can be scheduled above or under the - desired number of control planes. - Value can be an absolute number 1 or 0. - Defaults to 1. - Example: when this is set to 1, the control plane can be scaled - up immediately when the rolling update starts. - x-kubernetes-int-or-string: true - type: object - type: - description: |- - Type of rollout. Currently the only supported strategy is - "RollingUpdate". - Default is RollingUpdate. - type: string - type: object - version: - description: Version defines the desired Kubernetes version. - type: string - required: - - kubeadmConfigSpec - - machineTemplate - - version - type: object - status: - description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane. - properties: - conditions: - description: Conditions defines current service state of the KubeadmControlPlane. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - failureMessage: - description: |- - ErrorMessage indicates that there is a terminal problem reconciling the - state, and will be set to a descriptive error message. - type: string - failureReason: - description: |- - FailureReason indicates that there is a terminal problem reconciling the - state, and will be set to a token value suitable for - programmatic interpretation. - type: string - initialized: - description: |- - Initialized denotes whether or not the control plane has the - uploaded kubeadm-config configmap. - type: boolean - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - ready: - description: |- - Ready denotes that the KubeadmControlPlane API Server is ready to - receive requests. - type: boolean - readyReplicas: - description: Total number of fully running and ready control plane - machines. - format: int32 - type: integer - replicas: - description: |- - Total number of non-terminated machines targeted by this control plane - (their labels match the selector). - format: int32 - type: integer - selector: - description: |- - Selector is the label selector in string format to avoid introspection - by clients, and is used to provide the CRD-based integration for the - scale subresource and additional integrations for things like kubectl - describe.. The string will be in the same format as the query-param syntax. - More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors - type: string - unavailableReplicas: - description: |- - Total number of unavailable machines targeted by this control plane. - This is the total number of machines that are still required for - the deployment to have 100% available capacity. They may either - be machines that are running but not yet ready or machines - that still have not been created. - format: int32 - type: integer - updatedReplicas: - description: |- - Total number of non-terminated machines targeted by this control plane - that have the desired template spec. - format: int32 - type: integer - version: - description: |- - Version represents the minimum Kubernetes version for the control plane machines - in the cluster. - type: string - type: object - type: object - served: false - storage: false - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - - additionalPrinterColumns: - - description: Cluster - jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name'] - name: Cluster - type: string - - description: This denotes whether or not the control plane has the uploaded - kubeadm-config configmap - jsonPath: .status.initialized - name: Initialized - type: boolean - - description: KubeadmControlPlane API Server is ready to receive requests - jsonPath: .status.ready - name: API Server Available - type: boolean - - description: Total number of machines desired by this control plane - jsonPath: .spec.replicas - name: Desired - priority: 10 - type: integer - - description: Total number of non-terminated machines targeted by this control - plane - jsonPath: .status.replicas - name: Replicas - type: integer - - description: Total number of fully running and ready control plane machines - jsonPath: .status.readyReplicas - name: Ready - type: integer - - description: Total number of non-terminated machines targeted by this control - plane that have the desired template spec - jsonPath: .status.updatedReplicas - name: Updated - type: integer - - description: Total number of unavailable machines targeted by this control plane - jsonPath: .status.unavailableReplicas - name: Unavailable - type: integer - - description: Time duration since creation of KubeadmControlPlane - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Kubernetes version associated with this control plane - jsonPath: .spec.version - name: Version - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: KubeadmControlPlane is the Schema for the KubeadmControlPlane - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane. - properties: - kubeadmConfigSpec: - description: |- - KubeadmConfigSpec is a KubeadmConfigSpec - to use for initializing and joining machines to the control plane. - properties: - clusterConfiguration: - description: ClusterConfiguration along with InitConfiguration - are the configurations necessary for the init command - properties: - apiServer: - description: APIServer contains extra settings for the API - server control plane component - properties: - certSANs: - description: CertSANs sets extra Subject Alternative Names - for the API Server signing cert. - items: - type: string - type: array - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the pod - where hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access to the - volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - timeoutForControlPlane: - description: TimeoutForControlPlane controls the timeout - that we use for API server to appear - type: string - type: object - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - certificatesDir: - description: |- - CertificatesDir specifies where to store or look for all required certificates. - NB: if not provided, this will default to `/etc/kubernetes/pki` - type: string - clusterName: - description: The cluster name - type: string - controlPlaneEndpoint: - description: |- - ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it - can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. - In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort - are used; in case the ControlPlaneEndpoint is specified but without a TCP port, - the BindPort is used. - Possible usages are: - e.g. In a cluster with more than one control plane instances, this field should be - assigned the address of the external load balancer in front of the - control plane instances. - e.g. in environments with enforced node recycling, the ControlPlaneEndpoint - could be used for assigning a stable DNS to the control plane. - NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. - type: string - controllerManager: - description: ControllerManager contains extra settings for - the controller manager control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the pod - where hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access to the - volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - dns: - description: DNS defines the options for the DNS add-on installed - in the cluster. - properties: - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - ImageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - type: object - etcd: - description: |- - Etcd holds configuration for etcd. - NB: This value defaults to a Local (stacked) etcd - properties: - external: - description: |- - External describes how to connect to an external etcd cluster - Local and External are mutually exclusive - properties: - caFile: - description: |- - CAFile is an SSL Certificate Authority file used to secure etcd communication. - Required if using a TLS connection. - type: string - certFile: - description: |- - CertFile is an SSL certification file used to secure etcd communication. - Required if using a TLS connection. - type: string - endpoints: - description: Endpoints of etcd members. Required for - ExternalEtcd. - items: - type: string - type: array - keyFile: - description: |- - KeyFile is an SSL key file used to secure etcd communication. - Required if using a TLS connection. - type: string - required: - - caFile - - certFile - - endpoints - - keyFile - type: object - local: - description: |- - Local provides configuration knobs for configuring the local etcd instance - Local and External are mutually exclusive - properties: - dataDir: - description: |- - DataDir is the directory etcd will place its data. - Defaults to "/var/lib/etcd". - type: string - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs are extra arguments provided to the etcd binary - when run inside a static pod. - type: object - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - ImageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - peerCertSANs: - description: PeerCertSANs sets extra Subject Alternative - Names for the etcd peer signing cert. - items: - type: string - type: array - serverCertSANs: - description: ServerCertSANs sets extra Subject Alternative - Names for the etcd server signing cert. - items: - type: string - type: array - type: object - type: object - featureGates: - additionalProperties: - type: boolean - description: FeatureGates enabled by the user. - type: object - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - * If not set, the default registry of kubeadm will be used, i.e. - * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 - * k8s.gcr.io (old registry): all older versions - Please note that when imageRepository is not set we don't allow upgrades to - versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use - a newer patch version with the new registry instead (i.e. >= v1.22.17, - >= v1.23.15, >= v1.24.9, >= v1.25.0). - * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) - `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components - and for kube-proxy, while `registry.k8s.io` will be used for all the other images. - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - kubernetesVersion: - description: |- - KubernetesVersion is the target version of the control plane. - NB: This value defaults to the Machine object spec.version - type: string - networking: - description: |- - Networking holds configuration for the networking topology of the cluster. - NB: This value defaults to the Cluster object spec.clusterNetwork. - properties: - dnsDomain: - description: DNSDomain is the dns domain used by k8s services. - Defaults to "cluster.local". - type: string - podSubnet: - description: |- - PodSubnet is the subnet used by pods. - If unset, the API server will not allocate CIDR ranges for every node. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set - type: string - serviceSubnet: - description: |- - ServiceSubnet is the subnet used by k8s services. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or - to "10.96.0.0/12" if that's unset. - type: string - type: object - scheduler: - description: Scheduler contains extra settings for the scheduler - control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the pod - where hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access to the - volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - type: object - diskSetup: - description: DiskSetup specifies options for the creation of partition - tables and file systems on devices. - properties: - filesystems: - description: Filesystems specifies the list of file systems - to setup. - items: - description: Filesystem defines the file systems to be created. - properties: - device: - description: Device specifies the device name - type: string - extraOpts: - description: ExtraOpts defined extra options to add - to the command for creating the file system. - items: - type: string - type: array - filesystem: - description: Filesystem specifies the file system type. - type: string - label: - description: Label specifies the file system label to - be used. If set to None, no label is used. - type: string - overwrite: - description: |- - Overwrite defines whether or not to overwrite any existing filesystem. - If true, any pre-existing file system will be destroyed. Use with Caution. - type: boolean - partition: - description: 'Partition specifies the partition to use. - The valid options are: "auto|any", "auto", "any", - "none", and , where NUM is the actual partition - number.' - type: string - replaceFS: - description: |- - ReplaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . - NOTE: unless you define a label, this requires the use of the 'any' partition directive. - type: string - required: - - device - - filesystem - - label - type: object - type: array - partitions: - description: Partitions specifies the list of the partitions - to setup. - items: - description: Partition defines how to create and layout - a partition. - properties: - device: - description: Device is the name of the device. - type: string - layout: - description: |- - Layout specifies the device layout. - If it is true, a single partition will be created for the entire device. - When layout is false, it means don't partition or ignore existing partitioning. - type: boolean - overwrite: - description: |- - Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. - Use with caution. Default is 'false'. - type: boolean - tableType: - description: |- - TableType specifies the tupe of partition table. The following are supported: - 'mbr': default and setups a MS-DOS partition table - 'gpt': setups a GPT partition table - type: string - required: - - device - - layout - type: object - type: array - type: object - files: - description: Files specifies extra files to be passed to user_data - upon creation. - items: - description: File defines the input for generating write_files - in cloud-init. - properties: - append: - description: Append specifies whether to append Content - to existing file if Path exists. - type: boolean - content: - description: Content is the actual content of the file. - type: string - contentFrom: - description: ContentFrom is a referenced source of content - to populate the file. - properties: - secret: - description: Secret represents a secret that should - populate this file. - properties: - key: - description: Key is the key in the secret's data - map for this value. - type: string - name: - description: Name of the secret in the KubeadmBootstrapConfig's - namespace to use. - type: string - required: - - key - - name - type: object - required: - - secret - type: object - encoding: - description: Encoding specifies the encoding of the file - contents. - enum: - - base64 - - gzip - - gzip+base64 - type: string - owner: - description: Owner specifies the ownership of the file, - e.g. "root:root". - type: string - path: - description: Path specifies the full path on disk where - to store the file. - type: string - permissions: - description: Permissions specifies the permissions to assign - to the file, e.g. "0640". - type: string - required: - - path - type: object - type: array - format: - description: Format specifies the output format of the bootstrap - data - enum: - - cloud-config - - ignition - type: string - ignition: - description: Ignition contains Ignition specific configuration. - properties: - containerLinuxConfig: - description: ContainerLinuxConfig contains CLC specific configuration. - properties: - additionalConfig: - description: |- - AdditionalConfig contains additional configuration to be merged with the Ignition - configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging - - - The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ - type: string - strict: - description: Strict controls if AdditionalConfig should - be strictly parsed. If so, warnings are treated as errors. - type: boolean - type: object - type: object - initConfiguration: - description: InitConfiguration along with ClusterConfiguration - are the configurations necessary for the init command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - bootstrapTokens: - description: |- - BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. - This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature - items: - description: BootstrapToken describes one bootstrap token, - stored as a Secret in the cluster. - properties: - description: - description: |- - Description sets a human-friendly message why this token exists and what it's used - for, so other administrators can know its purpose. - type: string - expires: - description: |- - Expires specifies the timestamp when this token expires. Defaults to being set - dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. - format: date-time - type: string - groups: - description: |- - Groups specifies the extra groups that this token will authenticate as when/if - used for authentication - items: - type: string - type: array - token: - description: |- - Token is used for establishing bidirectional trust between nodes and control-planes. - Used for joining nodes in the cluster. - type: string - ttl: - description: |- - TTL defines the time to live for this token. Defaults to 24h. - Expires and TTL are mutually exclusive. - type: string - usages: - description: |- - Usages describes the ways in which this token can be used. Can by default be used - for establishing bidirectional trust, but that can be changed here. - items: - type: string - type: array - required: - - token - type: object - type: array - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - localAPIEndpoint: - description: |- - LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node - In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint - is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This - configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible - on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process - fails you may set the desired value here. - properties: - advertiseAddress: - description: AdvertiseAddress sets the IP address for - the API server to advertise. - type: string - bindPort: - description: |- - BindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - nodeRegistration: - description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: CRISocket is used to retrieve container runtime - info. This information will be annotated to the Node - API object, for later re-use - type: string - ignorePreflightErrors: - description: IgnorePreflightErrors provides a slice of - pre-flight errors to be ignored when the current node - is registered. - items: - type: string - type: array - imagePullPolicy: - description: |- - ImagePullPolicy specifies the policy for image pulling - during kubeadm "init" and "join" operations. The value of - this field must be one of "Always", "IfNotPresent" or - "Never". Defaults to "IfNotPresent". This can be used only - with Kubernetes version equal to 1.22 and later. - enum: - - Always - - IfNotPresent - - Never - type: string - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied - to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to the - taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - patches: - description: |- - Patches contains options related to applying patches to components deployed by kubeadm during - "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22 - properties: - directory: - description: |- - Directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". - For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of - "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one - of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. - The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". - "suffix" is an optional string that can be used to determine which patches are applied - first alpha-numerically. - These files can be written into the target directory via KubeadmConfig.Files which - specifies additional files to be created on the machine, either with content inline or - by referencing a secret. - type: string - type: object - skipPhases: - description: |- - SkipPhases is a list of phases to skip during command execution. - The list of phases can be obtained with the "kubeadm init --help" command. - This option takes effect only on Kubernetes >=1.22.0. - items: - type: string - type: array - type: object - joinConfiguration: - description: JoinConfiguration is the kubeadm configuration for - the join command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - caCertPath: - description: |- - CACertPath is the path to the SSL certificate authority used to - secure comunications between node and control-plane. - Defaults to "/etc/kubernetes/pki/ca.crt". - TODO: revisit when there is defaulting from k/k - type: string - controlPlane: - description: |- - ControlPlane defines the additional control plane instance to be deployed on the joining node. - If nil, no additional control plane instance will be deployed. - properties: - localAPIEndpoint: - description: LocalAPIEndpoint represents the endpoint - of the API server instance to be deployed on this node. - properties: - advertiseAddress: - description: AdvertiseAddress sets the IP address - for the API server to advertise. - type: string - bindPort: - description: |- - BindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - type: object - discovery: - description: |- - Discovery specifies the options for the kubelet to use during the TLS Bootstrap process - TODO: revisit when there is defaulting from k/k - properties: - bootstrapToken: - description: |- - BootstrapToken is used to set the options for bootstrap token based discovery - BootstrapToken and File are mutually exclusive - properties: - apiServerEndpoint: - description: APIServerEndpoint is an IP or domain - name to the API server from which info will be fetched. - type: string - caCertHashes: - description: |- - CACertHashes specifies a set of public key pins to verify - when token-based discovery is used. The root CA found during discovery - must match one of these values. Specifying an empty set disables root CA - pinning, which can be unsafe. Each hash is specified as ":", - where the only currently supported type is "sha256". This is a hex-encoded - SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded - ASN.1. These hashes can be calculated using, for example, OpenSSL: - openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex - items: - type: string - type: array - token: - description: |- - Token is a token used to validate cluster information - fetched from the control-plane. - type: string - unsafeSkipCAVerification: - description: |- - UnsafeSkipCAVerification allows token-based discovery - without CA verification via CACertHashes. This can weaken - the security of kubeadm since other nodes can impersonate the control-plane. - type: boolean - required: - - token - type: object - file: - description: |- - File is used to specify a file or URL to a kubeconfig file from which to load cluster information - BootstrapToken and File are mutually exclusive - properties: - kubeConfig: - description: |- - KubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information. - The file is generated at the path specified in KubeConfigPath. - - - Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint. - Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret. - properties: - cluster: - description: |- - Cluster contains information about how to communicate with the kubernetes cluster. - - - By default the following fields are automatically populated: - - Server with the Cluster's ControlPlaneEndpoint. - - CertificateAuthorityData with the Cluster's CA certificate. - properties: - certificateAuthorityData: - description: |- - CertificateAuthorityData contains PEM-encoded certificate authority certificates. - - - Defaults to the Cluster's CA certificate if empty. - format: byte - type: string - insecureSkipTLSVerify: - description: InsecureSkipTLSVerify skips the - validity check for the server's certificate. - This will make your HTTPS connections insecure. - type: boolean - proxyURL: - description: |- - ProxyURL is the URL to the proxy to be used for all requests made by this - client. URLs with "http", "https", and "socks5" schemes are supported. If - this configuration is not provided or the empty string, the client - attempts to construct a proxy configuration from http_proxy and - https_proxy environment variables. If these environment variables are not - set, the client does not attempt to proxy requests. - - - socks5 proxying does not currently support spdy streaming endpoints (exec, - attach, port forward). - type: string - server: - description: |- - Server is the address of the kubernetes cluster (https://hostname:port). - - - Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint. - type: string - tlsServerName: - description: TLSServerName is used to check - server certificate. If TLSServerName is - empty, the hostname used to contact the - server is used. - type: string - type: object - user: - description: |- - User contains information that describes identity information. - This is used to tell the kubernetes cluster who you are. - properties: - authProvider: - description: AuthProvider specifies a custom - authentication plugin for the kubernetes - cluster. - properties: - config: - additionalProperties: - type: string - description: Config holds the parameters - for the authentication plugin. - type: object - name: - description: Name is the name of the authentication - plugin. - type: string - required: - - name - type: object - exec: - description: Exec specifies a custom exec-based - authentication plugin for the kubernetes - cluster. - properties: - apiVersion: - description: |- - Preferred input version of the ExecInfo. The returned ExecCredentials MUST use - the same encoding version as the input. - Defaults to client.authentication.k8s.io/v1 if not set. - type: string - args: - description: Arguments to pass to the - command when executing it. - items: - type: string - type: array - command: - description: Command to execute. - type: string - env: - description: |- - Env defines additional environment variables to expose to the process. These - are unioned with the host's environment, as well as variables client-go uses - to pass argument to the plugin. - items: - description: |- - KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based - credential plugin. - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - provideClusterInfo: - description: |- - ProvideClusterInfo determines whether or not to provide cluster information, - which could potentially contain very large CA data, to this exec plugin as a - part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set - to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for - reading this environment variable. - type: boolean - required: - - command - type: object - type: object - required: - - user - type: object - kubeConfigPath: - description: KubeConfigPath is used to specify the - actual file path or URL to the kubeconfig file from - which to load cluster information - type: string - required: - - kubeConfigPath - type: object - timeout: - description: Timeout modifies the discovery timeout - type: string - tlsBootstrapToken: - description: |- - TLSBootstrapToken is a token used for TLS bootstrapping. - If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. - If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information - type: string - type: object - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - nodeRegistration: - description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: CRISocket is used to retrieve container runtime - info. This information will be annotated to the Node - API object, for later re-use - type: string - ignorePreflightErrors: - description: IgnorePreflightErrors provides a slice of - pre-flight errors to be ignored when the current node - is registered. - items: - type: string - type: array - imagePullPolicy: - description: |- - ImagePullPolicy specifies the policy for image pulling - during kubeadm "init" and "join" operations. The value of - this field must be one of "Always", "IfNotPresent" or - "Never". Defaults to "IfNotPresent". This can be used only - with Kubernetes version equal to 1.22 and later. - enum: - - Always - - IfNotPresent - - Never - type: string - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied - to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to the - taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - patches: - description: |- - Patches contains options related to applying patches to components deployed by kubeadm during - "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22 - properties: - directory: - description: |- - Directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". - For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of - "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one - of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. - The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". - "suffix" is an optional string that can be used to determine which patches are applied - first alpha-numerically. - These files can be written into the target directory via KubeadmConfig.Files which - specifies additional files to be created on the machine, either with content inline or - by referencing a secret. - type: string - type: object - skipPhases: - description: |- - SkipPhases is a list of phases to skip during command execution. - The list of phases can be obtained with the "kubeadm init --help" command. - This option takes effect only on Kubernetes >=1.22.0. - items: - type: string - type: array - type: object - mounts: - description: Mounts specifies a list of mount points to be setup. - items: - description: MountPoints defines input for generated mounts - in cloud-init. - items: - type: string - type: array - type: array - ntp: - description: NTP specifies NTP configuration - properties: - enabled: - description: Enabled specifies whether NTP should be enabled - type: boolean - servers: - description: Servers specifies which NTP servers to use - items: - type: string - type: array - type: object - postKubeadmCommands: - description: PostKubeadmCommands specifies extra commands to run - after kubeadm runs - items: - type: string - type: array - preKubeadmCommands: - description: PreKubeadmCommands specifies extra commands to run - before kubeadm runs - items: - type: string - type: array - useExperimentalRetryJoin: - description: |- - UseExperimentalRetryJoin replaces a basic kubeadm command with a shell - script with retries for joins. - - - This is meant to be an experimental temporary workaround on some environments - where joins fail due to timing (and other issues). The long term goal is to add retries to - kubeadm proper and use that functionality. - - - This will add about 40KB to userdata - - - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. - - - Deprecated: This experimental fix is no longer needed and this field will be removed in a future release. - When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml - type: boolean - users: - description: Users specifies extra users to add - items: - description: User defines the input for a generated user in - cloud-init. - properties: - gecos: - description: Gecos specifies the gecos to use for the user - type: string - groups: - description: Groups specifies the additional groups for - the user - type: string - homeDir: - description: HomeDir specifies the home directory to use - for the user - type: string - inactive: - description: Inactive specifies whether to mark the user - as inactive - type: boolean - lockPassword: - description: LockPassword specifies if password login should - be disabled - type: boolean - name: - description: Name specifies the user name - type: string - passwd: - description: Passwd specifies a hashed password for the - user - type: string - passwdFrom: - description: PasswdFrom is a referenced source of passwd - to populate the passwd. - properties: - secret: - description: Secret represents a secret that should - populate this password. - properties: - key: - description: Key is the key in the secret's data - map for this value. - type: string - name: - description: Name of the secret in the KubeadmBootstrapConfig's - namespace to use. - type: string - required: - - key - - name - type: object - required: - - secret - type: object - primaryGroup: - description: PrimaryGroup specifies the primary group for - the user - type: string - shell: - description: Shell specifies the user's shell - type: string - sshAuthorizedKeys: - description: SSHAuthorizedKeys specifies a list of ssh authorized - keys for the user - items: - type: string - type: array - sudo: - description: Sudo specifies a sudo role for the user - type: string - required: - - name - type: object - type: array - verbosity: - description: |- - Verbosity is the number for the kubeadm log level verbosity. - It overrides the `--v` flag in kubeadm commands. - format: int32 - type: integer - type: object - machineTemplate: - description: |- - MachineTemplate contains information about how machines - should be shaped when creating or updating a control plane. - properties: - infrastructureRef: - description: |- - InfrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - nodeDeletionTimeout: - description: |- - NodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine - hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. - If no value is provided, the default value for this property of the Machine resource will be used. - type: string - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - nodeVolumeDetachTimeout: - description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - type: string - required: - - infrastructureRef - type: object - remediationStrategy: - description: The RemediationStrategy that controls how control plane - machine remediation happens. - properties: - maxRetry: - description: "MaxRetry is the Max number of retries while attempting - to remediate an unhealthy machine.\nA retry happens when a machine - that was created as a replacement for an unhealthy machine also - fails.\nFor example, given a control plane with three machines - M1, M2, M3:\n\n\n\tM1 become unhealthy; remediation happens, - and M1-1 is created as a replacement.\n\tIf M1-1 (replacement - of M1) has problems while bootstrapping it will become unhealthy, - and then be\n\tremediated; such operation is considered a retry, - remediation-retry #1.\n\tIf M1-2 (replacement of M1-1) becomes - unhealthy, remediation-retry #2 will happen, etc.\n\n\nA retry - could happen only after RetryPeriod from the previous retry.\nIf - a machine is marked as unhealthy after MinHealthyPeriod from - the previous remediation expired,\nthis is not considered a - retry anymore because the new issue is assumed unrelated from - the previous one.\n\n\nIf not set, the remedation will be retried - infinitely." - format: int32 - type: integer - minHealthyPeriod: - description: "MinHealthyPeriod defines the duration after which - KCP will consider any failure to a machine unrelated\nfrom the - previous one. In this case the remediation is not considered - a retry anymore, and thus the retry\ncounter restarts from 0. - For example, assuming MinHealthyPeriod is set to 1h (default)\n\n\n\tM1 - become unhealthy; remediation happens, and M1-1 is created as - a replacement.\n\tIf M1-1 (replacement of M1) has problems within - the 1hr after the creation, also\n\tthis machine will be remediated - and this operation is considered a retry - a problem related\n\tto - the original issue happened to M1 -.\n\n\n\tIf instead the problem - on M1-1 is happening after MinHealthyPeriod expired, e.g. four - days after\n\tm1-1 has been created as a remediation of M1, - the problem on M1-1 is considered unrelated to\n\tthe original - issue happened to M1.\n\n\nIf not set, this value is defaulted - to 1h." - type: string - retryPeriod: - description: |- - RetryPeriod is the duration that KCP should wait before remediating a machine being created as a replacement - for an unhealthy machine (a retry). - - - If not set, a retry will happen immediately. - type: string - type: object - replicas: - description: |- - Number of desired machines. Defaults to 1. When stacked etcd is used only - odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). - This is a pointer to distinguish between explicit zero and not specified. - format: int32 - type: integer - rolloutAfter: - description: |- - RolloutAfter is a field to indicate a rollout should be performed - after the specified time even if no changes have been made to the - KubeadmControlPlane. - Example: In the YAML the time can be specified in the RFC3339 format. - To specify the rolloutAfter target as March 9, 2023, at 9 am UTC - use "2023-03-09T09:00:00Z". - format: date-time - type: string - rolloutBefore: - description: |- - RolloutBefore is a field to indicate a rollout should be performed - if the specified criteria is met. - properties: - certificatesExpiryDays: - description: |- - CertificatesExpiryDays indicates a rollout needs to be performed if the - certificates of the machine will expire within the specified days. - format: int32 - type: integer - type: object - rolloutStrategy: - default: - rollingUpdate: - maxSurge: 1 - type: RollingUpdate - description: |- - The RolloutStrategy to use to replace control plane machines with - new ones. - properties: - rollingUpdate: - description: |- - Rolling update config params. Present only if - RolloutStrategyType = RollingUpdate. - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of control planes that can be scheduled above or under the - desired number of control planes. - Value can be an absolute number 1 or 0. - Defaults to 1. - Example: when this is set to 1, the control plane can be scaled - up immediately when the rolling update starts. - x-kubernetes-int-or-string: true - type: object - type: - description: |- - Type of rollout. Currently the only supported strategy is - "RollingUpdate". - Default is RollingUpdate. - type: string - type: object - version: - description: |- - Version defines the desired Kubernetes version. - Please note that if kubeadmConfigSpec.ClusterConfiguration.imageRepository is not set - we don't allow upgrades to versions >= v1.22.0 for which kubeadm uses the old registry (k8s.gcr.io). - Please use a newer patch version with the new registry instead. The default registries of kubeadm are: - * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 - * k8s.gcr.io (old registry): all older versions - type: string - required: - - kubeadmConfigSpec - - machineTemplate - - version - type: object - status: - description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane. - properties: - conditions: - description: Conditions defines current service state of the KubeadmControlPlane. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureMessage: - description: |- - ErrorMessage indicates that there is a terminal problem reconciling the - state, and will be set to a descriptive error message. - type: string - failureReason: - description: |- - FailureReason indicates that there is a terminal problem reconciling the - state, and will be set to a token value suitable for - programmatic interpretation. - type: string - initialized: - description: |- - Initialized denotes whether or not the control plane has the - uploaded kubeadm-config configmap. - type: boolean - lastRemediation: - description: LastRemediation stores info about last remediation performed. - properties: - machine: - description: Machine is the machine name of the latest machine - being remediated. - type: string - retryCount: - description: |- - RetryCount used to keep track of remediation retry for the last remediated machine. - A retry happens when a machine that was created as a replacement for an unhealthy machine also fails. - format: int32 - type: integer - timestamp: - description: Timestamp is when last remediation happened. It is - represented in RFC3339 form and is in UTC. - format: date-time - type: string - required: - - machine - - retryCount - - timestamp - type: object - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - ready: - description: |- - Ready denotes that the KubeadmControlPlane API Server is ready to - receive requests. - type: boolean - readyReplicas: - description: Total number of fully running and ready control plane - machines. - format: int32 - type: integer - replicas: - description: |- - Total number of non-terminated machines targeted by this control plane - (their labels match the selector). - format: int32 - type: integer - selector: - description: |- - Selector is the label selector in string format to avoid introspection - by clients, and is used to provide the CRD-based integration for the - scale subresource and additional integrations for things like kubectl - describe.. The string will be in the same format as the query-param syntax. - More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors - type: string - unavailableReplicas: - description: |- - Total number of unavailable machines targeted by this control plane. - This is the total number of machines that are still required for - the deployment to have 100% available capacity. They may either - be machines that are running but not yet ready or machines - that still have not been created. - format: int32 - type: integer - updatedReplicas: - description: |- - Total number of non-terminated machines targeted by this control plane - that have the desired template spec. - format: int32 - type: integer - version: - description: |- - Version represents the minimum Kubernetes version for the control plane machines - in the cluster. - type: string - type: object - type: object - served: true - storage: true - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert - controller-gen.kubebuilder.io/version: v0.14.0 - labels: - cluster.x-k8s.io/provider: control-plane-kubeadm - cluster.x-k8s.io/v1beta1: v1beta1 - name: kubeadmcontrolplanetemplates.controlplane.cluster.x-k8s.io - spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-kubeadm-control-plane-webhook-service - namespace: capi-kubeadm-control-plane-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: controlplane.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: KubeadmControlPlaneTemplate - listKind: KubeadmControlPlaneTemplateList - plural: kubeadmcontrolplanetemplates - singular: kubeadmcontrolplanetemplate - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Time duration since creation of KubeadmControlPlaneTemplate - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - name: v1alpha4 - schema: - openAPIV3Schema: - description: |- - KubeadmControlPlaneTemplate is the Schema for the kubeadmcontrolplanetemplates API. - - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: KubeadmControlPlaneTemplateSpec defines the desired state - of KubeadmControlPlaneTemplate. - properties: - template: - description: KubeadmControlPlaneTemplateResource describes the data - needed to create a KubeadmControlPlane from a template. - properties: - spec: - description: KubeadmControlPlaneSpec defines the desired state - of KubeadmControlPlane. - properties: - kubeadmConfigSpec: - description: |- - KubeadmConfigSpec is a KubeadmConfigSpec - to use for initializing and joining machines to the control plane. - properties: - clusterConfiguration: - description: ClusterConfiguration along with InitConfiguration - are the configurations necessary for the init command - properties: - apiServer: - description: APIServer contains extra settings for - the API server control plane component - properties: - certSANs: - description: CertSANs sets extra Subject Alternative - Names for the API Server signing cert. - items: - type: string - type: array - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host - volumes, mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside - the pod where hostPath will be mounted. - type: string - name: - description: Name of the volume inside the - pod template. - type: string - pathType: - description: PathType is the type of the - HostPath. - type: string - readOnly: - description: ReadOnly controls write access - to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - timeoutForControlPlane: - description: TimeoutForControlPlane controls the - timeout that we use for API server to appear - type: string - type: object - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - certificatesDir: - description: |- - CertificatesDir specifies where to store or look for all required certificates. - NB: if not provided, this will default to `/etc/kubernetes/pki` - type: string - clusterName: - description: The cluster name - type: string - controlPlaneEndpoint: - description: |- - ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it - can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. - In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort - are used; in case the ControlPlaneEndpoint is specified but without a TCP port, - the BindPort is used. - Possible usages are: - e.g. In a cluster with more than one control plane instances, this field should be - assigned the address of the external load balancer in front of the - control plane instances. - e.g. in environments with enforced node recycling, the ControlPlaneEndpoint - could be used for assigning a stable DNS to the control plane. - NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. - type: string - controllerManager: - description: ControllerManager contains extra settings - for the controller manager control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host - volumes, mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside - the pod where hostPath will be mounted. - type: string - name: - description: Name of the volume inside the - pod template. - type: string - pathType: - description: PathType is the type of the - HostPath. - type: string - readOnly: - description: ReadOnly controls write access - to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - dns: - description: DNS defines the options for the DNS add-on - installed in the cluster. - properties: - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - ImageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - type: object - etcd: - description: |- - Etcd holds configuration for etcd. - NB: This value defaults to a Local (stacked) etcd - properties: - external: - description: |- - External describes how to connect to an external etcd cluster - Local and External are mutually exclusive - properties: - caFile: - description: |- - CAFile is an SSL Certificate Authority file used to secure etcd communication. - Required if using a TLS connection. - type: string - certFile: - description: |- - CertFile is an SSL certification file used to secure etcd communication. - Required if using a TLS connection. - type: string - endpoints: - description: Endpoints of etcd members. Required - for ExternalEtcd. - items: - type: string - type: array - keyFile: - description: |- - KeyFile is an SSL key file used to secure etcd communication. - Required if using a TLS connection. - type: string - required: - - caFile - - certFile - - endpoints - - keyFile - type: object - local: - description: |- - Local provides configuration knobs for configuring the local etcd instance - Local and External are mutually exclusive - properties: - dataDir: - description: |- - DataDir is the directory etcd will place its data. - Defaults to "/var/lib/etcd". - type: string - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs are extra arguments provided to the etcd binary - when run inside a static pod. - type: object - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - ImageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - peerCertSANs: - description: PeerCertSANs sets extra Subject - Alternative Names for the etcd peer signing - cert. - items: - type: string - type: array - serverCertSANs: - description: ServerCertSANs sets extra Subject - Alternative Names for the etcd server signing - cert. - items: - type: string - type: array - type: object - type: object - featureGates: - additionalProperties: - type: boolean - description: FeatureGates enabled by the user. - type: object - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - If empty, `registry.k8s.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) - `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `registry.k8s.io` - will be used for all the other images. - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - kubernetesVersion: - description: |- - KubernetesVersion is the target version of the control plane. - NB: This value defaults to the Machine object spec.version - type: string - networking: - description: |- - Networking holds configuration for the networking topology of the cluster. - NB: This value defaults to the Cluster object spec.clusterNetwork. - properties: - dnsDomain: - description: DNSDomain is the dns domain used - by k8s services. Defaults to "cluster.local". - type: string - podSubnet: - description: |- - PodSubnet is the subnet used by pods. - If unset, the API server will not allocate CIDR ranges for every node. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set - type: string - serviceSubnet: - description: |- - ServiceSubnet is the subnet used by k8s services. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or - to "10.96.0.0/12" if that's unset. - type: string - type: object - scheduler: - description: Scheduler contains extra settings for - the scheduler control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host - volumes, mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside - the pod where hostPath will be mounted. - type: string - name: - description: Name of the volume inside the - pod template. - type: string - pathType: - description: PathType is the type of the - HostPath. - type: string - readOnly: - description: ReadOnly controls write access - to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - type: object - diskSetup: - description: DiskSetup specifies options for the creation - of partition tables and file systems on devices. - properties: - filesystems: - description: Filesystems specifies the list of file - systems to setup. - items: - description: Filesystem defines the file systems - to be created. - properties: - device: - description: Device specifies the device name - type: string - extraOpts: - description: ExtraOpts defined extra options - to add to the command for creating the file - system. - items: - type: string - type: array - filesystem: - description: Filesystem specifies the file system - type. - type: string - label: - description: Label specifies the file system - label to be used. If set to None, no label - is used. - type: string - overwrite: - description: |- - Overwrite defines whether or not to overwrite any existing filesystem. - If true, any pre-existing file system will be destroyed. Use with Caution. - type: boolean - partition: - description: 'Partition specifies the partition - to use. The valid options are: "auto|any", - "auto", "any", "none", and , where NUM - is the actual partition number.' - type: string - replaceFS: - description: |- - ReplaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . - NOTE: unless you define a label, this requires the use of the 'any' partition directive. - type: string - required: - - device - - filesystem - - label - type: object - type: array - partitions: - description: Partitions specifies the list of the - partitions to setup. - items: - description: Partition defines how to create and - layout a partition. - properties: - device: - description: Device is the name of the device. - type: string - layout: - description: |- - Layout specifies the device layout. - If it is true, a single partition will be created for the entire device. - When layout is false, it means don't partition or ignore existing partitioning. - type: boolean - overwrite: - description: |- - Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. - Use with caution. Default is 'false'. - type: boolean - tableType: - description: |- - TableType specifies the tupe of partition table. The following are supported: - 'mbr': default and setups a MS-DOS partition table - 'gpt': setups a GPT partition table - type: string - required: - - device - - layout - type: object - type: array - type: object - files: - description: Files specifies extra files to be passed - to user_data upon creation. - items: - description: File defines the input for generating write_files - in cloud-init. - properties: - content: - description: Content is the actual content of the - file. - type: string - contentFrom: - description: ContentFrom is a referenced source - of content to populate the file. - properties: - secret: - description: Secret represents a secret that - should populate this file. - properties: - key: - description: Key is the key in the secret's - data map for this value. - type: string - name: - description: Name of the secret in the KubeadmBootstrapConfig's - namespace to use. - type: string - required: - - key - - name - type: object - required: - - secret - type: object - encoding: - description: Encoding specifies the encoding of - the file contents. - enum: - - base64 - - gzip - - gzip+base64 - type: string - owner: - description: Owner specifies the ownership of the - file, e.g. "root:root". - type: string - path: - description: Path specifies the full path on disk - where to store the file. - type: string - permissions: - description: Permissions specifies the permissions - to assign to the file, e.g. "0640". - type: string - required: - - path - type: object - type: array - format: - description: Format specifies the output format of the - bootstrap data - enum: - - cloud-config - type: string - initConfiguration: - description: InitConfiguration along with ClusterConfiguration - are the configurations necessary for the init command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - bootstrapTokens: - description: |- - BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. - This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature - items: - description: BootstrapToken describes one bootstrap - token, stored as a Secret in the cluster. - properties: - description: - description: |- - Description sets a human-friendly message why this token exists and what it's used - for, so other administrators can know its purpose. - type: string - expires: - description: |- - Expires specifies the timestamp when this token expires. Defaults to being set - dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. - format: date-time - type: string - groups: - description: |- - Groups specifies the extra groups that this token will authenticate as when/if - used for authentication - items: - type: string - type: array - token: - description: |- - Token is used for establishing bidirectional trust between nodes and control-planes. - Used for joining nodes in the cluster. - type: string - ttl: - description: |- - TTL defines the time to live for this token. Defaults to 24h. - Expires and TTL are mutually exclusive. - type: string - usages: - description: |- - Usages describes the ways in which this token can be used. Can by default be used - for establishing bidirectional trust, but that can be changed here. - items: - type: string - type: array - required: - - token - type: object - type: array - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - localAPIEndpoint: - description: |- - LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node - In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint - is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This - configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible - on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process - fails you may set the desired value here. - properties: - advertiseAddress: - description: AdvertiseAddress sets the IP address - for the API server to advertise. - type: string - bindPort: - description: |- - BindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - nodeRegistration: - description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: CRISocket is used to retrieve container - runtime info. This information will be annotated - to the Node API object, for later re-use - type: string - ignorePreflightErrors: - description: IgnorePreflightErrors provides a - slice of pre-flight errors to be ignored when - the current node is registered. - items: - type: string - type: array - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to - be applied to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding - to the taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - type: object - joinConfiguration: - description: JoinConfiguration is the kubeadm configuration - for the join command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - caCertPath: - description: |- - CACertPath is the path to the SSL certificate authority used to - secure comunications between node and control-plane. - Defaults to "/etc/kubernetes/pki/ca.crt". - TODO: revisit when there is defaulting from k/k - type: string - controlPlane: - description: |- - ControlPlane defines the additional control plane instance to be deployed on the joining node. - If nil, no additional control plane instance will be deployed. - properties: - localAPIEndpoint: - description: LocalAPIEndpoint represents the endpoint - of the API server instance to be deployed on - this node. - properties: - advertiseAddress: - description: AdvertiseAddress sets the IP - address for the API server to advertise. - type: string - bindPort: - description: |- - BindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - type: object - discovery: - description: |- - Discovery specifies the options for the kubelet to use during the TLS Bootstrap process - TODO: revisit when there is defaulting from k/k - properties: - bootstrapToken: - description: |- - BootstrapToken is used to set the options for bootstrap token based discovery - BootstrapToken and File are mutually exclusive - properties: - apiServerEndpoint: - description: APIServerEndpoint is an IP or - domain name to the API server from which - info will be fetched. - type: string - caCertHashes: - description: |- - CACertHashes specifies a set of public key pins to verify - when token-based discovery is used. The root CA found during discovery - must match one of these values. Specifying an empty set disables root CA - pinning, which can be unsafe. Each hash is specified as ":", - where the only currently supported type is "sha256". This is a hex-encoded - SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded - ASN.1. These hashes can be calculated using, for example, OpenSSL: - openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex - items: - type: string - type: array - token: - description: |- - Token is a token used to validate cluster information - fetched from the control-plane. - type: string - unsafeSkipCAVerification: - description: |- - UnsafeSkipCAVerification allows token-based discovery - without CA verification via CACertHashes. This can weaken - the security of kubeadm since other nodes can impersonate the control-plane. - type: boolean - required: - - token - type: object - file: - description: |- - File is used to specify a file or URL to a kubeconfig file from which to load cluster information - BootstrapToken and File are mutually exclusive - properties: - kubeConfigPath: - description: KubeConfigPath is used to specify - the actual file path or URL to the kubeconfig - file from which to load cluster information - type: string - required: - - kubeConfigPath - type: object - timeout: - description: Timeout modifies the discovery timeout - type: string - tlsBootstrapToken: - description: |- - TLSBootstrapToken is a token used for TLS bootstrapping. - If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. - If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information - type: string - type: object - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - nodeRegistration: - description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: CRISocket is used to retrieve container - runtime info. This information will be annotated - to the Node API object, for later re-use - type: string - ignorePreflightErrors: - description: IgnorePreflightErrors provides a - slice of pre-flight errors to be ignored when - the current node is registered. - items: - type: string - type: array - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to - be applied to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding - to the taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - type: object - mounts: - description: Mounts specifies a list of mount points to - be setup. - items: - description: MountPoints defines input for generated - mounts in cloud-init. - items: - type: string - type: array - type: array - ntp: - description: NTP specifies NTP configuration - properties: - enabled: - description: Enabled specifies whether NTP should - be enabled - type: boolean - servers: - description: Servers specifies which NTP servers to - use - items: - type: string - type: array - type: object - postKubeadmCommands: - description: PostKubeadmCommands specifies extra commands - to run after kubeadm runs - items: - type: string - type: array - preKubeadmCommands: - description: PreKubeadmCommands specifies extra commands - to run before kubeadm runs - items: - type: string - type: array - useExperimentalRetryJoin: - description: |- - UseExperimentalRetryJoin replaces a basic kubeadm command with a shell - script with retries for joins. - - - This is meant to be an experimental temporary workaround on some environments - where joins fail due to timing (and other issues). The long term goal is to add retries to - kubeadm proper and use that functionality. - - - This will add about 40KB to userdata - - - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. - type: boolean - users: - description: Users specifies extra users to add - items: - description: User defines the input for a generated - user in cloud-init. - properties: - gecos: - description: Gecos specifies the gecos to use for - the user - type: string - groups: - description: Groups specifies the additional groups - for the user - type: string - homeDir: - description: HomeDir specifies the home directory - to use for the user - type: string - inactive: - description: Inactive specifies whether to mark - the user as inactive - type: boolean - lockPassword: - description: LockPassword specifies if password - login should be disabled - type: boolean - name: - description: Name specifies the user name - type: string - passwd: - description: Passwd specifies a hashed password - for the user - type: string - primaryGroup: - description: PrimaryGroup specifies the primary - group for the user - type: string - shell: - description: Shell specifies the user's shell - type: string - sshAuthorizedKeys: - description: SSHAuthorizedKeys specifies a list - of ssh authorized keys for the user - items: - type: string - type: array - sudo: - description: Sudo specifies a sudo role for the - user - type: string - required: - - name - type: object - type: array - verbosity: - description: |- - Verbosity is the number for the kubeadm log level verbosity. - It overrides the `--v` flag in kubeadm commands. - format: int32 - type: integer - type: object - machineTemplate: - description: |- - MachineTemplate contains information about how machines - should be shaped when creating or updating a control plane. - properties: - infrastructureRef: - description: |- - InfrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - required: - - infrastructureRef - type: object - replicas: - description: |- - Number of desired machines. Defaults to 1. When stacked etcd is used only - odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). - This is a pointer to distinguish between explicit zero and not specified. - format: int32 - type: integer - rolloutAfter: - description: |- - RolloutAfter is a field to indicate a rollout should be performed - after the specified time even if no changes have been made to the - KubeadmControlPlane. - format: date-time - type: string - rolloutStrategy: - default: - rollingUpdate: - maxSurge: 1 - type: RollingUpdate - description: |- - The RolloutStrategy to use to replace control plane machines with - new ones. - properties: - rollingUpdate: - description: |- - Rolling update config params. Present only if - RolloutStrategyType = RollingUpdate. - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of control planes that can be scheduled above or under the - desired number of control planes. - Value can be an absolute number 1 or 0. - Defaults to 1. - Example: when this is set to 1, the control plane can be scaled - up immediately when the rolling update starts. - x-kubernetes-int-or-string: true - type: object - type: - description: |- - Type of rollout. Currently the only supported strategy is - "RollingUpdate". - Default is RollingUpdate. - type: string - type: object - version: - description: Version defines the desired Kubernetes version. - type: string - required: - - kubeadmConfigSpec - - machineTemplate - - version - type: object - required: - - spec - type: object - required: - - template - type: object - type: object - served: false - storage: false - subresources: {} - - additionalPrinterColumns: - - description: Time duration since creation of KubeadmControlPlaneTemplate - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: KubeadmControlPlaneTemplate is the Schema for the kubeadmcontrolplanetemplates - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: KubeadmControlPlaneTemplateSpec defines the desired state - of KubeadmControlPlaneTemplate. - properties: - template: - description: KubeadmControlPlaneTemplateResource describes the data - needed to create a KubeadmControlPlane from a template. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - spec: - description: |- - KubeadmControlPlaneTemplateResourceSpec defines the desired state of KubeadmControlPlane. - NOTE: KubeadmControlPlaneTemplateResourceSpec is similar to KubeadmControlPlaneSpec but - omits Replicas and Version fields. These fields do not make sense on the KubeadmControlPlaneTemplate, - because they are calculated by the Cluster topology reconciler during reconciliation and thus cannot - be configured on the KubeadmControlPlaneTemplate. - properties: - kubeadmConfigSpec: - description: |- - KubeadmConfigSpec is a KubeadmConfigSpec - to use for initializing and joining machines to the control plane. - properties: - clusterConfiguration: - description: ClusterConfiguration along with InitConfiguration - are the configurations necessary for the init command - properties: - apiServer: - description: APIServer contains extra settings for - the API server control plane component - properties: - certSANs: - description: CertSANs sets extra Subject Alternative - Names for the API Server signing cert. - items: - type: string - type: array - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host - volumes, mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside - the pod where hostPath will be mounted. - type: string - name: - description: Name of the volume inside the - pod template. - type: string - pathType: - description: PathType is the type of the - HostPath. - type: string - readOnly: - description: ReadOnly controls write access - to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - timeoutForControlPlane: - description: TimeoutForControlPlane controls the - timeout that we use for API server to appear - type: string - type: object - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - certificatesDir: - description: |- - CertificatesDir specifies where to store or look for all required certificates. - NB: if not provided, this will default to `/etc/kubernetes/pki` - type: string - clusterName: - description: The cluster name - type: string - controlPlaneEndpoint: - description: |- - ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it - can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. - In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort - are used; in case the ControlPlaneEndpoint is specified but without a TCP port, - the BindPort is used. - Possible usages are: - e.g. In a cluster with more than one control plane instances, this field should be - assigned the address of the external load balancer in front of the - control plane instances. - e.g. in environments with enforced node recycling, the ControlPlaneEndpoint - could be used for assigning a stable DNS to the control plane. - NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. - type: string - controllerManager: - description: ControllerManager contains extra settings - for the controller manager control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host - volumes, mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside - the pod where hostPath will be mounted. - type: string - name: - description: Name of the volume inside the - pod template. - type: string - pathType: - description: PathType is the type of the - HostPath. - type: string - readOnly: - description: ReadOnly controls write access - to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - dns: - description: DNS defines the options for the DNS add-on - installed in the cluster. - properties: - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - ImageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - type: object - etcd: - description: |- - Etcd holds configuration for etcd. - NB: This value defaults to a Local (stacked) etcd - properties: - external: - description: |- - External describes how to connect to an external etcd cluster - Local and External are mutually exclusive - properties: - caFile: - description: |- - CAFile is an SSL Certificate Authority file used to secure etcd communication. - Required if using a TLS connection. - type: string - certFile: - description: |- - CertFile is an SSL certification file used to secure etcd communication. - Required if using a TLS connection. - type: string - endpoints: - description: Endpoints of etcd members. Required - for ExternalEtcd. - items: - type: string - type: array - keyFile: - description: |- - KeyFile is an SSL key file used to secure etcd communication. - Required if using a TLS connection. - type: string - required: - - caFile - - certFile - - endpoints - - keyFile - type: object - local: - description: |- - Local provides configuration knobs for configuring the local etcd instance - Local and External are mutually exclusive - properties: - dataDir: - description: |- - DataDir is the directory etcd will place its data. - Defaults to "/var/lib/etcd". - type: string - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs are extra arguments provided to the etcd binary - when run inside a static pod. - type: object - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - ImageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - peerCertSANs: - description: PeerCertSANs sets extra Subject - Alternative Names for the etcd peer signing - cert. - items: - type: string - type: array - serverCertSANs: - description: ServerCertSANs sets extra Subject - Alternative Names for the etcd server signing - cert. - items: - type: string - type: array - type: object - type: object - featureGates: - additionalProperties: - type: boolean - description: FeatureGates enabled by the user. - type: object - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - * If not set, the default registry of kubeadm will be used, i.e. - * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 - * k8s.gcr.io (old registry): all older versions - Please note that when imageRepository is not set we don't allow upgrades to - versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use - a newer patch version with the new registry instead (i.e. >= v1.22.17, - >= v1.23.15, >= v1.24.9, >= v1.25.0). - * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) - `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components - and for kube-proxy, while `registry.k8s.io` will be used for all the other images. - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - kubernetesVersion: - description: |- - KubernetesVersion is the target version of the control plane. - NB: This value defaults to the Machine object spec.version - type: string - networking: - description: |- - Networking holds configuration for the networking topology of the cluster. - NB: This value defaults to the Cluster object spec.clusterNetwork. - properties: - dnsDomain: - description: DNSDomain is the dns domain used - by k8s services. Defaults to "cluster.local". - type: string - podSubnet: - description: |- - PodSubnet is the subnet used by pods. - If unset, the API server will not allocate CIDR ranges for every node. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set - type: string - serviceSubnet: - description: |- - ServiceSubnet is the subnet used by k8s services. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or - to "10.96.0.0/12" if that's unset. - type: string - type: object - scheduler: - description: Scheduler contains extra settings for - the scheduler control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs is an extra set of flags to pass to the control plane component. - TODO: This is temporary and ideally we would like to switch all components to - use ComponentConfig + ConfigMaps. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host - volumes, mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside - the pod where hostPath will be mounted. - type: string - name: - description: Name of the volume inside the - pod template. - type: string - pathType: - description: PathType is the type of the - HostPath. - type: string - readOnly: - description: ReadOnly controls write access - to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - type: object - diskSetup: - description: DiskSetup specifies options for the creation - of partition tables and file systems on devices. - properties: - filesystems: - description: Filesystems specifies the list of file - systems to setup. - items: - description: Filesystem defines the file systems - to be created. - properties: - device: - description: Device specifies the device name - type: string - extraOpts: - description: ExtraOpts defined extra options - to add to the command for creating the file - system. - items: - type: string - type: array - filesystem: - description: Filesystem specifies the file system - type. - type: string - label: - description: Label specifies the file system - label to be used. If set to None, no label - is used. - type: string - overwrite: - description: |- - Overwrite defines whether or not to overwrite any existing filesystem. - If true, any pre-existing file system will be destroyed. Use with Caution. - type: boolean - partition: - description: 'Partition specifies the partition - to use. The valid options are: "auto|any", - "auto", "any", "none", and , where NUM - is the actual partition number.' - type: string - replaceFS: - description: |- - ReplaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . - NOTE: unless you define a label, this requires the use of the 'any' partition directive. - type: string - required: - - device - - filesystem - - label - type: object - type: array - partitions: - description: Partitions specifies the list of the - partitions to setup. - items: - description: Partition defines how to create and - layout a partition. - properties: - device: - description: Device is the name of the device. - type: string - layout: - description: |- - Layout specifies the device layout. - If it is true, a single partition will be created for the entire device. - When layout is false, it means don't partition or ignore existing partitioning. - type: boolean - overwrite: - description: |- - Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. - Use with caution. Default is 'false'. - type: boolean - tableType: - description: |- - TableType specifies the tupe of partition table. The following are supported: - 'mbr': default and setups a MS-DOS partition table - 'gpt': setups a GPT partition table - type: string - required: - - device - - layout - type: object - type: array - type: object - files: - description: Files specifies extra files to be passed - to user_data upon creation. - items: - description: File defines the input for generating write_files - in cloud-init. - properties: - append: - description: Append specifies whether to append - Content to existing file if Path exists. - type: boolean - content: - description: Content is the actual content of the - file. - type: string - contentFrom: - description: ContentFrom is a referenced source - of content to populate the file. - properties: - secret: - description: Secret represents a secret that - should populate this file. - properties: - key: - description: Key is the key in the secret's - data map for this value. - type: string - name: - description: Name of the secret in the KubeadmBootstrapConfig's - namespace to use. - type: string - required: - - key - - name - type: object - required: - - secret - type: object - encoding: - description: Encoding specifies the encoding of - the file contents. - enum: - - base64 - - gzip - - gzip+base64 - type: string - owner: - description: Owner specifies the ownership of the - file, e.g. "root:root". - type: string - path: - description: Path specifies the full path on disk - where to store the file. - type: string - permissions: - description: Permissions specifies the permissions - to assign to the file, e.g. "0640". - type: string - required: - - path - type: object - type: array - format: - description: Format specifies the output format of the - bootstrap data - enum: - - cloud-config - - ignition - type: string - ignition: - description: Ignition contains Ignition specific configuration. - properties: - containerLinuxConfig: - description: ContainerLinuxConfig contains CLC specific - configuration. - properties: - additionalConfig: - description: |- - AdditionalConfig contains additional configuration to be merged with the Ignition - configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging - - - The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ - type: string - strict: - description: Strict controls if AdditionalConfig - should be strictly parsed. If so, warnings are - treated as errors. - type: boolean - type: object - type: object - initConfiguration: - description: InitConfiguration along with ClusterConfiguration - are the configurations necessary for the init command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - bootstrapTokens: - description: |- - BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. - This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature - items: - description: BootstrapToken describes one bootstrap - token, stored as a Secret in the cluster. - properties: - description: - description: |- - Description sets a human-friendly message why this token exists and what it's used - for, so other administrators can know its purpose. - type: string - expires: - description: |- - Expires specifies the timestamp when this token expires. Defaults to being set - dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. - format: date-time - type: string - groups: - description: |- - Groups specifies the extra groups that this token will authenticate as when/if - used for authentication - items: - type: string - type: array - token: - description: |- - Token is used for establishing bidirectional trust between nodes and control-planes. - Used for joining nodes in the cluster. - type: string - ttl: - description: |- - TTL defines the time to live for this token. Defaults to 24h. - Expires and TTL are mutually exclusive. - type: string - usages: - description: |- - Usages describes the ways in which this token can be used. Can by default be used - for establishing bidirectional trust, but that can be changed here. - items: - type: string - type: array - required: - - token - type: object - type: array - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - localAPIEndpoint: - description: |- - LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node - In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint - is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This - configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible - on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process - fails you may set the desired value here. - properties: - advertiseAddress: - description: AdvertiseAddress sets the IP address - for the API server to advertise. - type: string - bindPort: - description: |- - BindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - nodeRegistration: - description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: CRISocket is used to retrieve container - runtime info. This information will be annotated - to the Node API object, for later re-use - type: string - ignorePreflightErrors: - description: IgnorePreflightErrors provides a - slice of pre-flight errors to be ignored when - the current node is registered. - items: - type: string - type: array - imagePullPolicy: - description: |- - ImagePullPolicy specifies the policy for image pulling - during kubeadm "init" and "join" operations. The value of - this field must be one of "Always", "IfNotPresent" or - "Never". Defaults to "IfNotPresent". This can be used only - with Kubernetes version equal to 1.22 and later. - enum: - - Always - - IfNotPresent - - Never - type: string - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to - be applied to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding - to the taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - patches: - description: |- - Patches contains options related to applying patches to components deployed by kubeadm during - "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22 - properties: - directory: - description: |- - Directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". - For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of - "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one - of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. - The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". - "suffix" is an optional string that can be used to determine which patches are applied - first alpha-numerically. - These files can be written into the target directory via KubeadmConfig.Files which - specifies additional files to be created on the machine, either with content inline or - by referencing a secret. - type: string - type: object - skipPhases: - description: |- - SkipPhases is a list of phases to skip during command execution. - The list of phases can be obtained with the "kubeadm init --help" command. - This option takes effect only on Kubernetes >=1.22.0. - items: - type: string - type: array - type: object - joinConfiguration: - description: JoinConfiguration is the kubeadm configuration - for the join command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - caCertPath: - description: |- - CACertPath is the path to the SSL certificate authority used to - secure comunications between node and control-plane. - Defaults to "/etc/kubernetes/pki/ca.crt". - TODO: revisit when there is defaulting from k/k - type: string - controlPlane: - description: |- - ControlPlane defines the additional control plane instance to be deployed on the joining node. - If nil, no additional control plane instance will be deployed. - properties: - localAPIEndpoint: - description: LocalAPIEndpoint represents the endpoint - of the API server instance to be deployed on - this node. - properties: - advertiseAddress: - description: AdvertiseAddress sets the IP - address for the API server to advertise. - type: string - bindPort: - description: |- - BindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - type: object - discovery: - description: |- - Discovery specifies the options for the kubelet to use during the TLS Bootstrap process - TODO: revisit when there is defaulting from k/k - properties: - bootstrapToken: - description: |- - BootstrapToken is used to set the options for bootstrap token based discovery - BootstrapToken and File are mutually exclusive - properties: - apiServerEndpoint: - description: APIServerEndpoint is an IP or - domain name to the API server from which - info will be fetched. - type: string - caCertHashes: - description: |- - CACertHashes specifies a set of public key pins to verify - when token-based discovery is used. The root CA found during discovery - must match one of these values. Specifying an empty set disables root CA - pinning, which can be unsafe. Each hash is specified as ":", - where the only currently supported type is "sha256". This is a hex-encoded - SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded - ASN.1. These hashes can be calculated using, for example, OpenSSL: - openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex - items: - type: string - type: array - token: - description: |- - Token is a token used to validate cluster information - fetched from the control-plane. - type: string - unsafeSkipCAVerification: - description: |- - UnsafeSkipCAVerification allows token-based discovery - without CA verification via CACertHashes. This can weaken - the security of kubeadm since other nodes can impersonate the control-plane. - type: boolean - required: - - token - type: object - file: - description: |- - File is used to specify a file or URL to a kubeconfig file from which to load cluster information - BootstrapToken and File are mutually exclusive - properties: - kubeConfig: - description: |- - KubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information. - The file is generated at the path specified in KubeConfigPath. - - - Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint. - Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret. - properties: - cluster: - description: |- - Cluster contains information about how to communicate with the kubernetes cluster. - - - By default the following fields are automatically populated: - - Server with the Cluster's ControlPlaneEndpoint. - - CertificateAuthorityData with the Cluster's CA certificate. - properties: - certificateAuthorityData: - description: |- - CertificateAuthorityData contains PEM-encoded certificate authority certificates. - - - Defaults to the Cluster's CA certificate if empty. - format: byte - type: string - insecureSkipTLSVerify: - description: InsecureSkipTLSVerify - skips the validity check for the - server's certificate. This will - make your HTTPS connections insecure. - type: boolean - proxyURL: - description: |- - ProxyURL is the URL to the proxy to be used for all requests made by this - client. URLs with "http", "https", and "socks5" schemes are supported. If - this configuration is not provided or the empty string, the client - attempts to construct a proxy configuration from http_proxy and - https_proxy environment variables. If these environment variables are not - set, the client does not attempt to proxy requests. - - - socks5 proxying does not currently support spdy streaming endpoints (exec, - attach, port forward). - type: string - server: - description: |- - Server is the address of the kubernetes cluster (https://hostname:port). - - - Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint. - type: string - tlsServerName: - description: TLSServerName is used - to check server certificate. If - TLSServerName is empty, the hostname - used to contact the server is used. - type: string - type: object - user: - description: |- - User contains information that describes identity information. - This is used to tell the kubernetes cluster who you are. - properties: - authProvider: - description: AuthProvider specifies - a custom authentication plugin for - the kubernetes cluster. - properties: - config: - additionalProperties: - type: string - description: Config holds the - parameters for the authentication - plugin. - type: object - name: - description: Name is the name - of the authentication plugin. - type: string - required: - - name - type: object - exec: - description: Exec specifies a custom - exec-based authentication plugin - for the kubernetes cluster. - properties: - apiVersion: - description: |- - Preferred input version of the ExecInfo. The returned ExecCredentials MUST use - the same encoding version as the input. - Defaults to client.authentication.k8s.io/v1 if not set. - type: string - args: - description: Arguments to pass - to the command when executing - it. - items: - type: string - type: array - command: - description: Command to execute. - type: string - env: - description: |- - Env defines additional environment variables to expose to the process. These - are unioned with the host's environment, as well as variables client-go uses - to pass argument to the plugin. - items: - description: |- - KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based - credential plugin. - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - provideClusterInfo: - description: |- - ProvideClusterInfo determines whether or not to provide cluster information, - which could potentially contain very large CA data, to this exec plugin as a - part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set - to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for - reading this environment variable. - type: boolean - required: - - command - type: object - type: object - required: - - user - type: object - kubeConfigPath: - description: KubeConfigPath is used to specify - the actual file path or URL to the kubeconfig - file from which to load cluster information - type: string - required: - - kubeConfigPath - type: object - timeout: - description: Timeout modifies the discovery timeout - type: string - tlsBootstrapToken: - description: |- - TLSBootstrapToken is a token used for TLS bootstrapping. - If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. - If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information - type: string - type: object - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - nodeRegistration: - description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: CRISocket is used to retrieve container - runtime info. This information will be annotated - to the Node API object, for later re-use - type: string - ignorePreflightErrors: - description: IgnorePreflightErrors provides a - slice of pre-flight errors to be ignored when - the current node is registered. - items: - type: string - type: array - imagePullPolicy: - description: |- - ImagePullPolicy specifies the policy for image pulling - during kubeadm "init" and "join" operations. The value of - this field must be one of "Always", "IfNotPresent" or - "Never". Defaults to "IfNotPresent". This can be used only - with Kubernetes version equal to 1.22 and later. - enum: - - Always - - IfNotPresent - - Never - type: string - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to - be applied to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding - to the taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - patches: - description: |- - Patches contains options related to applying patches to components deployed by kubeadm during - "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22 - properties: - directory: - description: |- - Directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". - For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of - "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one - of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. - The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". - "suffix" is an optional string that can be used to determine which patches are applied - first alpha-numerically. - These files can be written into the target directory via KubeadmConfig.Files which - specifies additional files to be created on the machine, either with content inline or - by referencing a secret. - type: string - type: object - skipPhases: - description: |- - SkipPhases is a list of phases to skip during command execution. - The list of phases can be obtained with the "kubeadm init --help" command. - This option takes effect only on Kubernetes >=1.22.0. - items: - type: string - type: array - type: object - mounts: - description: Mounts specifies a list of mount points to - be setup. - items: - description: MountPoints defines input for generated - mounts in cloud-init. - items: - type: string - type: array - type: array - ntp: - description: NTP specifies NTP configuration - properties: - enabled: - description: Enabled specifies whether NTP should - be enabled - type: boolean - servers: - description: Servers specifies which NTP servers to - use - items: - type: string - type: array - type: object - postKubeadmCommands: - description: PostKubeadmCommands specifies extra commands - to run after kubeadm runs - items: - type: string - type: array - preKubeadmCommands: - description: PreKubeadmCommands specifies extra commands - to run before kubeadm runs - items: - type: string - type: array - useExperimentalRetryJoin: - description: |- - UseExperimentalRetryJoin replaces a basic kubeadm command with a shell - script with retries for joins. - - - This is meant to be an experimental temporary workaround on some environments - where joins fail due to timing (and other issues). The long term goal is to add retries to - kubeadm proper and use that functionality. - - - This will add about 40KB to userdata - - - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. - - - Deprecated: This experimental fix is no longer needed and this field will be removed in a future release. - When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml - type: boolean - users: - description: Users specifies extra users to add - items: - description: User defines the input for a generated - user in cloud-init. - properties: - gecos: - description: Gecos specifies the gecos to use for - the user - type: string - groups: - description: Groups specifies the additional groups - for the user - type: string - homeDir: - description: HomeDir specifies the home directory - to use for the user - type: string - inactive: - description: Inactive specifies whether to mark - the user as inactive - type: boolean - lockPassword: - description: LockPassword specifies if password - login should be disabled - type: boolean - name: - description: Name specifies the user name - type: string - passwd: - description: Passwd specifies a hashed password - for the user - type: string - passwdFrom: - description: PasswdFrom is a referenced source of - passwd to populate the passwd. - properties: - secret: - description: Secret represents a secret that - should populate this password. - properties: - key: - description: Key is the key in the secret's - data map for this value. - type: string - name: - description: Name of the secret in the KubeadmBootstrapConfig's - namespace to use. - type: string - required: - - key - - name - type: object - required: - - secret - type: object - primaryGroup: - description: PrimaryGroup specifies the primary - group for the user - type: string - shell: - description: Shell specifies the user's shell - type: string - sshAuthorizedKeys: - description: SSHAuthorizedKeys specifies a list - of ssh authorized keys for the user - items: - type: string - type: array - sudo: - description: Sudo specifies a sudo role for the - user - type: string - required: - - name - type: object - type: array - verbosity: - description: |- - Verbosity is the number for the kubeadm log level verbosity. - It overrides the `--v` flag in kubeadm commands. - format: int32 - type: integer - type: object - machineTemplate: - description: |- - MachineTemplate contains information about how machines - should be shaped when creating or updating a control plane. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - nodeDeletionTimeout: - description: |- - NodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine - hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. - If no value is provided, the default value for this property of the Machine resource will be used. - type: string - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - nodeVolumeDetachTimeout: - description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - type: string - type: object - remediationStrategy: - description: The RemediationStrategy that controls how control - plane machine remediation happens. - properties: - maxRetry: - description: "MaxRetry is the Max number of retries while - attempting to remediate an unhealthy machine.\nA retry - happens when a machine that was created as a replacement - for an unhealthy machine also fails.\nFor example, given - a control plane with three machines M1, M2, M3:\n\n\n\tM1 - become unhealthy; remediation happens, and M1-1 is created - as a replacement.\n\tIf M1-1 (replacement of M1) has - problems while bootstrapping it will become unhealthy, - and then be\n\tremediated; such operation is considered - a retry, remediation-retry #1.\n\tIf M1-2 (replacement - of M1-1) becomes unhealthy, remediation-retry #2 will - happen, etc.\n\n\nA retry could happen only after RetryPeriod - from the previous retry.\nIf a machine is marked as - unhealthy after MinHealthyPeriod from the previous remediation - expired,\nthis is not considered a retry anymore because - the new issue is assumed unrelated from the previous - one.\n\n\nIf not set, the remedation will be retried - infinitely." - format: int32 - type: integer - minHealthyPeriod: - description: "MinHealthyPeriod defines the duration after - which KCP will consider any failure to a machine unrelated\nfrom - the previous one. In this case the remediation is not - considered a retry anymore, and thus the retry\ncounter - restarts from 0. For example, assuming MinHealthyPeriod - is set to 1h (default)\n\n\n\tM1 become unhealthy; remediation - happens, and M1-1 is created as a replacement.\n\tIf - M1-1 (replacement of M1) has problems within the 1hr - after the creation, also\n\tthis machine will be remediated - and this operation is considered a retry - a problem - related\n\tto the original issue happened to M1 -.\n\n\n\tIf - instead the problem on M1-1 is happening after MinHealthyPeriod - expired, e.g. four days after\n\tm1-1 has been created - as a remediation of M1, the problem on M1-1 is considered - unrelated to\n\tthe original issue happened to M1.\n\n\nIf - not set, this value is defaulted to 1h." - type: string - retryPeriod: - description: |- - RetryPeriod is the duration that KCP should wait before remediating a machine being created as a replacement - for an unhealthy machine (a retry). - - - If not set, a retry will happen immediately. - type: string - type: object - rolloutAfter: - description: |- - RolloutAfter is a field to indicate a rollout should be performed - after the specified time even if no changes have been made to the - KubeadmControlPlane. - format: date-time - type: string - rolloutBefore: - description: |- - RolloutBefore is a field to indicate a rollout should be performed - if the specified criteria is met. - properties: - certificatesExpiryDays: - description: |- - CertificatesExpiryDays indicates a rollout needs to be performed if the - certificates of the machine will expire within the specified days. - format: int32 - type: integer - type: object - rolloutStrategy: - default: - rollingUpdate: - maxSurge: 1 - type: RollingUpdate - description: |- - The RolloutStrategy to use to replace control plane machines with - new ones. - properties: - rollingUpdate: - description: |- - Rolling update config params. Present only if - RolloutStrategyType = RollingUpdate. - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of control planes that can be scheduled above or under the - desired number of control planes. - Value can be an absolute number 1 or 0. - Defaults to 1. - Example: when this is set to 1, the control plane can be scaled - up immediately when the rolling update starts. - x-kubernetes-int-or-string: true - type: object - type: - description: |- - Type of rollout. Currently the only supported strategy is - "RollingUpdate". - Default is RollingUpdate. - type: string - type: object - required: - - kubeadmConfigSpec - type: object - required: - - spec - type: object - required: - - template - type: object - type: object - served: true - storage: true - subresources: {} - --- - apiVersion: v1 - kind: ServiceAccount - metadata: - labels: - cluster.x-k8s.io/provider: control-plane-kubeadm - name: capi-kubeadm-control-plane-manager - namespace: capi-kubeadm-control-plane-system - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - cluster.x-k8s.io/provider: control-plane-kubeadm - name: capi-kubeadm-control-plane-leader-election-role - namespace: capi-kubeadm-control-plane-system - rules: - - apiGroups: - - "" - resources: - - events - verbs: - - create - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - --- - aggregationRule: - clusterRoleSelectors: - - matchLabels: - kubeadm.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true" - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - labels: - cluster.x-k8s.io/provider: control-plane-kubeadm - name: capi-kubeadm-control-plane-aggregated-manager-role - rules: [] - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - labels: - cluster.x-k8s.io/provider: control-plane-kubeadm - kubeadm.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true" - name: capi-kubeadm-control-plane-manager-role - rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - apiGroups: - - bootstrap.cluster.x-k8s.io - - controlplane.cluster.x-k8s.io - - infrastructure.cluster.x-k8s.io - resources: - - '*' - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - clusters - - clusters/status - verbs: - - get - - list - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - machinepools - verbs: - - list - - apiGroups: - - cluster.x-k8s.io - resources: - - machines - - machines/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - get - - list - - patch - - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - create - - get - - list - - patch - - update - - watch - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - cluster.x-k8s.io/provider: control-plane-kubeadm - name: capi-kubeadm-control-plane-leader-election-rolebinding - namespace: capi-kubeadm-control-plane-system - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: capi-kubeadm-control-plane-leader-election-role - subjects: - - kind: ServiceAccount - name: capi-kubeadm-control-plane-manager - namespace: capi-kubeadm-control-plane-system - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - labels: - cluster.x-k8s.io/provider: control-plane-kubeadm - name: capi-kubeadm-control-plane-manager-rolebinding - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: capi-kubeadm-control-plane-aggregated-manager-role - subjects: - - kind: ServiceAccount - name: capi-kubeadm-control-plane-manager - namespace: capi-kubeadm-control-plane-system - --- - apiVersion: v1 - kind: Service - metadata: - labels: - cluster.x-k8s.io/provider: control-plane-kubeadm - name: capi-kubeadm-control-plane-webhook-service - namespace: capi-kubeadm-control-plane-system - spec: - ports: - - port: 443 - targetPort: webhook-server - selector: - cluster.x-k8s.io/provider: control-plane-kubeadm - --- - apiVersion: apps/v1 - kind: Deployment - metadata: - labels: - cluster.x-k8s.io/provider: control-plane-kubeadm - control-plane: controller-manager - name: capi-kubeadm-control-plane-controller-manager - namespace: capi-kubeadm-control-plane-system - spec: - replicas: 1 - selector: - matchLabels: - cluster.x-k8s.io/provider: control-plane-kubeadm - control-plane: controller-manager - template: - metadata: - labels: - cluster.x-k8s.io/provider: control-plane-kubeadm - control-plane: controller-manager - spec: - containers: - - args: - - --leader-elect - - --diagnostics-address=${CAPI_DIAGNOSTICS_ADDRESS:=:8443} - - --insecure-diagnostics=${CAPI_INSECURE_DIAGNOSTICS:=false} - - --use-deprecated-infra-machine-naming=${CAPI_USE_DEPRECATED_INFRA_MACHINE_NAMING:=false} - - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=true},ClusterTopology=${CLUSTER_TOPOLOGY:=false},KubeadmBootstrapFormatIgnition=${EXP_KUBEADM_BOOTSTRAP_FORMAT_IGNITION:=false} - command: - - /manager - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_UID - valueFrom: - fieldRef: - fieldPath: metadata.uid - image: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.7.7 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - - containerPort: 8443 - name: metrics - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - runAsGroup: 65532 - runAsUser: 65532 - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: capi-kubeadm-control-plane-manager - terminationGracePeriodSeconds: 10 - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - volumes: - - name: cert - secret: - secretName: capi-kubeadm-control-plane-webhook-service-cert - --- - apiVersion: cert-manager.io/v1 - kind: Certificate - metadata: - labels: - cluster.x-k8s.io/provider: control-plane-kubeadm - name: capi-kubeadm-control-plane-serving-cert - namespace: capi-kubeadm-control-plane-system - spec: - dnsNames: - - capi-kubeadm-control-plane-webhook-service.capi-kubeadm-control-plane-system.svc - - capi-kubeadm-control-plane-webhook-service.capi-kubeadm-control-plane-system.svc.cluster.local - issuerRef: - kind: Issuer - name: capi-kubeadm-control-plane-selfsigned-issuer - secretName: capi-kubeadm-control-plane-webhook-service-cert - subject: - organizations: - - k8s-sig-cluster-lifecycle - --- - apiVersion: cert-manager.io/v1 - kind: Issuer - metadata: - labels: - cluster.x-k8s.io/provider: control-plane-kubeadm - name: capi-kubeadm-control-plane-selfsigned-issuer - namespace: capi-kubeadm-control-plane-system - spec: - selfSigned: {} - --- - apiVersion: admissionregistration.k8s.io/v1 - kind: MutatingWebhookConfiguration - metadata: - annotations: - cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert - labels: - cluster.x-k8s.io/provider: control-plane-kubeadm - name: capi-kubeadm-control-plane-mutating-webhook-configuration - webhooks: - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-kubeadm-control-plane-webhook-service - namespace: capi-kubeadm-control-plane-system - path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane - failurePolicy: Fail - matchPolicy: Equivalent - name: default.kubeadmcontrolplane.controlplane.cluster.x-k8s.io - rules: - - apiGroups: - - controlplane.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - kubeadmcontrolplanes - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-kubeadm-control-plane-webhook-service - namespace: capi-kubeadm-control-plane-system - path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplanetemplate - failurePolicy: Fail - name: default.kubeadmcontrolplanetemplate.controlplane.cluster.x-k8s.io - rules: - - apiGroups: - - controlplane.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - kubeadmcontrolplanetemplates - sideEffects: None - --- - apiVersion: admissionregistration.k8s.io/v1 - kind: ValidatingWebhookConfiguration - metadata: - annotations: - cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert - labels: - cluster.x-k8s.io/provider: control-plane-kubeadm - name: capi-kubeadm-control-plane-validating-webhook-configuration - webhooks: - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-kubeadm-control-plane-webhook-service - namespace: capi-kubeadm-control-plane-system - path: /validate-scale-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane - failurePolicy: Fail - matchPolicy: Equivalent - name: validation-scale.kubeadmcontrolplane.controlplane.cluster.x-k8s.io - rules: - - apiGroups: - - controlplane.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - UPDATE - resources: - - kubeadmcontrolplanes/scale - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-kubeadm-control-plane-webhook-service - namespace: capi-kubeadm-control-plane-system - path: /validate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.kubeadmcontrolplane.controlplane.cluster.x-k8s.io - rules: - - apiGroups: - - controlplane.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - kubeadmcontrolplanes - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-kubeadm-control-plane-webhook-service - namespace: capi-kubeadm-control-plane-system - path: /validate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplanetemplate - failurePolicy: Fail - name: validation.kubeadmcontrolplanetemplate.controlplane.cluster.x-k8s.io - rules: - - apiGroups: - - controlplane.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - kubeadmcontrolplanetemplates - sideEffects: None - metadata: | - # maps release series of major.minor to cluster-api contract version - # the contract version may change between minor or major versions, but *not* - # between patch versions. - # - # update this file only when a new major or minor version is released - apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 - kind: Metadata - releaseSeries: - - major: 1 - minor: 7 - contract: v1beta1 - - major: 1 - minor: 6 - contract: v1beta1 - - major: 1 - minor: 5 - contract: v1beta1 - - major: 1 - minor: 4 - contract: v1beta1 - - major: 1 - minor: 3 - contract: v1beta1 - - major: 1 - minor: 2 - contract: v1beta1 - - major: 1 - minor: 1 - contract: v1beta1 - - major: 1 - minor: 0 - contract: v1beta1 -kind: ConfigMap -metadata: - labels: - provider.cluster.x-k8s.io/name: kubeadm - provider.cluster.x-k8s.io/type: controlplane - provider.cluster.x-k8s.io/version: v1.7.7 - name: controlplane-kubeadm-v1.7.7 - namespace: capi-kubeadm-control-plane-system diff --git a/test/e2e/resources/core-cluster-api-v1.8.0.yaml b/test/e2e/resources/core-cluster-api-v1.10.4.yaml similarity index 74% rename from test/e2e/resources/core-cluster-api-v1.8.0.yaml rename to test/e2e/resources/core-cluster-api-v1.10.4.yaml index a01a423d7..d2a1549e7 100644 --- a/test/e2e/resources/core-cluster-api-v1.8.0.yaml +++ b/test/e2e/resources/core-cluster-api-v1.10.4.yaml @@ -1,12 +1,20 @@ apiVersion: v1 data: components: | + apiVersion: v1 + kind: Namespace + metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + control-plane: controller-manager + name: capi-system + --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 labels: cluster.x-k8s.io/provider: cluster-api name: clusterclasses.cluster.x-k8s.io @@ -46,7 +54,6 @@ data: description: |- ClusterClass is a template which can be used to create managed topologies. - Deprecated: This type will be removed in one of the next releases. properties: apiVersion: @@ -67,25 +74,24 @@ data: metadata: type: object spec: - description: ClusterClassSpec describes the desired state of the ClusterClass. + description: spec is the desired state of ClusterClass. properties: controlPlane: description: |- - ControlPlane is a reference to a local struct that holds the details + controlPlane is a reference to a local struct that holds the details for provisioning the Control Plane for the Cluster. properties: machineInfrastructure: description: |- - MachineTemplate defines the metadata and infrastructure information + machineInfrastructure defines the metadata and infrastructure information for control plane machines. - This field is supported if and only if the control plane provider template referenced above is Machine based and supports setting replicas. properties: ref: description: |- - Ref is a required reference to a custom resource + ref is a required reference to a custom resource offered by a provider. properties: apiVersion: @@ -100,7 +106,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -134,10 +139,9 @@ data: type: object metadata: description: |- - Metadata is the metadata applied to the machines of the ControlPlane. + metadata is the metadata applied to the machines of the ControlPlane. At runtime this metadata is merged with the corresponding metadata from the topology. - This field is supported if and only if the control plane provider template referenced is Machine based. properties: @@ -145,7 +149,7 @@ data: additionalProperties: type: string description: |- - Annotations is an unstructured key value map stored with a resource that may be + annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations @@ -154,7 +158,7 @@ data: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels @@ -162,7 +166,7 @@ data: type: object ref: description: |- - Ref is a required reference to a custom resource + ref is a required reference to a custom resource offered by a provider. properties: apiVersion: @@ -177,7 +181,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -211,7 +214,7 @@ data: type: object infrastructure: description: |- - Infrastructure is a reference to a provider-specific template that holds + infrastructure is a reference to a provider-specific template that holds the details for provisioning infrastructure specific cluster for the underlying provider. The underlying provider is responsible for the implementation @@ -219,7 +222,7 @@ data: properties: ref: description: |- - Ref is a required reference to a custom resource + ref is a required reference to a custom resource offered by a provider. properties: apiVersion: @@ -234,7 +237,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -268,13 +270,13 @@ data: type: object workers: description: |- - Workers describes the worker nodes for the cluster. + workers describes the worker nodes for the cluster. It is a collection of node types which can be used to create the worker nodes of the cluster. properties: machineDeployments: description: |- - MachineDeployments is a list of machine deployment classes that can be used to create + machineDeployments is a list of machine deployment classes that can be used to create a set of worker nodes. items: description: |- @@ -283,23 +285,23 @@ data: properties: class: description: |- - Class denotes a type of worker node present in the cluster, + class denotes a type of worker node present in the cluster, this name MUST be unique within a ClusterClass and can be referenced in the Cluster to create a managed MachineDeployment. type: string template: description: |- - Template is a local struct containing a collection of templates for creation of + template is a local struct containing a collection of templates for creation of MachineDeployment objects representing a set of worker nodes. properties: bootstrap: description: |- - Bootstrap contains the bootstrap template reference to be used + bootstrap contains the bootstrap template reference to be used for the creation of worker Machines. properties: ref: description: |- - Ref is a required reference to a custom resource + ref is a required reference to a custom resource offered by a provider. properties: apiVersion: @@ -314,7 +316,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -348,12 +349,12 @@ data: type: object infrastructure: description: |- - Infrastructure contains the infrastructure template reference to be used + infrastructure contains the infrastructure template reference to be used for the creation of worker Machines. properties: ref: description: |- - Ref is a required reference to a custom resource + ref is a required reference to a custom resource offered by a provider. properties: apiVersion: @@ -368,7 +369,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -402,14 +402,14 @@ data: type: object metadata: description: |- - Metadata is the metadata applied to the machines of the MachineDeployment. + metadata is the metadata applied to the machines of the MachineDeployment. At runtime this metadata is merged with the corresponding metadata from the topology. properties: annotations: additionalProperties: type: string description: |- - Annotations is an unstructured key value map stored with a resource that may be + annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations @@ -418,7 +418,7 @@ data: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels @@ -468,16 +468,55 @@ data: metadata: type: object spec: - description: ClusterClassSpec describes the desired state of the ClusterClass. + description: spec is the desired state of ClusterClass. properties: + availabilityGates: + description: |- + availabilityGates specifies additional conditions to include when evaluating Cluster Available condition. + + NOTE: this field is considered only for computing v1beta2 conditions. + NOTE: If a Cluster is using this ClusterClass, and this Cluster defines a custom list of availabilityGates, + such list overrides availabilityGates defined in this field. + items: + description: ClusterAvailabilityGate contains the type of a Cluster + condition to be used as availability gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Cluster's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as availability gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this availabilityGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map controlPlane: description: |- - ControlPlane is a reference to a local struct that holds the details + controlPlane is a reference to a local struct that holds the details for provisioning the Control Plane for the Cluster. properties: machineHealthCheck: description: |- - MachineHealthCheck defines a MachineHealthCheck for this ControlPlaneClass. + machineHealthCheck defines a MachineHealthCheck for this ControlPlaneClass. This field is supported if and only if the ControlPlane provider template referenced above is Machine based and supports setting replicas. properties: @@ -486,32 +525,30 @@ data: - type: integer - type: string description: |- - Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by + maxUnhealthy specifies the maximum number of unhealthy machines allowed. + Any further remediation is only allowed if at most "maxUnhealthy" machines selected by "selector" are not healthy. x-kubernetes-int-or-string: true nodeStartupTimeout: description: |- - NodeStartupTimeout allows to set the maximum time for MachineHealthCheck + nodeStartupTimeout allows to set the maximum time for MachineHealthCheck to consider a Machine unhealthy if a corresponding Node isn't associated through a `Spec.ProviderID` field. - The duration set in this field is compared to the greatest of: - Cluster's infrastructure ready condition timestamp (if and when available) - Control Plane's initialized condition timestamp (if and when available) - Machine's infrastructure ready condition timestamp (if and when available) - Machine's metadata creation timestamp - Defaults to 10 minutes. If you wish to disable this feature, set the value explicitly to 0. type: string remediationTemplate: description: |- - RemediationTemplate is a reference to a remediation template + remediationTemplate is a reference to a remediation template provided by an infrastructure provider. - This field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Cluster API. @@ -528,7 +565,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -559,7 +595,7 @@ data: x-kubernetes-map-type: atomic unhealthyConditions: description: |- - UnhealthyConditions contains a list of the conditions that determine + unhealthyConditions contains a list of the conditions that determine whether a node is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy. items: @@ -569,11 +605,19 @@ data: status for at least the timeout value, a node is considered unhealthy. properties: status: + description: status of the condition, one of True, False, + Unknown. minLength: 1 type: string timeout: + description: |- + timeout is the duration that a node must be in a given status for, + after which the node is considered unhealthy. + For example, with a value of "1h", the node must match the status + for at least 1 hour before being considered unhealthy. type: string type: + description: type of Node condition minLength: 1 type: string required: @@ -581,29 +625,32 @@ data: - timeout - type type: object + maxItems: 100 type: array unhealthyRange: description: |- + unhealthyRange specifies the range of unhealthy machines allowed. Any further remediation is only allowed if the number of machines selected by "selector" as not healthy - is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy. + is within the range of "unhealthyRange". Takes precedence over maxUnhealthy. Eg. "[3-5]" - This means that remediation will be allowed only when: (a) there are at least 3 unhealthy machines (and) (b) there are at most 5 unhealthy machines + maxLength: 32 + minLength: 1 pattern: ^\[[0-9]+-[0-9]+\]$ type: string type: object machineInfrastructure: description: |- - MachineInfrastructure defines the metadata and infrastructure information + machineInfrastructure defines the metadata and infrastructure information for control plane machines. - This field is supported if and only if the control plane provider template referenced above is Machine based and supports setting replicas. properties: ref: description: |- - Ref is a required reference to a custom resource + ref is a required reference to a custom resource offered by a provider. properties: apiVersion: @@ -618,7 +665,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -652,12 +698,11 @@ data: type: object metadata: description: |- - Metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane + metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane if the ControlPlaneTemplate referenced is machine based. If not, it is applied only to the ControlPlane. At runtime this metadata is merged with the corresponding metadata from the topology. - This field is supported if and only if the control plane provider template referenced is Machine based. properties: @@ -665,7 +710,7 @@ data: additionalProperties: type: string description: |- - Annotations is an unstructured key value map stored with a resource that may be + annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations @@ -674,50 +719,96 @@ data: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels type: object type: object namingStrategy: - description: NamingStrategy allows changing the naming pattern + description: namingStrategy allows changing the naming pattern used when creating the control plane provider object. properties: template: description: |- - Template defines the template to use for generating the name of the ControlPlane object. + template defines the template to use for generating the name of the ControlPlane object. If not defined, it will fallback to `{{ .cluster.name }}-{{ .random }}`. If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will get concatenated with a random suffix of length 5. The templating mechanism provides the following arguments: * `.cluster.name`: The name of the cluster object. * `.random`: A random alphanumeric string, without vowels, of length 5. + maxLength: 1024 + minLength: 1 type: string type: object nodeDeletionTimeout: description: |- - NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine + nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. Defaults to 10 seconds. NOTE: This value can be overridden while defining a Cluster.Topology. type: string nodeDrainTimeout: description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. + nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` NOTE: This value can be overridden while defining a Cluster.Topology. type: string nodeVolumeDetachTimeout: description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes + nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. NOTE: This value can be overridden while defining a Cluster.Topology. type: string + readinessGates: + description: |- + readinessGates specifies additional conditions to include when evaluating Machine Ready condition. + + This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready + computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine. + + NOTE: This field is considered only for computing v1beta2 conditions. + NOTE: If a Cluster defines a custom list of readinessGates for the control plane, + such list overrides readinessGates defined in this field. + NOTE: Specific control plane provider implementations might automatically extend the list of readinessGates; + e.g. the kubeadm control provider adds ReadinessGates for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc. + items: + description: MachineReadinessGate contains the type of a Machine + condition to be used as a readiness gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Machine's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this readinessGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map ref: description: |- - Ref is a required reference to a custom resource + ref is a required reference to a custom resource offered by a provider. properties: apiVersion: @@ -732,7 +823,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -766,7 +856,7 @@ data: type: object infrastructure: description: |- - Infrastructure is a reference to a provider-specific template that holds + infrastructure is a reference to a provider-specific template that holds the details for provisioning infrastructure specific cluster for the underlying provider. The underlying provider is responsible for the implementation @@ -774,7 +864,7 @@ data: properties: ref: description: |- - Ref is a required reference to a custom resource + ref is a required reference to a custom resource offered by a provider. properties: apiVersion: @@ -789,7 +879,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -821,9 +910,26 @@ data: required: - ref type: object + infrastructureNamingStrategy: + description: infrastructureNamingStrategy allows changing the naming + pattern used when creating the infrastructure object. + properties: + template: + description: |- + template defines the template to use for generating the name of the Infrastructure object. + If not defined, it will fallback to `{{ .cluster.name }}-{{ .random }}`. + If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will + get concatenated with a random suffix of length 5. + The templating mechanism provides the following arguments: + * `.cluster.name`: The name of the cluster object. + * `.random`: A random alphanumeric string, without vowels, of length 5. + maxLength: 1024 + minLength: 1 + type: string + type: object patches: description: |- - Patches defines the patches which are applied to customize + patches defines the patches which are applied to customize referenced templates of a ClusterClass. Note: Patches will be applied in the order of the array. items: @@ -832,7 +938,7 @@ data: properties: definitions: description: |- - Definitions define inline patches. + definitions define inline patches. Note: Patches will be applied in the order of the array. Note: Exactly one of Definitions or External must be set. items: @@ -841,7 +947,7 @@ data: properties: jsonPatches: description: |- - JSONPatches defines the patches which should be applied on the templates + jsonPatches defines the patches which should be applied on the templates matching the selector. Note: Patches will be applied in the order of the array. items: @@ -849,20 +955,26 @@ data: properties: op: description: |- - Op defines the operation of the patch. + op defines the operation of the patch. Note: Only `add`, `replace` and `remove` are supported. + enum: + - add + - replace + - remove type: string path: description: |- - Path defines the path of the patch. + path defines the path of the patch. Note: Only the spec of a template can be patched, thus the path has to start with /spec/. Note: For now the only allowed array modifications are `append` and `prepend`, i.e.: * for op: `add`: only index 0 (prepend) and - (append) are allowed * for op: `replace` or `remove`: no indexes are allowed + maxLength: 512 + minLength: 1 type: string value: description: |- - Value defines the value of the patch. + value defines the value of the patch. Note: Either Value or ValueFrom is required for add and replace operations. Only one of them is allowed to be set at the same time. Note: We have to use apiextensionsv1.JSON instead of our JSON type, @@ -872,73 +984,88 @@ data: x-kubernetes-preserve-unknown-fields: true valueFrom: description: |- - ValueFrom defines the value of the patch. + valueFrom defines the value of the patch. Note: Either Value or ValueFrom is required for add and replace operations. Only one of them is allowed to be set at the same time. properties: template: description: |- - Template is the Go template to be used to calculate the value. + template is the Go template to be used to calculate the value. A template can reference variables defined in .spec.variables and builtin variables. Note: The template must evaluate to a valid YAML or JSON value. + maxLength: 10240 + minLength: 1 type: string variable: description: |- - Variable is the variable to be used as value. + variable is the variable to be used as value. Variable can be one of the variables defined in .spec.variables or a builtin variable. + maxLength: 256 + minLength: 1 type: string type: object required: - op - path type: object + maxItems: 100 type: array selector: - description: Selector defines on which templates the patch + description: selector defines on which templates the patch should be applied. properties: apiVersion: - description: APIVersion filters templates by apiVersion. + description: apiVersion filters templates by apiVersion. + maxLength: 512 + minLength: 1 type: string kind: - description: Kind filters templates by kind. + description: kind filters templates by kind. + maxLength: 256 + minLength: 1 type: string matchResources: - description: MatchResources selects templates based + description: matchResources selects templates based on where they are referenced. properties: controlPlane: description: |- - ControlPlane selects templates referenced in .spec.ControlPlane. + controlPlane selects templates referenced in .spec.ControlPlane. Note: this will match the controlPlane and also the controlPlane machineInfrastructure (depending on the kind and apiVersion). type: boolean infrastructureCluster: - description: InfrastructureCluster selects templates + description: infrastructureCluster selects templates referenced in .spec.infrastructure. type: boolean machineDeploymentClass: description: |- - MachineDeploymentClass selects templates referenced in specific MachineDeploymentClasses in + machineDeploymentClass selects templates referenced in specific MachineDeploymentClasses in .spec.workers.machineDeployments. properties: names: - description: Names selects templates by class + description: names selects templates by class names. items: + maxLength: 256 + minLength: 1 type: string + maxItems: 100 type: array type: object machinePoolClass: description: |- - MachinePoolClass selects templates referenced in specific MachinePoolClasses in + machinePoolClass selects templates referenced in specific MachinePoolClasses in .spec.workers.machinePools. properties: names: - description: Names selects templates by class + description: names selects templates by class names. items: + maxLength: 256 + minLength: 1 type: string + maxItems: 100 type: array type: object type: object @@ -951,55 +1078,69 @@ data: - jsonPatches - selector type: object + maxItems: 100 type: array description: - description: Description is a human-readable description of + description: description is a human-readable description of this patch. + maxLength: 1024 + minLength: 1 type: string enabledIf: description: |- - EnabledIf is a Go template to be used to calculate if a patch should be enabled. + enabledIf is a Go template to be used to calculate if a patch should be enabled. It can reference variables defined in .spec.variables and builtin variables. The patch will be enabled if the template evaluates to `true`, otherwise it will be disabled. If EnabledIf is not set, the patch will be enabled per default. + maxLength: 256 + minLength: 1 type: string external: description: |- - External defines an external patch. + external defines an external patch. Note: Exactly one of Definitions or External must be set. properties: discoverVariablesExtension: - description: DiscoverVariablesExtension references an extension + description: discoverVariablesExtension references an extension which is called to discover variables. + maxLength: 512 + minLength: 1 type: string generateExtension: - description: GenerateExtension references an extension which + description: generateExtension references an extension which is called to generate patches. + maxLength: 512 + minLength: 1 type: string settings: additionalProperties: type: string description: |- - Settings defines key value pairs to be passed to the extensions. + settings defines key value pairs to be passed to the extensions. Values defined here take precedence over the values defined in the corresponding ExtensionConfig. type: object validateExtension: - description: ValidateExtension references an extension which + description: validateExtension references an extension which is called to validate the topology. + maxLength: 512 + minLength: 1 type: string type: object name: - description: Name of the patch. + description: name of the patch. + maxLength: 256 + minLength: 1 type: string required: - name type: object + maxItems: 1000 type: array variables: description: |- - Variables defines the variables which can be configured + variables defines the variables which can be configured in the Cluster topology and are then used in patches. items: description: |- @@ -1008,18 +1149,17 @@ data: properties: metadata: description: |- - Metadata is the metadata of a variable. + metadata is the metadata of a variable. It can be used to add additional data for higher level tools to a ClusterClassVariable. - Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please use XMetadata in JSONSchemaProps instead. properties: annotations: additionalProperties: type: string description: |- - Annotations is an unstructured key value map that can be used to store and + annotations is an unstructured key value map that can be used to store and retrieve arbitrary metadata. They are not queryable. type: object @@ -1027,101 +1167,120 @@ data: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) variables. type: object type: object name: - description: Name of the variable. + description: name of the variable. + maxLength: 256 + minLength: 1 type: string required: description: |- - Required specifies if the variable is required. + required specifies if the variable is required. Note: this applies to the variable as a whole and thus the top-level object defined in the schema. If nested fields are required, this will be specified inside the schema. type: boolean schema: - description: Schema defines the schema of the variable. + description: schema defines the schema of the variable. properties: openAPIV3Schema: description: |- - OpenAPIV3Schema defines the schema of a variable via OpenAPI v3 + openAPIV3Schema defines the schema of a variable via OpenAPI v3 schema. The schema is a subset of the schema used in Kubernetes CRDs. properties: additionalProperties: description: |- - AdditionalProperties specifies the schema of values in a map (keys are always strings). + additionalProperties specifies the schema of values in a map (keys are always strings). NOTE: Can only be set if type is object. NOTE: AdditionalProperties is mutually exclusive with Properties. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible. x-kubernetes-preserve-unknown-fields: true + allOf: + description: |- + allOf specifies that the variable must validate against all of the subschemas in the array. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + anyOf: + description: |- + anyOf specifies that the variable must validate against one or more of the subschemas in the array. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true default: description: |- - Default is the default value of the variable. + default is the default value of the variable. NOTE: Can be set for all types. x-kubernetes-preserve-unknown-fields: true description: - description: Description is a human-readable description + description: description is a human-readable description of this variable. + maxLength: 4096 + minLength: 1 type: string enum: description: |- - Enum is the list of valid values of the variable. + enum is the list of valid values of the variable. NOTE: Can be set for all types. items: x-kubernetes-preserve-unknown-fields: true + maxItems: 100 type: array example: - description: Example is an example for this variable. + description: example is an example for this variable. x-kubernetes-preserve-unknown-fields: true exclusiveMaximum: description: |- - ExclusiveMaximum specifies if the Maximum is exclusive. + exclusiveMaximum specifies if the Maximum is exclusive. NOTE: Can only be set if type is integer or number. type: boolean exclusiveMinimum: description: |- - ExclusiveMinimum specifies if the Minimum is exclusive. + exclusiveMinimum specifies if the Minimum is exclusive. NOTE: Can only be set if type is integer or number. type: boolean format: description: |- - Format is an OpenAPI v3 format string. Unknown formats are ignored. + format is an OpenAPI v3 format string. Unknown formats are ignored. For a list of supported formats please see: (of the k8s.io/apiextensions-apiserver version we're currently using) https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go NOTE: Can only be set if type is string. + maxLength: 32 + minLength: 1 type: string items: description: |- - Items specifies fields of an array. + items specifies fields of an array. NOTE: Can only be set if type is array. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible. x-kubernetes-preserve-unknown-fields: true maxItems: description: |- - MaxItems is the max length of an array variable. + maxItems is the max length of an array variable. NOTE: Can only be set if type is array. format: int64 type: integer maxLength: description: |- - MaxLength is the max length of a string variable. + maxLength is the max length of a string variable. NOTE: Can only be set if type is string. format: int64 type: integer maxProperties: description: |- - MaxProperties is the maximum amount of entries in a map or properties in an object. + maxProperties is the maximum amount of entries in a map or properties in an object. NOTE: Can only be set if type is object. format: int64 type: integer maximum: description: |- - Maximum is the maximum of an integer or number variable. + maximum is the maximum of an integer or number variable. If ExclusiveMaximum is false, the variable is valid if it is lower than, or equal to, the value of Maximum. If ExclusiveMaximum is true, the variable is valid if it is strictly lower than the value of Maximum. NOTE: Can only be set if type is integer or number. @@ -1129,38 +1288,52 @@ data: type: integer minItems: description: |- - MinItems is the min length of an array variable. + minItems is the min length of an array variable. NOTE: Can only be set if type is array. format: int64 type: integer minLength: description: |- - MinLength is the min length of a string variable. + minLength is the min length of a string variable. NOTE: Can only be set if type is string. format: int64 type: integer minProperties: description: |- - MinProperties is the minimum amount of entries in a map or properties in an object. + minProperties is the minimum amount of entries in a map or properties in an object. NOTE: Can only be set if type is object. format: int64 type: integer minimum: description: |- - Minimum is the minimum of an integer or number variable. + minimum is the minimum of an integer or number variable. If ExclusiveMinimum is false, the variable is valid if it is greater than, or equal to, the value of Minimum. If ExclusiveMinimum is true, the variable is valid if it is strictly greater than the value of Minimum. NOTE: Can only be set if type is integer or number. format: int64 type: integer + not: + description: |- + not specifies that the variable must not validate against the subschema. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + oneOf: + description: |- + oneOf specifies that the variable must validate against exactly one of the subschemas in the array. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true pattern: description: |- - Pattern is the regex which a string variable must match. + pattern is the regex which a string variable must match. NOTE: Can only be set if type is string. + maxLength: 512 + minLength: 1 type: string properties: description: |- - Properties specifies fields of an object. + properties specifies fields of an object. NOTE: Can only be set if type is object. NOTE: Properties is mutually exclusive with AdditionalProperties. NOTE: This field uses PreserveUnknownFields and Schemaless, @@ -1168,37 +1341,64 @@ data: x-kubernetes-preserve-unknown-fields: true required: description: |- - Required specifies which fields of an object are required. + required specifies which fields of an object are required. NOTE: Can only be set if type is object. items: + maxLength: 256 + minLength: 1 type: string + maxItems: 1000 type: array type: description: |- - Type is the type of the variable. + type is the type of the variable. Valid values are: object, array, string, integer, number or boolean. + enum: + - object + - array + - string + - integer + - number + - boolean type: string uniqueItems: description: |- - UniqueItems specifies if items in an array must be unique. + uniqueItems specifies if items in an array must be unique. NOTE: Can only be set if type is array. type: boolean + x-kubernetes-int-or-string: + description: |- + x-kubernetes-int-or-string specifies that this value is + either an integer or a string. If this is true, an empty + type is allowed and type as child of anyOf is permitted + if following one of the following patterns: + + 1) anyOf: + - type: integer + - type: string + 2) allOf: + - anyOf: + - type: integer + - type: string + - ... zero or more + type: boolean x-kubernetes-preserve-unknown-fields: description: |- - XPreserveUnknownFields allows setting fields in a variable object + x-kubernetes-preserve-unknown-fields allows setting fields in a variable object which are not defined in the variable schema. This affects fields recursively, except if nested properties or additionalProperties are specified in the schema. type: boolean x-kubernetes-validations: - description: XValidations describes a list of validation - rules written in the CEL expression language. + description: x-kubernetes-validations describes a list + of validation rules written in the CEL expression + language. items: description: ValidationRule describes a validation rule written in the CEL expression language. properties: fieldPath: description: |- - FieldPath represents the field path returned when the validation fails. + fieldPath represents the field path returned when the validation fails. It must be a relative JSON path (i.e. with array notation) scoped to the location of this x-kubernetes-validations extension in the schema and refer to an existing field. e.g. when validation checks if a specific attribute `foo` under a map `testMap`, the fieldPath could be set to `.testMap.foo` If the validation checks two lists must have unique attributes, the fieldPath could be set to either of the list: e.g. `.testList` @@ -1207,17 +1407,21 @@ data: Numeric index of array is not supported. For field name which contains special characters, use `['specialName']` to refer the field name. e.g. for attribute `foo.34$` appears in a list `testList`, the fieldPath could be set to `.testList['foo.34$']` + maxLength: 512 + minLength: 1 type: string message: description: |- - Message represents the message displayed when validation fails. The message is required if the Rule contains + message represents the message displayed when validation fails. The message is required if the Rule contains line breaks. The message must not contain line breaks. If unset, the message is "failed rule: {Rule}". e.g. "must be a URL with the host matching spec.host" + maxLength: 512 + minLength: 1 type: string messageExpression: description: |- - MessageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. + messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. Since messageExpression is used as a failure message, it must evaluate to a string. If both message and messageExpression are present on a rule, then messageExpression will be used if validation fails. If messageExpression results in a runtime error, the validation failure message is produced @@ -1226,11 +1430,13 @@ data: messageExpression has access to all the same variables as the rule; the only difference is the return type. Example: "x must be less than max ("+string(self.max)+")" + maxLength: 1024 + minLength: 1 type: string reason: default: FieldValueInvalid description: |- - Reason provides a machine-readable validation failure reason that is returned to the caller when a request fails this validation rule. + reason provides a machine-readable validation failure reason that is returned to the caller when a request fails this validation rule. The currently supported reasons are: "FieldValueInvalid", "FieldValueForbidden", "FieldValueRequired", "FieldValueDuplicate". If not set, default to use "FieldValueInvalid". All future added reasons must be accepted by clients when reading this value and unknown reasons should be treated as FieldValueInvalid. @@ -1241,7 +1447,7 @@ data: - FieldValueDuplicate type: string rule: - description: "Rule represents the expression which + description: "rule represents the expression which will be evaluated by CEL.\nref: https://github.com/google/cel-spec\nThe Rule is scoped to the location of the x-kubernetes-validations extension in the schema.\nThe `self` variable @@ -1264,7 +1470,7 @@ data: < 10\"}\n- Rule scoped to a list of integers: {\"rule\": \"self.values.all(value, value >= 0 && value < 100)\"}\n- Rule scoped to a string - value: {\"rule\": \"self.startsWith('kube')\"}\n\n\nUnknown + value: {\"rule\": \"self.startsWith('kube')\"}\n\nUnknown data preserved in custom resources via x-kubernetes-preserve-unknown-fields is not accessible in CEL\nexpressions. This includes:\n- Unknown field values that are preserved @@ -1276,49 +1482,52 @@ data: set to true\n - An array where the items schema is of an \"unknown type\"\n - An object where the additionalProperties schema is of an \"unknown - type\"\n\n\nOnly property names of the form - `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.\nAccessible - property names are escaped according to the - following rules when accessed in the expression:\n- - '__' escapes to '__underscores__'\n- '.' escapes - to '__dot__'\n- '-' escapes to '__dash__'\n- - '/' escapes to '__slash__'\n- Property names - that exactly match a CEL RESERVED keyword escape - to '__{keyword}__'. The keywords are:\n\t \"true\", - \"false\", \"null\", \"in\", \"as\", \"break\", - \"const\", \"continue\", \"else\", \"for\", - \"function\", \"if\",\n\t \"import\", \"let\", - \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n + type\"\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` + are accessible.\nAccessible property names are + escaped according to the following rules when + accessed in the expression:\n- '__' escapes + to '__underscores__'\n- '.' escapes to '__dot__'\n- + '-' escapes to '__dash__'\n- '/' escapes to + '__slash__'\n- Property names that exactly match + a CEL RESERVED keyword escape to '__{keyword}__'. + The keywords are:\n\t \"true\", \"false\", + \"null\", \"in\", \"as\", \"break\", \"const\", + \"continue\", \"else\", \"for\", \"function\", + \"if\",\n\t \"import\", \"let\", \"loop\", + \"package\", \"namespace\", \"return\".\nExamples:\n \ - Rule accessing a property named \"namespace\": {\"rule\": \"self.__namespace__ > 0\"}\n - Rule accessing a property named \"x-prop\": {\"rule\": \"self.x__dash__prop > 0\"}\n - Rule accessing a property named \"redact__d\": - {\"rule\": \"self.redact__underscores__d > 0\"}\n\n\nIf + {\"rule\": \"self.redact__underscores__d > 0\"}\n\nIf `rule` makes use of the `oldSelf` variable it - is implicitly a\n`transition rule`.\n\n\nBy - default, the `oldSelf` variable is the same - type as `self`.\n\n\nTransition rules by default - are applied only on UPDATE requests and are\nskipped - if an old value could not be found." + is implicitly a\n`transition rule`.\n\nBy default, + the `oldSelf` variable is the same type as `self`.\n\nTransition + rules by default are applied only on UPDATE + requests and are\nskipped if an old value could + not be found." + maxLength: 4096 + minLength: 1 type: string required: - rule type: object + maxItems: 100 type: array x-kubernetes-list-map-keys: - rule x-kubernetes-list-type: map x-metadata: description: |- - XMetadata is the metadata of a variable or a nested field within a variable. + x-metadata is the metadata of a variable or a nested field within a variable. It can be used to add additional data for higher level tools. properties: annotations: additionalProperties: type: string description: |- - Annotations is an unstructured key value map that can be used to store and + annotations is an unstructured key value map that can be used to store and retrieve arbitrary metadata. They are not queryable. type: object @@ -1326,12 +1535,10 @@ data: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) variables. type: object type: object - required: - - type type: object required: - openAPIV3Schema @@ -1341,16 +1548,17 @@ data: - required - schema type: object + maxItems: 1000 type: array workers: description: |- - Workers describes the worker nodes for the cluster. + workers describes the worker nodes for the cluster. It is a collection of node types which can be used to create the worker nodes of the cluster. properties: machineDeployments: description: |- - MachineDeployments is a list of machine deployment classes that can be used to create + machineDeployments is a list of machine deployment classes that can be used to create a set of worker nodes. items: description: |- @@ -1359,18 +1567,22 @@ data: properties: class: description: |- - Class denotes a type of worker node present in the cluster, + class denotes a type of worker node present in the cluster, this name MUST be unique within a ClusterClass and can be referenced in the Cluster to create a managed MachineDeployment. + maxLength: 256 + minLength: 1 type: string failureDomain: description: |- - FailureDomain is the failure domain the machines will be created in. + failureDomain is the failure domain the machines will be created in. Must match a key in the FailureDomains map stored on the cluster object. NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. + maxLength: 256 + minLength: 1 type: string machineHealthCheck: - description: MachineHealthCheck defines a MachineHealthCheck + description: machineHealthCheck defines a MachineHealthCheck for this MachineDeploymentClass. properties: maxUnhealthy: @@ -1378,32 +1590,30 @@ data: - type: integer - type: string description: |- - Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by + maxUnhealthy specifies the maximum number of unhealthy machines allowed. + Any further remediation is only allowed if at most "maxUnhealthy" machines selected by "selector" are not healthy. x-kubernetes-int-or-string: true nodeStartupTimeout: description: |- - NodeStartupTimeout allows to set the maximum time for MachineHealthCheck + nodeStartupTimeout allows to set the maximum time for MachineHealthCheck to consider a Machine unhealthy if a corresponding Node isn't associated through a `Spec.ProviderID` field. - The duration set in this field is compared to the greatest of: - Cluster's infrastructure ready condition timestamp (if and when available) - Control Plane's initialized condition timestamp (if and when available) - Machine's infrastructure ready condition timestamp (if and when available) - Machine's metadata creation timestamp - Defaults to 10 minutes. If you wish to disable this feature, set the value explicitly to 0. type: string remediationTemplate: description: |- - RemediationTemplate is a reference to a remediation template + remediationTemplate is a reference to a remediation template provided by an infrastructure provider. - This field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Cluster API. @@ -1420,7 +1630,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1451,7 +1660,7 @@ data: x-kubernetes-map-type: atomic unhealthyConditions: description: |- - UnhealthyConditions contains a list of the conditions that determine + unhealthyConditions contains a list of the conditions that determine whether a node is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy. items: @@ -1461,11 +1670,19 @@ data: status for at least the timeout value, a node is considered unhealthy. properties: status: + description: status of the condition, one of True, + False, Unknown. minLength: 1 type: string timeout: + description: |- + timeout is the duration that a node must be in a given status for, + after which the node is considered unhealthy. + For example, with a value of "1h", the node must match the status + for at least 1 hour before being considered unhealthy. type: string type: + description: type of Node condition minLength: 1 type: string required: @@ -1473,20 +1690,24 @@ data: - timeout - type type: object + maxItems: 100 type: array unhealthyRange: description: |- + unhealthyRange specifies the range of unhealthy machines allowed. Any further remediation is only allowed if the number of machines selected by "selector" as not healthy - is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy. + is within the range of "unhealthyRange". Takes precedence over maxUnhealthy. Eg. "[3-5]" - This means that remediation will be allowed only when: (a) there are at least 3 unhealthy machines (and) (b) there are at most 5 unhealthy machines + maxLength: 32 + minLength: 1 pattern: ^\[[0-9]+-[0-9]+\]$ type: string type: object minReadySeconds: description: |- - Minimum number of seconds for which a newly created machine should + minReadySeconds is the minimum number of seconds for which a newly created machine should be ready. Defaults to 0 (machine will be considered available as soon as it is ready) @@ -1494,12 +1715,12 @@ data: format: int32 type: integer namingStrategy: - description: NamingStrategy allows changing the naming pattern + description: namingStrategy allows changing the naming pattern used when creating the MachineDeployment. properties: template: description: |- - Template defines the template to use for generating the name of the MachineDeployment object. + template defines the template to use for generating the name of the MachineDeployment object. If not defined, it will fallback to `{{ .cluster.name }}-{{ .machineDeployment.topologyName }}-{{ .random }}`. If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will get concatenated with a random suffix of length 5. @@ -1507,37 +1728,81 @@ data: * `.cluster.name`: The name of the cluster object. * `.random`: A random alphanumeric string, without vowels, of length 5. * `.machineDeployment.topologyName`: The name of the MachineDeployment topology (Cluster.spec.topology.workers.machineDeployments[].name). + maxLength: 1024 + minLength: 1 type: string type: object nodeDeletionTimeout: description: |- - NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine + nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. Defaults to 10 seconds. NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. type: string nodeDrainTimeout: description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. + nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. type: string nodeVolumeDetachTimeout: description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes + nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. type: string + readinessGates: + description: |- + readinessGates specifies additional conditions to include when evaluating Machine Ready condition. + + This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready + computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine. + + NOTE: This field is considered only for computing v1beta2 conditions. + NOTE: If a Cluster defines a custom list of readinessGates for a MachineDeployment using this MachineDeploymentClass, + such list overrides readinessGates defined in this field. + items: + description: MachineReadinessGate contains the type of + a Machine condition to be used as a readiness gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Machine's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this readinessGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map strategy: description: |- - The deployment strategy to use to replace existing machines with + strategy is the deployment strategy to use to replace existing machines with new ones. NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. properties: remediation: description: |- - Remediation controls the strategy of remediating unhealthy machines + remediation controls the strategy of remediating unhealthy machines and how remediating operations should occur during the lifecycle of the dependant MachineSets. properties: maxInFlight: @@ -1545,34 +1810,30 @@ data: - type: integer - type: string description: |- - MaxInFlight determines how many in flight remediations should happen at the same time. - + maxInFlight determines how many in flight remediations should happen at the same time. Remediation only happens on the MachineSet with the most current revision, while older MachineSets (usually present during rollout operations) aren't allowed to remediate. - Note: In general (independent of remediations), unhealthy machines are always prioritized during scale down operations over healthy ones. - MaxInFlight can be set to a fixed number or a percentage. Example: when this is set to 20%, the MachineSet controller deletes at most 20% of the desired replicas. - If not set, remediation is limited to all machines (bounded by replicas) under the active MachineSet's management. x-kubernetes-int-or-string: true type: object rollingUpdate: description: |- - Rolling update config params. Present only if + rollingUpdate is the rolling update config params. Present only if MachineDeploymentStrategyType = RollingUpdate. properties: deletePolicy: description: |- - DeletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling. + deletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling. Valid values are "Random, "Newest", "Oldest" When no value is supplied, the default DeletePolicy of MachineSet is used enum: @@ -1585,7 +1846,7 @@ data: - type: integer - type: string description: |- - The maximum number of machines that can be scheduled above the + maxSurge is the maximum number of machines that can be scheduled above the desired number of machines. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). @@ -1604,7 +1865,7 @@ data: - type: integer - type: string description: |- - The maximum number of machines that can be unavailable during the update. + maxUnavailable is the maximum number of machines that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). Absolute number is calculated from percentage by rounding down. @@ -1620,7 +1881,7 @@ data: type: object type: description: |- - Type of deployment. Allowed values are RollingUpdate and OnDelete. + type of deployment. Allowed values are RollingUpdate and OnDelete. The default is RollingUpdate. enum: - RollingUpdate @@ -1629,17 +1890,17 @@ data: type: object template: description: |- - Template is a local struct containing a collection of templates for creation of + template is a local struct containing a collection of templates for creation of MachineDeployment objects representing a set of worker nodes. properties: bootstrap: description: |- - Bootstrap contains the bootstrap template reference to be used + bootstrap contains the bootstrap template reference to be used for the creation of worker Machines. properties: ref: description: |- - Ref is a required reference to a custom resource + ref is a required reference to a custom resource offered by a provider. properties: apiVersion: @@ -1654,7 +1915,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1688,12 +1948,12 @@ data: type: object infrastructure: description: |- - Infrastructure contains the infrastructure template reference to be used + infrastructure contains the infrastructure template reference to be used for the creation of worker Machines. properties: ref: description: |- - Ref is a required reference to a custom resource + ref is a required reference to a custom resource offered by a provider. properties: apiVersion: @@ -1708,7 +1968,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1742,14 +2001,14 @@ data: type: object metadata: description: |- - Metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment. + metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment. At runtime this metadata is merged with the corresponding metadata from the topology. properties: annotations: additionalProperties: type: string description: |- - Annotations is an unstructured key value map stored with a resource that may be + annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations @@ -1758,7 +2017,7 @@ data: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels @@ -1772,13 +2031,14 @@ data: - class - template type: object + maxItems: 100 type: array x-kubernetes-list-map-keys: - class x-kubernetes-list-type: map machinePools: description: |- - MachinePools is a list of machine pool classes that can be used to create + machinePools is a list of machine pool classes that can be used to create a set of worker nodes. items: description: |- @@ -1787,21 +2047,26 @@ data: properties: class: description: |- - Class denotes a type of machine pool present in the cluster, + class denotes a type of machine pool present in the cluster, this name MUST be unique within a ClusterClass and can be referenced in the Cluster to create a managed MachinePool. + maxLength: 256 + minLength: 1 type: string failureDomains: description: |- - FailureDomains is the list of failure domains the MachinePool should be attached to. + failureDomains is the list of failure domains the MachinePool should be attached to. Must match a key in the FailureDomains map stored on the cluster object. NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. items: + maxLength: 256 + minLength: 1 type: string + maxItems: 100 type: array minReadySeconds: description: |- - Minimum number of seconds for which a newly created machine pool should + minReadySeconds is the minimum number of seconds for which a newly created machine pool should be ready. Defaults to 0 (machine will be considered available as soon as it is ready) @@ -1809,12 +2074,12 @@ data: format: int32 type: integer namingStrategy: - description: NamingStrategy allows changing the naming pattern + description: namingStrategy allows changing the naming pattern used when creating the MachinePool. properties: template: description: |- - Template defines the template to use for generating the name of the MachinePool object. + template defines the template to use for generating the name of the MachinePool object. If not defined, it will fallback to `{{ .cluster.name }}-{{ .machinePool.topologyName }}-{{ .random }}`. If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will get concatenated with a random suffix of length 5. @@ -1822,41 +2087,43 @@ data: * `.cluster.name`: The name of the cluster object. * `.random`: A random alphanumeric string, without vowels, of length 5. * `.machinePool.topologyName`: The name of the MachinePool topology (Cluster.spec.topology.workers.machinePools[].name). + maxLength: 1024 + minLength: 1 type: string type: object nodeDeletionTimeout: description: |- - NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine + nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine hosts after the Machine Pool is marked for deletion. A duration of 0 will retry deletion indefinitely. Defaults to 10 seconds. NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. type: string nodeDrainTimeout: description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. + nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. type: string nodeVolumeDetachTimeout: description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes + nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. type: string template: description: |- - Template is a local struct containing a collection of templates for creation of + template is a local struct containing a collection of templates for creation of MachinePools objects representing a pool of worker nodes. properties: bootstrap: description: |- - Bootstrap contains the bootstrap template reference to be used + bootstrap contains the bootstrap template reference to be used for the creation of the Machines in the MachinePool. properties: ref: description: |- - Ref is a required reference to a custom resource + ref is a required reference to a custom resource offered by a provider. properties: apiVersion: @@ -1871,7 +2138,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1905,12 +2171,12 @@ data: type: object infrastructure: description: |- - Infrastructure contains the infrastructure template reference to be used + infrastructure contains the infrastructure template reference to be used for the creation of the MachinePool. properties: ref: description: |- - Ref is a required reference to a custom resource + ref is a required reference to a custom resource offered by a provider. properties: apiVersion: @@ -1925,7 +2191,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1959,14 +2224,14 @@ data: type: object metadata: description: |- - Metadata is the metadata applied to the MachinePool. + metadata is the metadata applied to the MachinePool. At runtime this metadata is merged with the corresponding metadata from the topology. properties: annotations: additionalProperties: type: string description: |- - Annotations is an unstructured key value map stored with a resource that may be + annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations @@ -1975,7 +2240,7 @@ data: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels @@ -1989,6 +2254,7 @@ data: - class - template type: object + maxItems: 100 type: array x-kubernetes-list-map-keys: - class @@ -1996,46 +2262,53 @@ data: type: object type: object status: - description: ClusterClassStatus defines the observed state of the ClusterClass. + description: status is the observed state of ClusterClass. properties: conditions: - description: Conditions defines current observed state of the ClusterClass. + description: conditions defines current observed state of the ClusterClass. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. + maxLength: 256 + minLength: 1 type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime @@ -2044,43 +2317,113 @@ data: type: object type: array observedGeneration: - description: ObservedGeneration is the latest generation observed + description: observedGeneration is the latest generation observed by the controller. format: int64 type: integer + v1beta2: + description: v1beta2 groups all the fields that will be added or modified + in ClusterClass's status with the V1Beta2 version. + properties: + conditions: + description: |- + conditions represents the observations of a ClusterClass's current state. + Known condition types are VariablesReady, RefVersionsUpToDate, Paused. + items: + description: Condition contains details for one aspect of the + current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object variables: - description: Variables is a list of ClusterClassStatusVariable that + description: variables is a list of ClusterClassStatusVariable that are defined for the ClusterClass. items: description: ClusterClassStatusVariable defines a variable which appears in the status of a ClusterClass. properties: definitions: - description: Definitions is a list of definitions for a variable. + description: definitions is a list of definitions for a variable. items: description: ClusterClassStatusVariableDefinition defines a variable which appears in the status of a ClusterClass. properties: from: description: |- - From specifies the origin of the variable definition. + from specifies the origin of the variable definition. This will be `inline` for variables defined in the ClusterClass or the name of a patch defined in the ClusterClass for variables discovered from a DiscoverVariables runtime extensions. + maxLength: 256 + minLength: 1 type: string metadata: description: |- - Metadata is the metadata of a variable. + metadata is the metadata of a variable. It can be used to add additional data for higher level tools to a ClusterClassVariable. - Deprecated: This field is deprecated and is going to be removed in the next apiVersion. properties: annotations: additionalProperties: type: string description: |- - Annotations is an unstructured key value map that can be used to store and + annotations is an unstructured key value map that can be used to store and retrieve arbitrary metadata. They are not queryable. type: object @@ -2088,98 +2431,115 @@ data: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) variables. type: object type: object required: description: |- - Required specifies if the variable is required. + required specifies if the variable is required. Note: this applies to the variable as a whole and thus the top-level object defined in the schema. If nested fields are required, this will be specified inside the schema. type: boolean schema: - description: Schema defines the schema of the variable. + description: schema defines the schema of the variable. properties: openAPIV3Schema: description: |- - OpenAPIV3Schema defines the schema of a variable via OpenAPI v3 + openAPIV3Schema defines the schema of a variable via OpenAPI v3 schema. The schema is a subset of the schema used in Kubernetes CRDs. properties: additionalProperties: description: |- - AdditionalProperties specifies the schema of values in a map (keys are always strings). + additionalProperties specifies the schema of values in a map (keys are always strings). NOTE: Can only be set if type is object. NOTE: AdditionalProperties is mutually exclusive with Properties. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible. x-kubernetes-preserve-unknown-fields: true + allOf: + description: |- + allOf specifies that the variable must validate against all of the subschemas in the array. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + anyOf: + description: |- + anyOf specifies that the variable must validate against one or more of the subschemas in the array. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true default: description: |- - Default is the default value of the variable. + default is the default value of the variable. NOTE: Can be set for all types. x-kubernetes-preserve-unknown-fields: true description: - description: Description is a human-readable description + description: description is a human-readable description of this variable. + maxLength: 4096 + minLength: 1 type: string enum: description: |- - Enum is the list of valid values of the variable. + enum is the list of valid values of the variable. NOTE: Can be set for all types. items: x-kubernetes-preserve-unknown-fields: true + maxItems: 100 type: array example: - description: Example is an example for this variable. + description: example is an example for this variable. x-kubernetes-preserve-unknown-fields: true exclusiveMaximum: description: |- - ExclusiveMaximum specifies if the Maximum is exclusive. + exclusiveMaximum specifies if the Maximum is exclusive. NOTE: Can only be set if type is integer or number. type: boolean exclusiveMinimum: description: |- - ExclusiveMinimum specifies if the Minimum is exclusive. + exclusiveMinimum specifies if the Minimum is exclusive. NOTE: Can only be set if type is integer or number. type: boolean format: description: |- - Format is an OpenAPI v3 format string. Unknown formats are ignored. + format is an OpenAPI v3 format string. Unknown formats are ignored. For a list of supported formats please see: (of the k8s.io/apiextensions-apiserver version we're currently using) https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go NOTE: Can only be set if type is string. + maxLength: 32 + minLength: 1 type: string items: description: |- - Items specifies fields of an array. + items specifies fields of an array. NOTE: Can only be set if type is array. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible. x-kubernetes-preserve-unknown-fields: true maxItems: description: |- - MaxItems is the max length of an array variable. + maxItems is the max length of an array variable. NOTE: Can only be set if type is array. format: int64 type: integer maxLength: description: |- - MaxLength is the max length of a string variable. + maxLength is the max length of a string variable. NOTE: Can only be set if type is string. format: int64 type: integer maxProperties: description: |- - MaxProperties is the maximum amount of entries in a map or properties in an object. + maxProperties is the maximum amount of entries in a map or properties in an object. NOTE: Can only be set if type is object. format: int64 type: integer maximum: description: |- - Maximum is the maximum of an integer or number variable. + maximum is the maximum of an integer or number variable. If ExclusiveMaximum is false, the variable is valid if it is lower than, or equal to, the value of Maximum. If ExclusiveMaximum is true, the variable is valid if it is strictly lower than the value of Maximum. NOTE: Can only be set if type is integer or number. @@ -2187,38 +2547,52 @@ data: type: integer minItems: description: |- - MinItems is the min length of an array variable. + minItems is the min length of an array variable. NOTE: Can only be set if type is array. format: int64 type: integer minLength: description: |- - MinLength is the min length of a string variable. + minLength is the min length of a string variable. NOTE: Can only be set if type is string. format: int64 type: integer minProperties: description: |- - MinProperties is the minimum amount of entries in a map or properties in an object. + minProperties is the minimum amount of entries in a map or properties in an object. NOTE: Can only be set if type is object. format: int64 type: integer minimum: description: |- - Minimum is the minimum of an integer or number variable. + minimum is the minimum of an integer or number variable. If ExclusiveMinimum is false, the variable is valid if it is greater than, or equal to, the value of Minimum. If ExclusiveMinimum is true, the variable is valid if it is strictly greater than the value of Minimum. NOTE: Can only be set if type is integer or number. format: int64 type: integer + not: + description: |- + not specifies that the variable must not validate against the subschema. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + oneOf: + description: |- + oneOf specifies that the variable must validate against exactly one of the subschemas in the array. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true pattern: description: |- - Pattern is the regex which a string variable must match. + pattern is the regex which a string variable must match. NOTE: Can only be set if type is string. + maxLength: 512 + minLength: 1 type: string properties: description: |- - Properties specifies fields of an object. + properties specifies fields of an object. NOTE: Can only be set if type is object. NOTE: Properties is mutually exclusive with AdditionalProperties. NOTE: This field uses PreserveUnknownFields and Schemaless, @@ -2226,38 +2600,64 @@ data: x-kubernetes-preserve-unknown-fields: true required: description: |- - Required specifies which fields of an object are required. + required specifies which fields of an object are required. NOTE: Can only be set if type is object. items: + maxLength: 256 + minLength: 1 type: string + maxItems: 1000 type: array type: description: |- - Type is the type of the variable. + type is the type of the variable. Valid values are: object, array, string, integer, number or boolean. + enum: + - object + - array + - string + - integer + - number + - boolean type: string uniqueItems: description: |- - UniqueItems specifies if items in an array must be unique. + uniqueItems specifies if items in an array must be unique. NOTE: Can only be set if type is array. type: boolean + x-kubernetes-int-or-string: + description: |- + x-kubernetes-int-or-string specifies that this value is + either an integer or a string. If this is true, an empty + type is allowed and type as child of anyOf is permitted + if following one of the following patterns: + + 1) anyOf: + - type: integer + - type: string + 2) allOf: + - anyOf: + - type: integer + - type: string + - ... zero or more + type: boolean x-kubernetes-preserve-unknown-fields: description: |- - XPreserveUnknownFields allows setting fields in a variable object + x-kubernetes-preserve-unknown-fields allows setting fields in a variable object which are not defined in the variable schema. This affects fields recursively, except if nested properties or additionalProperties are specified in the schema. type: boolean x-kubernetes-validations: - description: XValidations describes a list of - validation rules written in the CEL expression - language. + description: x-kubernetes-validations describes + a list of validation rules written in the CEL + expression language. items: description: ValidationRule describes a validation rule written in the CEL expression language. properties: fieldPath: description: |- - FieldPath represents the field path returned when the validation fails. + fieldPath represents the field path returned when the validation fails. It must be a relative JSON path (i.e. with array notation) scoped to the location of this x-kubernetes-validations extension in the schema and refer to an existing field. e.g. when validation checks if a specific attribute `foo` under a map `testMap`, the fieldPath could be set to `.testMap.foo` If the validation checks two lists must have unique attributes, the fieldPath could be set to either of the list: e.g. `.testList` @@ -2266,17 +2666,21 @@ data: Numeric index of array is not supported. For field name which contains special characters, use `['specialName']` to refer the field name. e.g. for attribute `foo.34$` appears in a list `testList`, the fieldPath could be set to `.testList['foo.34$']` + maxLength: 512 + minLength: 1 type: string message: description: |- - Message represents the message displayed when validation fails. The message is required if the Rule contains + message represents the message displayed when validation fails. The message is required if the Rule contains line breaks. The message must not contain line breaks. If unset, the message is "failed rule: {Rule}". e.g. "must be a URL with the host matching spec.host" + maxLength: 512 + minLength: 1 type: string messageExpression: description: |- - MessageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. + messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. Since messageExpression is used as a failure message, it must evaluate to a string. If both message and messageExpression are present on a rule, then messageExpression will be used if validation fails. If messageExpression results in a runtime error, the validation failure message is produced @@ -2285,11 +2689,13 @@ data: messageExpression has access to all the same variables as the rule; the only difference is the return type. Example: "x must be less than max ("+string(self.max)+")" + maxLength: 1024 + minLength: 1 type: string reason: default: FieldValueInvalid description: |- - Reason provides a machine-readable validation failure reason that is returned to the caller when a request fails this validation rule. + reason provides a machine-readable validation failure reason that is returned to the caller when a request fails this validation rule. The currently supported reasons are: "FieldValueInvalid", "FieldValueForbidden", "FieldValueRequired", "FieldValueDuplicate". If not set, default to use "FieldValueInvalid". All future added reasons must be accepted by clients when reading this value and unknown reasons should be treated as FieldValueInvalid. @@ -2300,7 +2706,7 @@ data: - FieldValueDuplicate type: string rule: - description: "Rule represents the expression + description: "rule represents the expression which will be evaluated by CEL.\nref: https://github.com/google/cel-spec\nThe Rule is scoped to the location of the @@ -2328,7 +2734,7 @@ data: 10\"}\n- Rule scoped to a list of integers: {\"rule\": \"self.values.all(value, value >= 0 && value < 100)\"}\n- Rule scoped - to a string value: {\"rule\": \"self.startsWith('kube')\"}\n\n\nUnknown + to a string value: {\"rule\": \"self.startsWith('kube')\"}\n\nUnknown data preserved in custom resources via x-kubernetes-preserve-unknown-fields is not accessible in CEL\nexpressions. This @@ -2341,7 +2747,7 @@ data: set to true\n - An array where the items schema is of an \"unknown type\"\n - An object where the additionalProperties - schema is of an \"unknown type\"\n\n\nOnly + schema is of an \"unknown type\"\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.\nAccessible property names are escaped according to the following @@ -2362,31 +2768,34 @@ data: {\"rule\": \"self.x__dash__prop > 0\"}\n \ - Rule accessing a property named \"redact__d\": {\"rule\": \"self.redact__underscores__d - > 0\"}\n\n\nIf `rule` makes use of the - `oldSelf` variable it is implicitly a\n`transition - rule`.\n\n\nBy default, the `oldSelf` - variable is the same type as `self`.\n\n\nTransition + > 0\"}\n\nIf `rule` makes use of the `oldSelf` + variable it is implicitly a\n`transition + rule`.\n\nBy default, the `oldSelf` variable + is the same type as `self`.\n\nTransition rules by default are applied only on UPDATE requests and are\nskipped if an old value could not be found." + maxLength: 4096 + minLength: 1 type: string required: - rule type: object + maxItems: 100 type: array x-kubernetes-list-map-keys: - rule x-kubernetes-list-type: map x-metadata: description: |- - XMetadata is the metadata of a variable or a nested field within a variable. + x-metadata is the metadata of a variable or a nested field within a variable. It can be used to add additional data for higher level tools. properties: annotations: additionalProperties: type: string description: |- - Annotations is an unstructured key value map that can be used to store and + annotations is an unstructured key value map that can be used to store and retrieve arbitrary metadata. They are not queryable. type: object @@ -2394,12 +2803,10 @@ data: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) variables. type: object type: object - required: - - type type: object required: - openAPIV3Schema @@ -2409,18 +2816,22 @@ data: - required - schema type: object + maxItems: 100 type: array definitionsConflict: - description: DefinitionsConflict specifies whether or not there + description: definitionsConflict specifies whether or not there are conflicting definitions for a single variable name. type: boolean name: - description: Name is the name of the variable. + description: name is the name of the variable. + maxLength: 256 + minLength: 1 type: string required: - definitions - name type: object + maxItems: 1000 type: array type: object type: object @@ -2434,7 +2845,7 @@ data: metadata: annotations: cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 labels: cluster.x-k8s.io/provider: cluster-api name: clusterresourcesetbindings.addons.cluster.x-k8s.io @@ -2467,7 +2878,6 @@ data: description: |- ClusterResourceSetBinding lists all matching ClusterResourceSets with the cluster it belongs to. - Deprecated: This type will be removed in one of the next releases. properties: apiVersion: @@ -2488,21 +2898,20 @@ data: metadata: type: object spec: - description: ClusterResourceSetBindingSpec defines the desired state of - ClusterResourceSetBinding. + description: spec is the desired state of ClusterResourceSetBinding. properties: bindings: - description: Bindings is a list of ClusterResourceSets and their resources. + description: bindings is a list of ClusterResourceSets and their resources. items: description: ResourceSetBinding keeps info on all of the resources in a ClusterResourceSet. properties: clusterResourceSetName: - description: ClusterResourceSetName is the name of the ClusterResourceSet + description: clusterResourceSetName is the name of the ClusterResourceSet that is applied to the owner cluster of the binding. type: string resources: - description: Resources is a list of resources that the ClusterResourceSet + description: resources is a list of resources that the ClusterResourceSet has. items: description: ResourceBinding shows the status of a resource @@ -2510,28 +2919,28 @@ data: cluster of the ClusterResourceSetBinding object. properties: applied: - description: Applied is to track if a resource is applied + description: applied is to track if a resource is applied to the cluster or not. type: boolean hash: description: |- - Hash is the hash of a resource's data. This can be used to decide if a resource is changed. + hash is the hash of a resource's data. This can be used to decide if a resource is changed. For "ApplyOnce" ClusterResourceSet.spec.strategy, this is no-op as that strategy does not act on change. type: string kind: - description: 'Kind of the resource. Supported kinds are: + description: 'kind of the resource. Supported kinds are: Secrets and ConfigMaps.' enum: - Secret - ConfigMap type: string lastAppliedTime: - description: LastAppliedTime identifies when this resource + description: lastAppliedTime identifies when this resource was last applied to the cluster. format: date-time type: string name: - description: Name of the resource that is in the same + description: name of the resource that is in the same namespace with ClusterResourceSet object. minLength: 1 type: string @@ -2563,7 +2972,6 @@ data: description: |- ClusterResourceSetBinding lists all matching ClusterResourceSets with the cluster it belongs to. - Deprecated: This type will be removed in one of the next releases. properties: apiVersion: @@ -2584,21 +2992,20 @@ data: metadata: type: object spec: - description: ClusterResourceSetBindingSpec defines the desired state of - ClusterResourceSetBinding. + description: spec is the desired state of ClusterResourceSetBinding. properties: bindings: - description: Bindings is a list of ClusterResourceSets and their resources. + description: bindings is a list of ClusterResourceSets and their resources. items: description: ResourceSetBinding keeps info on all of the resources in a ClusterResourceSet. properties: clusterResourceSetName: - description: ClusterResourceSetName is the name of the ClusterResourceSet + description: clusterResourceSetName is the name of the ClusterResourceSet that is applied to the owner cluster of the binding. type: string resources: - description: Resources is a list of resources that the ClusterResourceSet + description: resources is a list of resources that the ClusterResourceSet has. items: description: ResourceBinding shows the status of a resource @@ -2606,28 +3013,28 @@ data: cluster of the ClusterResourceSetBinding object. properties: applied: - description: Applied is to track if a resource is applied + description: applied is to track if a resource is applied to the cluster or not. type: boolean hash: description: |- - Hash is the hash of a resource's data. This can be used to decide if a resource is changed. + hash is the hash of a resource's data. This can be used to decide if a resource is changed. For "ApplyOnce" ClusterResourceSet.spec.strategy, this is no-op as that strategy does not act on change. type: string kind: - description: 'Kind of the resource. Supported kinds are: + description: 'kind of the resource. Supported kinds are: Secrets and ConfigMaps.' enum: - Secret - ConfigMap type: string lastAppliedTime: - description: LastAppliedTime identifies when this resource + description: lastAppliedTime identifies when this resource was last applied to the cluster. format: date-time type: string name: - description: Name of the resource that is in the same + description: name of the resource that is in the same namespace with ClusterResourceSet object. minLength: 1 type: string @@ -2676,21 +3083,22 @@ data: metadata: type: object spec: - description: ClusterResourceSetBindingSpec defines the desired state of - ClusterResourceSetBinding. + description: spec is the desired state of ClusterResourceSetBinding. properties: bindings: - description: Bindings is a list of ClusterResourceSets and their resources. + description: bindings is a list of ClusterResourceSets and their resources. items: description: ResourceSetBinding keeps info on all of the resources in a ClusterResourceSet. properties: clusterResourceSetName: - description: ClusterResourceSetName is the name of the ClusterResourceSet + description: clusterResourceSetName is the name of the ClusterResourceSet that is applied to the owner cluster of the binding. + maxLength: 253 + minLength: 1 type: string resources: - description: Resources is a list of resources that the ClusterResourceSet + description: resources is a list of resources that the ClusterResourceSet has. items: description: ResourceBinding shows the status of a resource @@ -2698,29 +3106,32 @@ data: cluster of the ClusterResourceSetBinding object. properties: applied: - description: Applied is to track if a resource is applied + description: applied is to track if a resource is applied to the cluster or not. type: boolean hash: description: |- - Hash is the hash of a resource's data. This can be used to decide if a resource is changed. + hash is the hash of a resource's data. This can be used to decide if a resource is changed. For "ApplyOnce" ClusterResourceSet.spec.strategy, this is no-op as that strategy does not act on change. + maxLength: 256 + minLength: 1 type: string kind: - description: 'Kind of the resource. Supported kinds are: + description: 'kind of the resource. Supported kinds are: Secrets and ConfigMaps.' enum: - Secret - ConfigMap type: string lastAppliedTime: - description: LastAppliedTime identifies when this resource + description: lastAppliedTime identifies when this resource was last applied to the cluster. format: date-time type: string name: - description: Name of the resource that is in the same + description: name of the resource that is in the same namespace with ClusterResourceSet object. + maxLength: 253 minLength: 1 type: string required: @@ -2728,15 +3139,19 @@ data: - kind - name type: object + maxItems: 100 type: array required: - clusterResourceSetName type: object + maxItems: 100 type: array clusterName: description: |- - ClusterName is the name of the Cluster this binding applies to. + clusterName is the name of the Cluster this binding applies to. Note: this field mandatory in v1beta2. + maxLength: 63 + minLength: 1 type: string type: object type: object @@ -2750,7 +3165,7 @@ data: metadata: annotations: cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 labels: cluster.x-k8s.io/provider: cluster-api name: clusterresourcesets.addons.cluster.x-k8s.io @@ -2783,7 +3198,6 @@ data: description: |- ClusterResourceSet is the Schema for the clusterresourcesets API. - Deprecated: This type will be removed in one of the next releases. properties: apiVersion: @@ -2804,11 +3218,11 @@ data: metadata: type: object spec: - description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet. + description: spec is the desired state of ClusterResourceSet. properties: clusterSelector: description: |- - Label selector for Clusters. The Clusters that are + clusterSelector is the label selector for Clusters. The Clusters that are selected by this will be the ones affected by this ClusterResourceSet. It must match the Cluster labels. This field is immutable. properties: @@ -2856,20 +3270,20 @@ data: type: object x-kubernetes-map-type: atomic resources: - description: Resources is a list of Secrets/ConfigMaps where each + description: resources is a list of Secrets/ConfigMaps where each contains 1 or more resources to be applied to remote clusters. items: description: ResourceRef specifies a resource. properties: kind: - description: 'Kind of the resource. Supported kinds are: Secrets + description: 'kind of the resource. Supported kinds are: Secrets and ConfigMaps.' enum: - Secret - ConfigMap type: string name: - description: Name of the resource that is in the same namespace + description: name of the resource that is in the same namespace with ClusterResourceSet object. minLength: 1 type: string @@ -2879,7 +3293,7 @@ data: type: object type: array strategy: - description: Strategy is the strategy to be used during applying resources. + description: strategy is the strategy to be used during applying resources. Defaults to ApplyOnce. This field is immutable. enum: - ApplyOnce @@ -2888,44 +3302,44 @@ data: - clusterSelector type: object status: - description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet. + description: status is the observed state of ClusterResourceSet. properties: conditions: - description: Conditions defines current state of the ClusterResourceSet. + description: conditions defines current state of the ClusterResourceSet. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -2935,7 +3349,7 @@ data: type: object type: array observedGeneration: - description: ObservedGeneration reflects the generation of the most + description: observedGeneration reflects the generation of the most recently observed ClusterResourceSet. format: int64 type: integer @@ -2957,7 +3371,6 @@ data: description: |- ClusterResourceSet is the Schema for the clusterresourcesets API. - Deprecated: This type will be removed in one of the next releases. properties: apiVersion: @@ -2978,11 +3391,11 @@ data: metadata: type: object spec: - description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet. + description: spec is the desired state of ClusterResourceSet. properties: clusterSelector: description: |- - Label selector for Clusters. The Clusters that are + clusterSelector is the label selector for Clusters. The Clusters that are selected by this will be the ones affected by this ClusterResourceSet. It must match the Cluster labels. This field is immutable. Label selector cannot be empty. @@ -3031,20 +3444,20 @@ data: type: object x-kubernetes-map-type: atomic resources: - description: Resources is a list of Secrets/ConfigMaps where each + description: resources is a list of Secrets/ConfigMaps where each contains 1 or more resources to be applied to remote clusters. items: description: ResourceRef specifies a resource. properties: kind: - description: 'Kind of the resource. Supported kinds are: Secrets + description: 'kind of the resource. Supported kinds are: Secrets and ConfigMaps.' enum: - Secret - ConfigMap type: string name: - description: Name of the resource that is in the same namespace + description: name of the resource that is in the same namespace with ClusterResourceSet object. minLength: 1 type: string @@ -3054,7 +3467,7 @@ data: type: object type: array strategy: - description: Strategy is the strategy to be used during applying resources. + description: strategy is the strategy to be used during applying resources. Defaults to ApplyOnce. This field is immutable. enum: - ApplyOnce @@ -3063,44 +3476,44 @@ data: - clusterSelector type: object status: - description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet. + description: status is the observed state of ClusterResourceSet. properties: conditions: - description: Conditions defines current state of the ClusterResourceSet. + description: conditions defines current state of the ClusterResourceSet. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -3110,7 +3523,7 @@ data: type: object type: array observedGeneration: - description: ObservedGeneration reflects the generation of the most + description: observedGeneration reflects the generation of the most recently observed ClusterResourceSet. format: int64 type: integer @@ -3128,8 +3541,9 @@ data: name: v1beta1 schema: openAPIV3Schema: - description: ClusterResourceSet is the Schema for the clusterresourcesets - API. + description: |- + ClusterResourceSet is the Schema for the clusterresourcesets API. + For advanced use cases an add-on provider should be used instead. properties: apiVersion: description: |- @@ -3149,11 +3563,11 @@ data: metadata: type: object spec: - description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet. + description: spec is the desired state of ClusterResourceSet. properties: clusterSelector: description: |- - Label selector for Clusters. The Clusters that are + clusterSelector is the label selector for Clusters. The Clusters that are selected by this will be the ones affected by this ClusterResourceSet. It must match the Cluster labels. This field is immutable. Label selector cannot be empty. @@ -3202,30 +3616,32 @@ data: type: object x-kubernetes-map-type: atomic resources: - description: Resources is a list of Secrets/ConfigMaps where each + description: resources is a list of Secrets/ConfigMaps where each contains 1 or more resources to be applied to remote clusters. items: description: ResourceRef specifies a resource. properties: kind: - description: 'Kind of the resource. Supported kinds are: Secrets + description: 'kind of the resource. Supported kinds are: Secrets and ConfigMaps.' enum: - Secret - ConfigMap type: string name: - description: Name of the resource that is in the same namespace + description: name of the resource that is in the same namespace with ClusterResourceSet object. + maxLength: 253 minLength: 1 type: string required: - kind - name type: object + maxItems: 100 type: array strategy: - description: Strategy is the strategy to be used during applying resources. + description: strategy is the strategy to be used during applying resources. Defaults to ApplyOnce. This field is immutable. enum: - ApplyOnce @@ -3235,46 +3651,53 @@ data: - clusterSelector type: object status: - description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet. + description: status is the observed state of ClusterResourceSet. properties: conditions: - description: Conditions defines current state of the ClusterResourceSet. + description: conditions defines current state of the ClusterResourceSet. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. + maxLength: 256 + minLength: 1 type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime @@ -3283,10 +3706,79 @@ data: type: object type: array observedGeneration: - description: ObservedGeneration reflects the generation of the most + description: observedGeneration reflects the generation of the most recently observed ClusterResourceSet. format: int64 type: integer + v1beta2: + description: v1beta2 groups all the fields that will be added or modified + in ClusterResourceSet's status with the V1Beta2 version. + properties: + conditions: + description: |- + conditions represents the observations of a ClusterResourceSet's current state. + Known condition types are ResourceSetApplied, Deleting. + items: + description: Condition contains details for one aspect of the + current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object type: object type: object served: true @@ -3299,7 +3791,7 @@ data: metadata: annotations: cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 labels: cluster.x-k8s.io/provider: cluster-api name: clusters.cluster.x-k8s.io @@ -3356,21 +3848,23 @@ data: metadata: type: object spec: - description: ClusterSpec defines the desired state of Cluster. + description: spec is the desired state of Cluster. properties: clusterNetwork: - description: Cluster network configuration. + description: clusterNetwork is the cluster network configuration. properties: apiServerPort: description: |- - APIServerPort specifies the port the API Server should bind to. + apiServerPort specifies the port the API Server should bind to. Defaults to 6443. format: int32 type: integer pods: - description: The network ranges from which Pod networks are allocated. + description: pods is the network ranges from which Pod networks + are allocated. properties: cidrBlocks: + description: cidrBlocks is a list of CIDR blocks. items: type: string type: array @@ -3378,12 +3872,14 @@ data: - cidrBlocks type: object serviceDomain: - description: Domain name for services. + description: serviceDomain is the domain name for services. type: string services: - description: The network ranges from which service VIPs are allocated. + description: services is the network ranges from which service + VIPs are allocated. properties: cidrBlocks: + description: cidrBlocks is a list of CIDR blocks. items: type: string type: array @@ -3392,14 +3888,14 @@ data: type: object type: object controlPlaneEndpoint: - description: ControlPlaneEndpoint represents the endpoint used to + description: controlPlaneEndpoint represents the endpoint used to communicate with the control plane. properties: host: - description: The hostname on which the API server is serving. + description: host is the hostname on which the API server is serving. type: string port: - description: The port on which the API server is serving. + description: port is the port on which the API server is serving. format: int32 type: integer required: @@ -3408,7 +3904,7 @@ data: type: object controlPlaneRef: description: |- - ControlPlaneRef is an optional reference to a provider-specific resource that holds + controlPlaneRef is an optional reference to a provider-specific resource that holds the details for provisioning the Control Plane for a Cluster. properties: apiVersion: @@ -3423,7 +3919,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -3454,7 +3949,7 @@ data: x-kubernetes-map-type: atomic infrastructureRef: description: |- - InfrastructureRef is a reference to a provider-specific resource that holds the details + infrastructureRef is a reference to a provider-specific resource that holds the details for provisioning infrastructure for a cluster in said provider. properties: apiVersion: @@ -3469,7 +3964,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -3499,49 +3993,49 @@ data: type: object x-kubernetes-map-type: atomic paused: - description: Paused can be used to prevent controllers from processing + description: paused can be used to prevent controllers from processing the Cluster and all its associated objects. type: boolean type: object status: - description: ClusterStatus defines the observed state of Cluster. + description: status is the observed state of Cluster. properties: conditions: - description: Conditions defines current service state of the cluster. + description: conditions defines current service state of the cluster. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -3551,11 +4045,11 @@ data: type: object type: array controlPlaneInitialized: - description: ControlPlaneInitialized defines if the control plane + description: controlPlaneInitialized defines if the control plane has been initialized. type: boolean controlPlaneReady: - description: ControlPlaneReady defines if the control plane is ready. + description: controlPlaneReady defines if the control plane is ready. type: boolean failureDomains: additionalProperties: @@ -3566,40 +4060,40 @@ data: attributes: additionalProperties: type: string - description: Attributes is a free form map of attributes an + description: attributes is a free form map of attributes an infrastructure provider might use or require. type: object controlPlane: - description: ControlPlane determines if this failure domain + description: controlPlane determines if this failure domain is suitable for use by control plane machines. type: boolean type: object - description: FailureDomains is a slice of failure domain objects synced + description: failureDomains is a slice of failure domain objects synced from the infrastructure provider. type: object failureMessage: description: |- - FailureMessage indicates that there is a fatal problem reconciling the + failureMessage indicates that there is a fatal problem reconciling the state, and will be set to a descriptive error message. type: string failureReason: description: |- - FailureReason indicates that there is a fatal problem reconciling the + failureReason indicates that there is a fatal problem reconciling the state, and will be set to a token value suitable for programmatic interpretation. type: string infrastructureReady: - description: InfrastructureReady is the state of the infrastructure + description: infrastructureReady is the state of the infrastructure provider. type: boolean observedGeneration: - description: ObservedGeneration is the latest generation observed + description: observedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: description: |- - Phase represents the current phase of cluster actuation. + phase represents the current phase of cluster actuation. E.g. Pending, Running, Terminating, Failed etc. type: string type: object @@ -3624,7 +4118,6 @@ data: description: |- Cluster is the Schema for the clusters API. - Deprecated: This type will be removed in one of the next releases. properties: apiVersion: @@ -3645,21 +4138,23 @@ data: metadata: type: object spec: - description: ClusterSpec defines the desired state of Cluster. + description: spec is the desired state of Cluster. properties: clusterNetwork: - description: Cluster network configuration. + description: clusterNetwork is the cluster network configuration. properties: apiServerPort: description: |- - APIServerPort specifies the port the API Server should bind to. + apiServerPort specifies the port the API Server should bind to. Defaults to 6443. format: int32 type: integer pods: - description: The network ranges from which Pod networks are allocated. + description: pods is the network ranges from which Pod networks + are allocated. properties: cidrBlocks: + description: cidrBlocks is a list of CIDR blocks. items: type: string type: array @@ -3667,12 +4162,14 @@ data: - cidrBlocks type: object serviceDomain: - description: Domain name for services. + description: serviceDomain is the domain name for services. type: string services: - description: The network ranges from which service VIPs are allocated. + description: services is the network ranges from which service + VIPs are allocated. properties: cidrBlocks: + description: cidrBlocks is a list of CIDR blocks. items: type: string type: array @@ -3681,14 +4178,14 @@ data: type: object type: object controlPlaneEndpoint: - description: ControlPlaneEndpoint represents the endpoint used to + description: controlPlaneEndpoint represents the endpoint used to communicate with the control plane. properties: host: - description: The hostname on which the API server is serving. + description: host is the hostname on which the API server is serving. type: string port: - description: The port on which the API server is serving. + description: port is the port on which the API server is serving. format: int32 type: integer required: @@ -3697,7 +4194,7 @@ data: type: object controlPlaneRef: description: |- - ControlPlaneRef is an optional reference to a provider-specific resource that holds + controlPlaneRef is an optional reference to a provider-specific resource that holds the details for provisioning the Control Plane for a Cluster. properties: apiVersion: @@ -3712,7 +4209,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -3743,7 +4239,7 @@ data: x-kubernetes-map-type: atomic infrastructureRef: description: |- - InfrastructureRef is a reference to a provider-specific resource that holds the details + infrastructureRef is a reference to a provider-specific resource that holds the details for provisioning infrastructure for a cluster in said provider. properties: apiVersion: @@ -3758,7 +4254,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -3788,29 +4283,28 @@ data: type: object x-kubernetes-map-type: atomic paused: - description: Paused can be used to prevent controllers from processing + description: paused can be used to prevent controllers from processing the Cluster and all its associated objects. type: boolean topology: description: |- - This encapsulates the topology for the cluster. + topology encapsulates the topology for the cluster. NOTE: It is required to enable the ClusterTopology feature gate flag to activate managed topologies support; this feature is highly experimental, and parts of it might still be not implemented. properties: class: - description: The name of the ClusterClass object to create the - topology. + description: class is the name of the ClusterClass object to create + the topology. type: string controlPlane: - description: ControlPlane describes the cluster control plane. + description: controlPlane describes the cluster control plane. properties: metadata: description: |- - Metadata is the metadata applied to the machines of the ControlPlane. + metadata is the metadata applied to the machines of the ControlPlane. At runtime this metadata is merged with the corresponding metadata from the ClusterClass. - This field is supported if and only if the control plane provider template referenced in the ClusterClass is Machine based. properties: @@ -3818,7 +4312,7 @@ data: additionalProperties: type: string description: |- - Annotations is an unstructured key value map stored with a resource that may be + annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations @@ -3827,7 +4321,7 @@ data: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels @@ -3835,7 +4329,7 @@ data: type: object replicas: description: |- - Replicas is the number of control plane nodes. + replicas is the number of control plane nodes. If the value is nil, the ControlPlane object is created without the number of Replicas and it's assumed that the control plane controller does not implement support for this field. When specified against a control plane provider that lacks support for this field, this value will be ignored. @@ -3844,20 +4338,20 @@ data: type: object rolloutAfter: description: |- - RolloutAfter performs a rollout of the entire cluster one component at a time, + rolloutAfter performs a rollout of the entire cluster one component at a time, control plane first and then machine deployments. format: date-time type: string version: - description: The Kubernetes version of the cluster. + description: version is the Kubernetes version of the cluster. type: string workers: description: |- - Workers encapsulates the different constructs that form the worker nodes + workers encapsulates the different constructs that form the worker nodes for the cluster. properties: machineDeployments: - description: MachineDeployments is a list of machine deployments + description: machineDeployments is a list of machine deployments in the cluster. items: description: |- @@ -3866,20 +4360,20 @@ data: properties: class: description: |- - Class is the name of the MachineDeploymentClass used to create the set of worker nodes. + class is the name of the MachineDeploymentClass used to create the set of worker nodes. This should match one of the deployment classes defined in the ClusterClass object mentioned in the `Cluster.Spec.Class` field. type: string metadata: description: |- - Metadata is the metadata applied to the machines of the MachineDeployment. + metadata is the metadata applied to the machines of the MachineDeployment. At runtime this metadata is merged with the corresponding metadata from the ClusterClass. properties: annotations: additionalProperties: type: string description: |- - Annotations is an unstructured key value map stored with a resource that may be + annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations @@ -3888,7 +4382,7 @@ data: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels @@ -3896,14 +4390,14 @@ data: type: object name: description: |- - Name is the unique identifier for this MachineDeploymentTopology. + name is the unique identifier for this MachineDeploymentTopology. The value is used with other unique identifiers to create a MachineDeployment's Name (e.g. cluster's name, etc). In case the name is greater than the allowed maximum length, the values are hashed together. type: string replicas: description: |- - Replicas is the number of worker nodes belonging to this set. + replicas is the number of worker nodes belonging to this set. If the value is nil, the MachineDeployment is created without the number of Replicas (defaulting to zero) and it's assumed that an external entity (like cluster autoscaler) is responsible for the management of this value. @@ -3921,44 +4415,44 @@ data: type: object type: object status: - description: ClusterStatus defines the observed state of Cluster. + description: status is the observed state of Cluster. properties: conditions: - description: Conditions defines current service state of the cluster. + description: conditions defines current service state of the cluster. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -3968,7 +4462,7 @@ data: type: object type: array controlPlaneReady: - description: ControlPlaneReady defines if the control plane is ready. + description: controlPlaneReady defines if the control plane is ready. type: boolean failureDomains: additionalProperties: @@ -3979,40 +4473,40 @@ data: attributes: additionalProperties: type: string - description: Attributes is a free form map of attributes an + description: attributes is a free form map of attributes an infrastructure provider might use or require. type: object controlPlane: - description: ControlPlane determines if this failure domain + description: controlPlane determines if this failure domain is suitable for use by control plane machines. type: boolean type: object - description: FailureDomains is a slice of failure domain objects synced + description: failureDomains is a slice of failure domain objects synced from the infrastructure provider. type: object failureMessage: description: |- - FailureMessage indicates that there is a fatal problem reconciling the + failureMessage indicates that there is a fatal problem reconciling the state, and will be set to a descriptive error message. type: string failureReason: description: |- - FailureReason indicates that there is a fatal problem reconciling the + failureReason indicates that there is a fatal problem reconciling the state, and will be set to a token value suitable for programmatic interpretation. type: string infrastructureReady: - description: InfrastructureReady is the state of the infrastructure + description: infrastructureReady is the state of the infrastructure provider. type: boolean observedGeneration: - description: ObservedGeneration is the latest generation observed + description: observedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: description: |- - Phase represents the current phase of cluster actuation. + phase represents the current phase of cluster actuation. E.g. Pending, Running, Terminating, Failed etc. type: string type: object @@ -4062,50 +4556,103 @@ data: metadata: type: object spec: - description: ClusterSpec defines the desired state of Cluster. + description: spec is the desired state of Cluster. properties: + availabilityGates: + description: |- + availabilityGates specifies additional conditions to include when evaluating Cluster Available condition. + + If this field is not defined and the Cluster implements a managed topology, availabilityGates + from the corresponding ClusterClass will be used, if any. + + NOTE: this field is considered only for computing v1beta2 conditions. + items: + description: ClusterAvailabilityGate contains the type of a Cluster + condition to be used as availability gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Cluster's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as availability gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this availabilityGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map clusterNetwork: - description: Cluster network configuration. + description: clusterNetwork represents the cluster network configuration. properties: apiServerPort: description: |- - APIServerPort specifies the port the API Server should bind to. + apiServerPort specifies the port the API Server should bind to. Defaults to 6443. format: int32 type: integer pods: - description: The network ranges from which Pod networks are allocated. + description: pods is the network ranges from which Pod networks + are allocated. properties: cidrBlocks: + description: cidrBlocks is a list of CIDR blocks. items: + maxLength: 43 + minLength: 1 type: string + maxItems: 100 type: array required: - cidrBlocks type: object serviceDomain: - description: Domain name for services. + description: serviceDomain is the domain name for services. + maxLength: 253 + minLength: 1 type: string services: - description: The network ranges from which service VIPs are allocated. + description: services is the network ranges from which service + VIPs are allocated. properties: cidrBlocks: + description: cidrBlocks is a list of CIDR blocks. items: + maxLength: 43 + minLength: 1 type: string + maxItems: 100 type: array required: - cidrBlocks type: object type: object controlPlaneEndpoint: - description: ControlPlaneEndpoint represents the endpoint used to + description: controlPlaneEndpoint represents the endpoint used to communicate with the control plane. properties: host: - description: The hostname on which the API server is serving. + description: host is the hostname on which the API server is serving. + maxLength: 512 type: string port: - description: The port on which the API server is serving. + description: port is the port on which the API server is serving. format: int32 type: integer required: @@ -4114,7 +4661,7 @@ data: type: object controlPlaneRef: description: |- - ControlPlaneRef is an optional reference to a provider-specific resource that holds + controlPlaneRef is an optional reference to a provider-specific resource that holds the details for provisioning the Control Plane for a Cluster. properties: apiVersion: @@ -4129,7 +4676,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -4160,7 +4706,7 @@ data: x-kubernetes-map-type: atomic infrastructureRef: description: |- - InfrastructureRef is a reference to a provider-specific resource that holds the details + infrastructureRef is a reference to a provider-specific resource that holds the details for provisioning infrastructure for a cluster in said provider. properties: apiVersion: @@ -4175,7 +4721,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -4205,40 +4750,50 @@ data: type: object x-kubernetes-map-type: atomic paused: - description: Paused can be used to prevent controllers from processing + description: paused can be used to prevent controllers from processing the Cluster and all its associated objects. type: boolean topology: description: |- - This encapsulates the topology for the cluster. + topology encapsulates the topology for the cluster. NOTE: It is required to enable the ClusterTopology feature gate flag to activate managed topologies support; this feature is highly experimental, and parts of it might still be not implemented. properties: class: - description: The name of the ClusterClass object to create the - topology. + description: class is the name of the ClusterClass object to create + the topology. + maxLength: 253 + minLength: 1 + type: string + classNamespace: + description: |- + classNamespace is the namespace of the ClusterClass that should be used for the topology. + If classNamespace is empty or not set, it is defaulted to the namespace of the Cluster object. + classNamespace must be a valid namespace name and because of that be at most 63 characters in length + and it must consist only of lower case alphanumeric characters or hyphens (-), and must start + and end with an alphanumeric character. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string controlPlane: - description: ControlPlane describes the cluster control plane. + description: controlPlane describes the cluster control plane. properties: machineHealthCheck: description: |- - MachineHealthCheck allows to enable, disable and override + machineHealthCheck allows to enable, disable and override the MachineHealthCheck configuration in the ClusterClass for this control plane. properties: enable: description: |- - Enable controls if a MachineHealthCheck should be created for the target machines. - + enable controls if a MachineHealthCheck should be created for the target machines. If false: No MachineHealthCheck will be created. - If not set(default): A MachineHealthCheck will be created if it is defined here or in the associated ClusterClass. If no MachineHealthCheck is defined then none will be created. - If true: A MachineHealthCheck is guaranteed to be created. Cluster validation will block if `enable` is true and no MachineHealthCheck definition is available. type: boolean @@ -4247,32 +4802,30 @@ data: - type: integer - type: string description: |- - Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by + maxUnhealthy specifies the maximum number of unhealthy machines allowed. + Any further remediation is only allowed if at most "maxUnhealthy" machines selected by "selector" are not healthy. x-kubernetes-int-or-string: true nodeStartupTimeout: description: |- - NodeStartupTimeout allows to set the maximum time for MachineHealthCheck + nodeStartupTimeout allows to set the maximum time for MachineHealthCheck to consider a Machine unhealthy if a corresponding Node isn't associated through a `Spec.ProviderID` field. - The duration set in this field is compared to the greatest of: - Cluster's infrastructure ready condition timestamp (if and when available) - Control Plane's initialized condition timestamp (if and when available) - Machine's infrastructure ready condition timestamp (if and when available) - Machine's metadata creation timestamp - Defaults to 10 minutes. If you wish to disable this feature, set the value explicitly to 0. type: string remediationTemplate: description: |- - RemediationTemplate is a reference to a remediation template + remediationTemplate is a reference to a remediation template provided by an infrastructure provider. - This field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Cluster API. @@ -4289,7 +4842,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -4320,7 +4872,7 @@ data: x-kubernetes-map-type: atomic unhealthyConditions: description: |- - UnhealthyConditions contains a list of the conditions that determine + unhealthyConditions contains a list of the conditions that determine whether a node is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy. items: @@ -4330,11 +4882,19 @@ data: status for at least the timeout value, a node is considered unhealthy. properties: status: + description: status of the condition, one of True, + False, Unknown. minLength: 1 type: string timeout: + description: |- + timeout is the duration that a node must be in a given status for, + after which the node is considered unhealthy. + For example, with a value of "1h", the node must match the status + for at least 1 hour before being considered unhealthy. type: string type: + description: type of Node condition minLength: 1 type: string required: @@ -4342,20 +4902,24 @@ data: - timeout - type type: object + maxItems: 100 type: array unhealthyRange: description: |- + unhealthyRange specifies the range of unhealthy machines allowed. Any further remediation is only allowed if the number of machines selected by "selector" as not healthy - is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy. + is within the range of "unhealthyRange". Takes precedence over maxUnhealthy. Eg. "[3-5]" - This means that remediation will be allowed only when: (a) there are at least 3 unhealthy machines (and) (b) there are at most 5 unhealthy machines + maxLength: 32 + minLength: 1 pattern: ^\[[0-9]+-[0-9]+\]$ type: string type: object metadata: description: |- - Metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane + metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane if the ControlPlaneTemplate referenced by the ClusterClass is machine based. If not, it is applied only to the ControlPlane. At runtime this metadata is merged with the corresponding metadata from the ClusterClass. @@ -4364,7 +4928,7 @@ data: additionalProperties: type: string description: |- - Annotations is an unstructured key value map stored with a resource that may be + annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations @@ -4373,7 +4937,7 @@ data: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels @@ -4381,35 +4945,79 @@ data: type: object nodeDeletionTimeout: description: |- - NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine + nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. Defaults to 10 seconds. type: string nodeDrainTimeout: description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. + nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` type: string nodeVolumeDetachTimeout: description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes + nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. type: string + readinessGates: + description: |- + readinessGates specifies additional conditions to include when evaluating Machine Ready condition. + + This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready + computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine. + + If this field is not defined, readinessGates from the corresponding ControlPlaneClass will be used, if any. + + NOTE: This field is considered only for computing v1beta2 conditions. + NOTE: Specific control plane provider implementations might automatically extend the list of readinessGates; + e.g. the kubeadm control provider adds ReadinessGates for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc. + items: + description: MachineReadinessGate contains the type of a + Machine condition to be used as a readiness gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Machine's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this readinessGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map replicas: description: |- - Replicas is the number of control plane nodes. + replicas is the number of control plane nodes. If the value is nil, the ControlPlane object is created without the number of Replicas and it's assumed that the control plane controller does not implement support for this field. When specified against a control plane provider that lacks support for this field, this value will be ignored. format: int32 type: integer variables: - description: Variables can be used to customize the ControlPlane + description: variables can be used to customize the ControlPlane through patches. properties: overrides: - description: Overrides can be used to override Cluster + description: overrides can be used to override Cluster level variables. items: description: |- @@ -4418,17 +5026,19 @@ data: properties: definitionFrom: description: |- - DefinitionFrom specifies where the definition of this Variable is from. - + definitionFrom specifies where the definition of this Variable is from. Deprecated: This field is deprecated, must not be set anymore and is going to be removed in the next apiVersion. + maxLength: 256 type: string name: - description: Name of the variable. + description: name of the variable. + maxLength: 256 + minLength: 1 type: string value: description: |- - Value of the variable. + value of the variable. Note: the value will be validated against the schema of the corresponding ClusterClassVariable from the ClusterClass. Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a @@ -4440,6 +5050,7 @@ data: - name - value type: object + maxItems: 1000 type: array x-kubernetes-list-map-keys: - name @@ -4448,16 +5059,15 @@ data: type: object rolloutAfter: description: |- - RolloutAfter performs a rollout of the entire cluster one component at a time, + rolloutAfter performs a rollout of the entire cluster one component at a time, control plane first and then machine deployments. - Deprecated: This field has no function and is going to be removed in the next apiVersion. format: date-time type: string variables: description: |- - Variables can be used to customize the Cluster through + variables can be used to customize the Cluster through patches. They must comply to the corresponding VariableClasses defined in the ClusterClass. items: @@ -4467,17 +5077,19 @@ data: properties: definitionFrom: description: |- - DefinitionFrom specifies where the definition of this Variable is from. - + definitionFrom specifies where the definition of this Variable is from. Deprecated: This field is deprecated, must not be set anymore and is going to be removed in the next apiVersion. + maxLength: 256 type: string name: - description: Name of the variable. + description: name of the variable. + maxLength: 256 + minLength: 1 type: string value: description: |- - Value of the variable. + value of the variable. Note: the value will be validated against the schema of the corresponding ClusterClassVariable from the ClusterClass. Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a @@ -4489,20 +5101,23 @@ data: - name - value type: object + maxItems: 1000 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map version: - description: The Kubernetes version of the cluster. + description: version is the Kubernetes version of the cluster. + maxLength: 256 + minLength: 1 type: string workers: description: |- - Workers encapsulates the different constructs that form the worker nodes + workers encapsulates the different constructs that form the worker nodes for the cluster. properties: machineDeployments: - description: MachineDeployments is a list of machine deployments + description: machineDeployments is a list of machine deployments in the cluster. items: description: |- @@ -4511,32 +5126,33 @@ data: properties: class: description: |- - Class is the name of the MachineDeploymentClass used to create the set of worker nodes. + class is the name of the MachineDeploymentClass used to create the set of worker nodes. This should match one of the deployment classes defined in the ClusterClass object mentioned in the `Cluster.Spec.Class` field. + maxLength: 256 + minLength: 1 type: string failureDomain: description: |- - FailureDomain is the failure domain the machines will be created in. + failureDomain is the failure domain the machines will be created in. Must match a key in the FailureDomains map stored on the cluster object. + maxLength: 256 + minLength: 1 type: string machineHealthCheck: description: |- - MachineHealthCheck allows to enable, disable and override + machineHealthCheck allows to enable, disable and override the MachineHealthCheck configuration in the ClusterClass for this MachineDeployment. properties: enable: description: |- - Enable controls if a MachineHealthCheck should be created for the target machines. - + enable controls if a MachineHealthCheck should be created for the target machines. If false: No MachineHealthCheck will be created. - If not set(default): A MachineHealthCheck will be created if it is defined here or in the associated ClusterClass. If no MachineHealthCheck is defined then none will be created. - If true: A MachineHealthCheck is guaranteed to be created. Cluster validation will block if `enable` is true and no MachineHealthCheck definition is available. type: boolean @@ -4545,32 +5161,30 @@ data: - type: integer - type: string description: |- - Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by + maxUnhealthy specifies the maximum number of unhealthy machines allowed. + Any further remediation is only allowed if at most "maxUnhealthy" machines selected by "selector" are not healthy. x-kubernetes-int-or-string: true nodeStartupTimeout: description: |- - NodeStartupTimeout allows to set the maximum time for MachineHealthCheck + nodeStartupTimeout allows to set the maximum time for MachineHealthCheck to consider a Machine unhealthy if a corresponding Node isn't associated through a `Spec.ProviderID` field. - The duration set in this field is compared to the greatest of: - Cluster's infrastructure ready condition timestamp (if and when available) - Control Plane's initialized condition timestamp (if and when available) - Machine's infrastructure ready condition timestamp (if and when available) - Machine's metadata creation timestamp - Defaults to 10 minutes. If you wish to disable this feature, set the value explicitly to 0. type: string remediationTemplate: description: |- - RemediationTemplate is a reference to a remediation template + remediationTemplate is a reference to a remediation template provided by an infrastructure provider. - This field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Cluster API. @@ -4587,7 +5201,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -4618,7 +5231,7 @@ data: x-kubernetes-map-type: atomic unhealthyConditions: description: |- - UnhealthyConditions contains a list of the conditions that determine + unhealthyConditions contains a list of the conditions that determine whether a node is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy. items: @@ -4628,11 +5241,19 @@ data: status for at least the timeout value, a node is considered unhealthy. properties: status: + description: status of the condition, one + of True, False, Unknown. minLength: 1 type: string timeout: + description: |- + timeout is the duration that a node must be in a given status for, + after which the node is considered unhealthy. + For example, with a value of "1h", the node must match the status + for at least 1 hour before being considered unhealthy. type: string type: + description: type of Node condition minLength: 1 type: string required: @@ -4640,27 +5261,31 @@ data: - timeout - type type: object + maxItems: 100 type: array unhealthyRange: description: |- + unhealthyRange specifies the range of unhealthy machines allowed. Any further remediation is only allowed if the number of machines selected by "selector" as not healthy - is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy. + is within the range of "unhealthyRange". Takes precedence over maxUnhealthy. Eg. "[3-5]" - This means that remediation will be allowed only when: (a) there are at least 3 unhealthy machines (and) (b) there are at most 5 unhealthy machines + maxLength: 32 + minLength: 1 pattern: ^\[[0-9]+-[0-9]+\]$ type: string type: object metadata: description: |- - Metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment. + metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment. At runtime this metadata is merged with the corresponding metadata from the ClusterClass. properties: annotations: additionalProperties: type: string description: |- - Annotations is an unstructured key value map stored with a resource that may be + annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations @@ -4669,7 +5294,7 @@ data: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels @@ -4677,7 +5302,7 @@ data: type: object minReadySeconds: description: |- - Minimum number of seconds for which a newly created machine should + minReadySeconds is the minimum number of seconds for which a newly created machine should be ready. Defaults to 0 (machine will be considered available as soon as it is ready) @@ -4685,31 +5310,76 @@ data: type: integer name: description: |- - Name is the unique identifier for this MachineDeploymentTopology. + name is the unique identifier for this MachineDeploymentTopology. The value is used with other unique identifiers to create a MachineDeployment's Name (e.g. cluster's name, etc). In case the name is greater than the allowed maximum length, the values are hashed together. + maxLength: 63 + minLength: 1 type: string nodeDeletionTimeout: description: |- - NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine + nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. Defaults to 10 seconds. type: string nodeDrainTimeout: description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. + nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` type: string nodeVolumeDetachTimeout: description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes + nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. type: string + readinessGates: + description: |- + readinessGates specifies additional conditions to include when evaluating Machine Ready condition. + + This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready + computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine. + + If this field is not defined, readinessGates from the corresponding MachineDeploymentClass will be used, if any. + + NOTE: This field is considered only for computing v1beta2 conditions. + items: + description: MachineReadinessGate contains the type + of a Machine condition to be used as a readiness + gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Machine's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this readinessGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map replicas: description: |- - Replicas is the number of worker nodes belonging to this set. + replicas is the number of worker nodes belonging to this set. If the value is nil, the MachineDeployment is created without the number of Replicas (defaulting to 1) and it's assumed that an external entity (like cluster autoscaler) is responsible for the management of this value. @@ -4717,12 +5387,12 @@ data: type: integer strategy: description: |- - The deployment strategy to use to replace existing machines with + strategy is the deployment strategy to use to replace existing machines with new ones. properties: remediation: description: |- - Remediation controls the strategy of remediating unhealthy machines + remediation controls the strategy of remediating unhealthy machines and how remediating operations should occur during the lifecycle of the dependant MachineSets. properties: maxInFlight: @@ -4730,34 +5400,30 @@ data: - type: integer - type: string description: |- - MaxInFlight determines how many in flight remediations should happen at the same time. - + maxInFlight determines how many in flight remediations should happen at the same time. Remediation only happens on the MachineSet with the most current revision, while older MachineSets (usually present during rollout operations) aren't allowed to remediate. - Note: In general (independent of remediations), unhealthy machines are always prioritized during scale down operations over healthy ones. - MaxInFlight can be set to a fixed number or a percentage. Example: when this is set to 20%, the MachineSet controller deletes at most 20% of the desired replicas. - If not set, remediation is limited to all machines (bounded by replicas) under the active MachineSet's management. x-kubernetes-int-or-string: true type: object rollingUpdate: description: |- - Rolling update config params. Present only if + rollingUpdate is the rolling update config params. Present only if MachineDeploymentStrategyType = RollingUpdate. properties: deletePolicy: description: |- - DeletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling. + deletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling. Valid values are "Random, "Newest", "Oldest" When no value is supplied, the default DeletePolicy of MachineSet is used enum: @@ -4770,7 +5436,7 @@ data: - type: integer - type: string description: |- - The maximum number of machines that can be scheduled above the + maxSurge is the maximum number of machines that can be scheduled above the desired number of machines. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). @@ -4789,7 +5455,7 @@ data: - type: integer - type: string description: |- - The maximum number of machines that can be unavailable during the update. + maxUnavailable is the maximum number of machines that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). Absolute number is calculated from percentage by rounding down. @@ -4805,7 +5471,7 @@ data: type: object type: description: |- - Type of deployment. Allowed values are RollingUpdate and OnDelete. + type of deployment. Allowed values are RollingUpdate and OnDelete. The default is RollingUpdate. enum: - RollingUpdate @@ -4813,11 +5479,11 @@ data: type: string type: object variables: - description: Variables can be used to customize the + description: variables can be used to customize the MachineDeployment through patches. properties: overrides: - description: Overrides can be used to override Cluster + description: overrides can be used to override Cluster level variables. items: description: |- @@ -4826,17 +5492,19 @@ data: properties: definitionFrom: description: |- - DefinitionFrom specifies where the definition of this Variable is from. - + definitionFrom specifies where the definition of this Variable is from. Deprecated: This field is deprecated, must not be set anymore and is going to be removed in the next apiVersion. + maxLength: 256 type: string name: - description: Name of the variable. + description: name of the variable. + maxLength: 256 + minLength: 1 type: string value: description: |- - Value of the variable. + value of the variable. Note: the value will be validated against the schema of the corresponding ClusterClassVariable from the ClusterClass. Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a @@ -4848,6 +5516,7 @@ data: - name - value type: object + maxItems: 1000 type: array x-kubernetes-list-map-keys: - name @@ -4857,12 +5526,13 @@ data: - class - name type: object + maxItems: 2000 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map machinePools: - description: MachinePools is a list of machine pools in the + description: machinePools is a list of machine pools in the cluster. items: description: |- @@ -4871,27 +5541,32 @@ data: properties: class: description: |- - Class is the name of the MachinePoolClass used to create the pool of worker nodes. + class is the name of the MachinePoolClass used to create the pool of worker nodes. This should match one of the deployment classes defined in the ClusterClass object mentioned in the `Cluster.Spec.Class` field. + maxLength: 256 + minLength: 1 type: string failureDomains: description: |- - FailureDomains is the list of failure domains the machine pool will be created in. + failureDomains is the list of failure domains the machine pool will be created in. Must match a key in the FailureDomains map stored on the cluster object. items: + maxLength: 256 + minLength: 1 type: string + maxItems: 100 type: array metadata: description: |- - Metadata is the metadata applied to the MachinePool. + metadata is the metadata applied to the MachinePool. At runtime this metadata is merged with the corresponding metadata from the ClusterClass. properties: annotations: additionalProperties: type: string description: |- - Annotations is an unstructured key value map stored with a resource that may be + annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations @@ -4900,7 +5575,7 @@ data: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels @@ -4908,7 +5583,7 @@ data: type: object minReadySeconds: description: |- - Minimum number of seconds for which a newly created machine pool should + minReadySeconds is the minimum number of seconds for which a newly created machine pool should be ready. Defaults to 0 (machine will be considered available as soon as it is ready) @@ -4916,42 +5591,44 @@ data: type: integer name: description: |- - Name is the unique identifier for this MachinePoolTopology. + name is the unique identifier for this MachinePoolTopology. The value is used with other unique identifiers to create a MachinePool's Name (e.g. cluster's name, etc). In case the name is greater than the allowed maximum length, the values are hashed together. + maxLength: 63 + minLength: 1 type: string nodeDeletionTimeout: description: |- - NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the MachinePool + nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the MachinePool hosts after the MachinePool is marked for deletion. A duration of 0 will retry deletion indefinitely. Defaults to 10 seconds. type: string nodeDrainTimeout: description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. + nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` type: string nodeVolumeDetachTimeout: description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes + nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. type: string replicas: description: |- - Replicas is the number of nodes belonging to this pool. + replicas is the number of nodes belonging to this pool. If the value is nil, the MachinePool is created without the number of Replicas (defaulting to 1) and it's assumed that an external entity (like cluster autoscaler) is responsible for the management of this value. format: int32 type: integer variables: - description: Variables can be used to customize the + description: variables can be used to customize the MachinePool through patches. properties: overrides: - description: Overrides can be used to override Cluster + description: overrides can be used to override Cluster level variables. items: description: |- @@ -4960,17 +5637,19 @@ data: properties: definitionFrom: description: |- - DefinitionFrom specifies where the definition of this Variable is from. - + definitionFrom specifies where the definition of this Variable is from. Deprecated: This field is deprecated, must not be set anymore and is going to be removed in the next apiVersion. + maxLength: 256 type: string name: - description: Name of the variable. + description: name of the variable. + maxLength: 256 + minLength: 1 type: string value: description: |- - Value of the variable. + value of the variable. Note: the value will be validated against the schema of the corresponding ClusterClassVariable from the ClusterClass. Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a @@ -4982,6 +5661,7 @@ data: - name - value type: object + maxItems: 1000 type: array x-kubernetes-list-map-keys: - name @@ -4991,6 +5671,7 @@ data: - class - name type: object + maxItems: 2000 type: array x-kubernetes-list-map-keys: - name @@ -5002,46 +5683,53 @@ data: type: object type: object status: - description: ClusterStatus defines the observed state of Cluster. + description: status is the observed state of Cluster. properties: conditions: - description: Conditions defines current service state of the cluster. + description: conditions defines current service state of the cluster. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. + maxLength: 256 + minLength: 1 type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime @@ -5051,7 +5739,7 @@ data: type: array controlPlaneReady: description: |- - ControlPlaneReady denotes if the control plane became ready during initial provisioning + controlPlaneReady denotes if the control plane became ready during initial provisioning to receive requests. NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning. The value of this field is never updated after provisioning is completed. Please use conditions @@ -5066,42 +5754,192 @@ data: attributes: additionalProperties: type: string - description: Attributes is a free form map of attributes an + description: attributes is a free form map of attributes an infrastructure provider might use or require. type: object controlPlane: - description: ControlPlane determines if this failure domain + description: controlPlane determines if this failure domain is suitable for use by control plane machines. type: boolean type: object - description: FailureDomains is a slice of failure domain objects synced + description: failureDomains is a slice of failure domain objects synced from the infrastructure provider. type: object failureMessage: description: |- - FailureMessage indicates that there is a fatal problem reconciling the + failureMessage indicates that there is a fatal problem reconciling the state, and will be set to a descriptive error message. + + Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + maxLength: 10240 + minLength: 1 type: string failureReason: description: |- - FailureReason indicates that there is a fatal problem reconciling the + failureReason indicates that there is a fatal problem reconciling the state, and will be set to a token value suitable for programmatic interpretation. + + Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. type: string infrastructureReady: - description: InfrastructureReady is the state of the infrastructure + description: infrastructureReady is the state of the infrastructure provider. type: boolean observedGeneration: - description: ObservedGeneration is the latest generation observed + description: observedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: - description: |- - Phase represents the current phase of cluster actuation. - E.g. Pending, Running, Terminating, Failed etc. + description: phase represents the current phase of cluster actuation. + enum: + - Pending + - Provisioning + - Provisioned + - Deleting + - Failed + - Unknown type: string + v1beta2: + description: v1beta2 groups all the fields that will be added or modified + in Cluster's status with the V1Beta2 version. + properties: + conditions: + description: |- + conditions represents the observations of a Cluster's current state. + Known condition types are Available, InfrastructureReady, ControlPlaneInitialized, ControlPlaneAvailable, WorkersAvailable, MachinesReady + MachinesUpToDate, RemoteConnectionProbe, ScalingUp, ScalingDown, Remediating, Deleting, Paused. + Additionally, a TopologyReconciled condition will be added in case the Cluster is referencing a ClusterClass / defining a managed Topology. + items: + description: Condition contains details for one aspect of the + current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + controlPlane: + description: controlPlane groups all the observations about Cluster's + ControlPlane current state. + properties: + availableReplicas: + description: availableReplicas is the total number of available + control plane machines in this cluster. A machine is considered + available when Machine's Available condition is true. + format: int32 + type: integer + desiredReplicas: + description: desiredReplicas is the total number of desired + control plane machines in this cluster. + format: int32 + type: integer + readyReplicas: + description: readyReplicas is the total number of ready control + plane machines in this cluster. A machine is considered + ready when Machine's Ready condition is true. + format: int32 + type: integer + replicas: + description: |- + replicas is the total number of control plane machines in this cluster. + NOTE: replicas also includes machines still being provisioned or being deleted. + format: int32 + type: integer + upToDateReplicas: + description: upToDateReplicas is the number of up-to-date + control plane machines in this cluster. A machine is considered + up-to-date when Machine's UpToDate condition is true. + format: int32 + type: integer + type: object + workers: + description: workers groups all the observations about Cluster's + Workers current state. + properties: + availableReplicas: + description: availableReplicas is the total number of available + worker machines in this cluster. A machine is considered + available when Machine's Available condition is true. + format: int32 + type: integer + desiredReplicas: + description: desiredReplicas is the total number of desired + worker machines in this cluster. + format: int32 + type: integer + readyReplicas: + description: readyReplicas is the total number of ready worker + machines in this cluster. A machine is considered ready + when Machine's Ready condition is true. + format: int32 + type: integer + replicas: + description: |- + replicas is the total number of worker machines in this cluster. + NOTE: replicas also includes machines still being provisioned or being deleted. + format: int32 + type: integer + upToDateReplicas: + description: upToDateReplicas is the number of up-to-date + worker machines in this cluster. A machine is considered + up-to-date when Machine's UpToDate condition is true. + format: int32 + type: integer + type: object + type: object type: object type: object served: true @@ -5113,7 +5951,7 @@ data: kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 labels: cluster.x-k8s.io/provider: cluster-api name: extensionconfigs.runtime.cluster.x-k8s.io @@ -5158,39 +5996,46 @@ data: metadata: type: object spec: - description: ExtensionConfigSpec is the desired state of the ExtensionConfig + description: spec is the desired state of the ExtensionConfig. properties: clientConfig: - description: ClientConfig defines how to communicate with the Extension + description: clientConfig defines how to communicate with the Extension server. properties: caBundle: - description: CABundle is a PEM encoded CA bundle which will be + description: caBundle is a PEM encoded CA bundle which will be used to validate the Extension server's server certificate. format: byte + maxLength: 51200 + minLength: 1 type: string service: description: |- - Service is a reference to the Kubernetes service for the Extension server. + service is a reference to the Kubernetes service for the Extension server. Note: Exactly one of `url` or `service` must be specified. - If the Extension server is running within a cluster, then you should use `service`. properties: name: - description: Name is the name of the service. + description: name is the name of the service. + maxLength: 63 + minLength: 1 type: string namespace: - description: Namespace is the namespace of the service. + description: namespace is the namespace of the service. + maxLength: 63 + minLength: 1 type: string path: description: |- - Path is an optional URL path and if present may be any string permissible in + path is an optional URL path and if present may be any string permissible in a URL. If a path is set it will be used as prefix to the hook-specific path. + maxLength: 512 + minLength: 1 type: string port: description: |- - Port is the port on the service that's hosting the Extension server. + port is the port on the service that's hosting the Extension server. Defaults to 443. Port should be a valid port number (1-65535, inclusive). format: int32 @@ -5201,30 +6046,28 @@ data: type: object url: description: |- - URL gives the location of the Extension server, in standard URL form + url gives the location of the Extension server, in standard URL form (`scheme://host:port/path`). Note: Exactly one of `url` or `service` must be specified. - The scheme must be "https". - The `host` should not refer to a service running in the cluster; use the `service` field instead. - A path is optional, and if present may be any string permissible in a URL. If a path is set it will be used as prefix to the hook-specific path. - Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed either. + maxLength: 512 + minLength: 1 type: string type: object namespaceSelector: description: |- - NamespaceSelector decides whether to call the hook for an object based + namespaceSelector decides whether to call the hook for an object based on whether the namespace for that object matches the selector. Defaults to the empty LabelSelector, which matches all objects. properties: @@ -5275,7 +6118,7 @@ data: additionalProperties: type: string description: |- - Settings defines key value pairs to be passed to all calls + settings defines key value pairs to be passed to all calls to all supported RuntimeExtensions. Note: Settings can be overridden on the ClusterClass. type: object @@ -5283,46 +6126,53 @@ data: - clientConfig type: object status: - description: ExtensionConfigStatus is the current state of the ExtensionConfig + description: status is the current state of the ExtensionConfig properties: conditions: - description: Conditions define the current service state of the ExtensionConfig. + description: conditions define the current service state of the ExtensionConfig. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. + maxLength: 256 + minLength: 1 type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime @@ -5331,7 +6181,7 @@ data: type: object type: array handlers: - description: Handlers defines the current ExtensionHandlers supported + description: handlers defines the current ExtensionHandlers supported by an Extension. items: description: ExtensionHandler specifies the details of a handler @@ -5339,22 +6189,31 @@ data: properties: failurePolicy: description: |- - FailurePolicy defines how failures in calls to the ExtensionHandler should be handled by a client. + failurePolicy defines how failures in calls to the ExtensionHandler should be handled by a client. Defaults to Fail if not set. + enum: + - Ignore + - Fail type: string name: - description: Name is the unique name of the ExtensionHandler. + description: name is the unique name of the ExtensionHandler. + maxLength: 512 + minLength: 1 type: string requestHook: - description: RequestHook defines the versioned runtime hook + description: requestHook defines the versioned runtime hook which this ExtensionHandler serves. properties: apiVersion: - description: APIVersion is the group and version of the + description: apiVersion is the group and version of the Hook. + maxLength: 512 + minLength: 1 type: string hook: - description: Hook is the name of the hook. + description: hook is the name of the hook. + maxLength: 256 + minLength: 1 type: string required: - apiVersion @@ -5362,7 +6221,7 @@ data: type: object timeoutSeconds: description: |- - TimeoutSeconds defines the timeout duration for client calls to the ExtensionHandler. + timeoutSeconds defines the timeout duration for client calls to the ExtensionHandler. Defaults to 10 is not set. format: int32 type: integer @@ -5370,10 +6229,80 @@ data: - name - requestHook type: object + maxItems: 512 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map + v1beta2: + description: v1beta2 groups all the fields that will be added or modified + in ExtensionConfig's status with the V1Beta2 version. + properties: + conditions: + description: |- + conditions represents the observations of a ExtensionConfig's current state. + Known condition types are Discovered, Paused. + items: + description: Condition contains details for one aspect of the + current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object type: object type: object served: true @@ -5385,7 +6314,7 @@ data: kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 labels: cluster.x-k8s.io/provider: cluster-api name: ipaddressclaims.ipam.cluster.x-k8s.io @@ -5436,10 +6365,10 @@ data: metadata: type: object spec: - description: IPAddressClaimSpec is the desired state of an IPAddressClaim. + description: spec is the desired state of IPAddressClaim. properties: poolRef: - description: PoolRef is a reference to the pool from which an IP address + description: poolRef is a reference to the pool from which an IP address should be created. properties: apiGroup: @@ -5463,10 +6392,10 @@ data: - poolRef type: object status: - description: IPAddressClaimStatus is the observed status of a IPAddressClaim. + description: status is the observed state of IPAddressClaim. properties: addressRef: - description: AddressRef is a reference to the address that was created + description: addressRef is a reference to the address that was created for this claim. properties: name: @@ -5476,50 +6405,55 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic conditions: - description: Conditions summarises the current state of the IPAddressClaim + description: conditions summarises the current state of the IPAddressClaim items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. + maxLength: 256 + minLength: 1 type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime @@ -5569,14 +6503,16 @@ data: metadata: type: object spec: - description: IPAddressClaimSpec is the desired state of an IPAddressClaim. + description: spec is the desired state of IPAddressClaim. properties: clusterName: - description: ClusterName is the name of the Cluster this object belongs + description: clusterName is the name of the Cluster this object belongs to. + maxLength: 63 + minLength: 1 type: string poolRef: - description: PoolRef is a reference to the pool from which an IP address + description: poolRef is a reference to the pool from which an IP address should be created. properties: apiGroup: @@ -5600,10 +6536,10 @@ data: - poolRef type: object status: - description: IPAddressClaimStatus is the observed status of a IPAddressClaim. + description: status is the observed state of IPAddressClaim. properties: addressRef: - description: AddressRef is a reference to the address that was created + description: addressRef is a reference to the address that was created for this claim. properties: name: @@ -5613,50 +6549,55 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic conditions: - description: Conditions summarises the current state of the IPAddressClaim + description: conditions summarises the current state of the IPAddressClaim items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. + maxLength: 256 + minLength: 1 type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime @@ -5664,6 +6605,74 @@ data: - type type: object type: array + v1beta2: + description: v1beta2 groups all the fields that will be added or modified + in IPAddressClaim's status with the V1Beta2 version. + properties: + conditions: + description: conditions represents the observations of a IPAddressClaim's + current state. + items: + description: Condition contains details for one aspect of the + current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object type: object type: object served: true @@ -5675,7 +6684,7 @@ data: kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 labels: cluster.x-k8s.io/provider: cluster-api name: ipaddresses.ipam.cluster.x-k8s.io @@ -5730,13 +6739,15 @@ data: metadata: type: object spec: - description: IPAddressSpec is the desired state of an IPAddress. + description: spec is the desired state of IPAddress. properties: address: - description: Address is the IP address. + description: address is the IP address. + maxLength: 39 + minLength: 1 type: string claimRef: - description: ClaimRef is a reference to the claim this IPAddress was + description: claimRef is a reference to the claim this IPAddress was created for. properties: name: @@ -5746,18 +6757,18 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic gateway: - description: Gateway is the network gateway of the network the address + description: gateway is the network gateway of the network the address is from. + maxLength: 39 + minLength: 1 type: string poolRef: - description: PoolRef is a reference to the pool that this IPAddress + description: poolRef is a reference to the pool that this IPAddress was created from. properties: apiGroup: @@ -5778,7 +6789,7 @@ data: type: object x-kubernetes-map-type: atomic prefix: - description: Prefix is the prefix of the address. + description: prefix is the prefix of the address. type: integer required: - address @@ -5830,13 +6841,15 @@ data: metadata: type: object spec: - description: IPAddressSpec is the desired state of an IPAddress. + description: spec is the desired state of IPAddress. properties: address: - description: Address is the IP address. + description: address is the IP address. + maxLength: 39 + minLength: 1 type: string claimRef: - description: ClaimRef is a reference to the claim this IPAddress was + description: claimRef is a reference to the claim this IPAddress was created for. properties: name: @@ -5846,18 +6859,18 @@ data: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic gateway: - description: Gateway is the network gateway of the network the address + description: gateway is the network gateway of the network the address is from. + maxLength: 39 + minLength: 1 type: string poolRef: - description: PoolRef is a reference to the pool that this IPAddress + description: poolRef is a reference to the pool that this IPAddress was created from. properties: apiGroup: @@ -5878,7 +6891,7 @@ data: type: object x-kubernetes-map-type: atomic prefix: - description: Prefix is the prefix of the address. + description: prefix is the prefix of the address. type: integer required: - address @@ -5896,7 +6909,7 @@ data: metadata: annotations: cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 labels: cluster.x-k8s.io/provider: cluster-api name: machinedeployments.cluster.x-k8s.io @@ -5953,7 +6966,6 @@ data: description: |- MachineDeployment is the Schema for the machinedeployments API. - Deprecated: This type will be removed in one of the next releases. properties: apiVersion: @@ -5974,27 +6986,27 @@ data: metadata: type: object spec: - description: MachineDeploymentSpec defines the desired state of MachineDeployment. + description: spec is the desired state of MachineDeployment. properties: clusterName: - description: ClusterName is the name of the Cluster this object belongs + description: clusterName is the name of the Cluster this object belongs to. minLength: 1 type: string minReadySeconds: description: |- - Minimum number of seconds for which a newly created machine should + minReadySeconds is the minimum number of seconds for which a newly created machine should be ready. Defaults to 0 (machine will be considered available as soon as it is ready) format: int32 type: integer paused: - description: Indicates that the deployment is paused. + description: paused indicates that the deployment is paused. type: boolean progressDeadlineSeconds: description: |- - The maximum time in seconds for a deployment to make progress before it + progressDeadlineSeconds is the maximum time in seconds for a deployment to make progress before it is considered to be failed. The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status. Note that progress will @@ -6003,20 +7015,20 @@ data: type: integer replicas: description: |- - Number of desired machines. Defaults to 1. + replicas is the number of desired machines. Defaults to 1. This is a pointer to distinguish between explicit zero and not specified. format: int32 type: integer revisionHistoryLimit: description: |- - The number of old MachineSets to retain to allow rollback. + revisionHistoryLimit is the number of old MachineSets to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1. format: int32 type: integer selector: description: |- - Label selector for machines. Existing MachineSets whose machines are + selector is the label selector for machines. Existing MachineSets whose machines are selected by this will be the ones affected by this deployment. It must match the machine template's labels. properties: @@ -6065,12 +7077,12 @@ data: x-kubernetes-map-type: atomic strategy: description: |- - The deployment strategy to use to replace existing machines with + strategy is the deployment strategy to use to replace existing machines with new ones. properties: rollingUpdate: description: |- - Rolling update config params. Present only if + rollingUpdate is the rolling update config params. Present only if MachineDeploymentStrategyType = RollingUpdate. properties: maxSurge: @@ -6078,7 +7090,7 @@ data: - type: integer - type: string description: |- - The maximum number of machines that can be scheduled above the + maxSurge is the maximum number of machines that can be scheduled above the desired number of machines. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). @@ -6097,7 +7109,7 @@ data: - type: integer - type: string description: |- - The maximum number of machines that can be unavailable during the update. + maxUnavailable is the maximum number of machines that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). Absolute number is calculated from percentage by rounding down. @@ -6113,31 +7125,31 @@ data: type: object type: description: |- - Type of deployment. Currently the only supported strategy is + type of deployment. Currently the only supported strategy is "RollingUpdate". Default is RollingUpdate. type: string type: object template: - description: Template describes the machines that will be created. + description: template describes the machines that will be created. properties: metadata: description: |- - Standard object's metadata. + metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata properties: annotations: additionalProperties: type: string description: |- - Annotations is an unstructured key value map stored with a resource that may be + annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations type: object generateName: description: |- - GenerateName is an optional prefix, used by the server, to generate a unique + generateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. @@ -6145,63 +7157,56 @@ data: and may be truncated by the length of the suffix required to make the value unique on the server. - If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). - Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency - Deprecated: This field has no function and is going to be removed in a next release. type: string labels: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels type: object name: description: |- - Name must be unique within a namespace. Is required when creating resources, although + name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names - Deprecated: This field has no function and is going to be removed in a next release. type: string namespace: description: |- - Namespace defines the space within each name must be unique. An empty namespace is + namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. - Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces - Deprecated: This field has no function and is going to be removed in a next release. type: string ownerReferences: description: |- - List of objects depended by this object. If ALL objects in the list have + ownerReferences is the list of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. - Deprecated: This field has no function and is going to be removed in a next release. items: description: |- @@ -6253,17 +7258,17 @@ data: type: object spec: description: |- - Specification of the desired behavior of the machine. + spec is the specification of the desired behavior of the machine. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status properties: bootstrap: description: |- - Bootstrap is a reference to a local struct which encapsulates + bootstrap is a reference to a local struct which encapsulates fields to configure the Machine’s bootstrapping mechanism. properties: configRef: description: |- - ConfigRef is a reference to a bootstrap provider-specific resource + configRef is a reference to a bootstrap provider-specific resource that holds configuration details. The reference is optional to allow users/operators to specify Bootstrap.Data without the need of a controller. @@ -6280,7 +7285,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -6311,31 +7315,30 @@ data: x-kubernetes-map-type: atomic data: description: |- - Data contains the bootstrap data, such as cloud-init details scripts. + data contains the bootstrap data, such as cloud-init details scripts. If nil, the Machine should remain in the Pending state. - Deprecated: Switch to DataSecretName. type: string dataSecretName: description: |- - DataSecretName is the name of the secret that stores the bootstrap data script. + dataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine should remain in the Pending state. type: string type: object clusterName: - description: ClusterName is the name of the Cluster this object + description: clusterName is the name of the Cluster this object belongs to. minLength: 1 type: string failureDomain: description: |- - FailureDomain is the failure domain the machine will be created in. + failureDomain is the failure domain the machine will be created in. Must match a key in the FailureDomains map stored on the cluster object. type: string infrastructureRef: description: |- - InfrastructureRef is a required reference to a custom resource + infrastructureRef is a required reference to a custom resource offered by an infrastructure provider. properties: apiVersion: @@ -6350,7 +7353,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -6381,13 +7383,13 @@ data: x-kubernetes-map-type: atomic nodeDrainTimeout: description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. + nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` type: string providerID: description: |- - ProviderID is the identification ID of the machine provided by the provider. + providerID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out @@ -6400,7 +7402,7 @@ data: type: string version: description: |- - Version defines the desired Kubernetes version. + version defines the desired Kubernetes version. This field is meant to be optionally used by bootstrap providers. type: string required: @@ -6415,41 +7417,43 @@ data: - template type: object status: - description: MachineDeploymentStatus defines the observed state of MachineDeployment. + description: status is the observed state of MachineDeployment. properties: availableReplicas: description: |- - Total number of available machines (ready for at least minReadySeconds) + availableReplicas is the total number of available machines (ready for at least minReadySeconds) targeted by this deployment. format: int32 type: integer observedGeneration: - description: The generation observed by the deployment controller. + description: observedGeneration is the generation observed by the + deployment controller. format: int64 type: integer phase: - description: Phase represents the current phase of a MachineDeployment + description: phase represents the current phase of a MachineDeployment (ScalingUp, ScalingDown, Running, Failed, or Unknown). type: string readyReplicas: - description: Total number of ready machines targeted by this deployment. + description: readyReplicas is the total number of ready machines targeted + by this deployment. format: int32 type: integer replicas: description: |- - Total number of non-terminated machines targeted by this deployment + replicas is the total number of non-terminated machines targeted by this deployment (their labels match the selector). format: int32 type: integer selector: description: |- - Selector is the same as the label selector but in the string format to avoid introspection + selector is the same as the label selector but in the string format to avoid introspection by clients. The string will be in the same format as the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors type: string unavailableReplicas: description: |- - Total number of unavailable machines targeted by this deployment. + unavailableReplicas is the total number of unavailable machines targeted by this deployment. This is the total number of machines that are still required for the deployment to have 100% available capacity. They may either be machines that are running but not yet available or machines @@ -6458,7 +7462,7 @@ data: type: integer updatedReplicas: description: |- - Total number of non-terminated machines targeted by this deployment + updatedReplicas is the total number of non-terminated machines targeted by this deployment that have the desired template spec. format: int32 type: integer @@ -6509,7 +7513,6 @@ data: description: |- MachineDeployment is the Schema for the machinedeployments API. - Deprecated: This type will be removed in one of the next releases. properties: apiVersion: @@ -6530,27 +7533,27 @@ data: metadata: type: object spec: - description: MachineDeploymentSpec defines the desired state of MachineDeployment. + description: spec is the desired state of MachineDeployment. properties: clusterName: - description: ClusterName is the name of the Cluster this object belongs + description: clusterName is the name of the Cluster this object belongs to. minLength: 1 type: string minReadySeconds: description: |- - Minimum number of seconds for which a newly created machine should + minReadySeconds is the minimum number of seconds for which a newly created machine should be ready. Defaults to 0 (machine will be considered available as soon as it is ready) format: int32 type: integer paused: - description: Indicates that the deployment is paused. + description: paused indicates that the deployment is paused. type: boolean progressDeadlineSeconds: description: |- - The maximum time in seconds for a deployment to make progress before it + progressDeadlineSeconds is the maximum time in seconds for a deployment to make progress before it is considered to be failed. The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status. Note that progress will @@ -6560,20 +7563,20 @@ data: replicas: default: 1 description: |- - Number of desired machines. Defaults to 1. + replicas is the number of desired machines. Defaults to 1. This is a pointer to distinguish between explicit zero and not specified. format: int32 type: integer revisionHistoryLimit: description: |- - The number of old MachineSets to retain to allow rollback. + revisionHistoryLimit is the number of old MachineSets to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1. format: int32 type: integer selector: description: |- - Label selector for machines. Existing MachineSets whose machines are + selector is the label selector for machines. Existing MachineSets whose machines are selected by this will be the ones affected by this deployment. It must match the machine template's labels. properties: @@ -6622,17 +7625,17 @@ data: x-kubernetes-map-type: atomic strategy: description: |- - The deployment strategy to use to replace existing machines with + strategy is the deployment strategy to use to replace existing machines with new ones. properties: rollingUpdate: description: |- - Rolling update config params. Present only if + rollingUpdate is the rolling update config params. Present only if MachineDeploymentStrategyType = RollingUpdate. properties: deletePolicy: description: |- - DeletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling. + deletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling. Valid values are "Random, "Newest", "Oldest" When no value is supplied, the default DeletePolicy of MachineSet is used enum: @@ -6645,7 +7648,7 @@ data: - type: integer - type: string description: |- - The maximum number of machines that can be scheduled above the + maxSurge is the maximum number of machines that can be scheduled above the desired number of machines. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). @@ -6664,7 +7667,7 @@ data: - type: integer - type: string description: |- - The maximum number of machines that can be unavailable during the update. + maxUnavailable is the maximum number of machines that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). Absolute number is calculated from percentage by rounding down. @@ -6680,7 +7683,7 @@ data: type: object type: description: |- - Type of deployment. + type of deployment. Default is RollingUpdate. enum: - RollingUpdate @@ -6688,18 +7691,18 @@ data: type: string type: object template: - description: Template describes the machines that will be created. + description: template describes the machines that will be created. properties: metadata: description: |- - Standard object's metadata. + metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata properties: annotations: additionalProperties: type: string description: |- - Annotations is an unstructured key value map stored with a resource that may be + annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations @@ -6708,7 +7711,7 @@ data: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels @@ -6716,17 +7719,17 @@ data: type: object spec: description: |- - Specification of the desired behavior of the machine. + spec is the specification of the desired behavior of the machine. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status properties: bootstrap: description: |- - Bootstrap is a reference to a local struct which encapsulates + bootstrap is a reference to a local struct which encapsulates fields to configure the Machine’s bootstrapping mechanism. properties: configRef: description: |- - ConfigRef is a reference to a bootstrap provider-specific resource + configRef is a reference to a bootstrap provider-specific resource that holds configuration details. The reference is optional to allow users/operators to specify Bootstrap.DataSecretName without the need of a controller. @@ -6743,7 +7746,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -6774,23 +7776,23 @@ data: x-kubernetes-map-type: atomic dataSecretName: description: |- - DataSecretName is the name of the secret that stores the bootstrap data script. + dataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine should remain in the Pending state. type: string type: object clusterName: - description: ClusterName is the name of the Cluster this object + description: clusterName is the name of the Cluster this object belongs to. minLength: 1 type: string failureDomain: description: |- - FailureDomain is the failure domain the machine will be created in. + failureDomain is the failure domain the machine will be created in. Must match a key in the FailureDomains map stored on the cluster object. type: string infrastructureRef: description: |- - InfrastructureRef is a required reference to a custom resource + infrastructureRef is a required reference to a custom resource offered by an infrastructure provider. properties: apiVersion: @@ -6805,7 +7807,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -6836,13 +7837,13 @@ data: x-kubernetes-map-type: atomic nodeDrainTimeout: description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. + nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` type: string providerID: description: |- - ProviderID is the identification ID of the machine provided by the provider. + providerID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out @@ -6855,7 +7856,7 @@ data: type: string version: description: |- - Version defines the desired Kubernetes version. + version defines the desired Kubernetes version. This field is meant to be optionally used by bootstrap providers. type: string required: @@ -6870,50 +7871,50 @@ data: - template type: object status: - description: MachineDeploymentStatus defines the observed state of MachineDeployment. + description: status is the observed state of MachineDeployment. properties: availableReplicas: description: |- - Total number of available machines (ready for at least minReadySeconds) + availableReplicas is the total number of available machines (ready for at least minReadySeconds) targeted by this deployment. format: int32 type: integer conditions: - description: Conditions defines current service state of the MachineDeployment. + description: conditions defines current service state of the MachineDeployment. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -6923,32 +7924,34 @@ data: type: object type: array observedGeneration: - description: The generation observed by the deployment controller. + description: observedGeneration is the generation observed by the + deployment controller. format: int64 type: integer phase: - description: Phase represents the current phase of a MachineDeployment + description: phase represents the current phase of a MachineDeployment (ScalingUp, ScalingDown, Running, Failed, or Unknown). type: string readyReplicas: - description: Total number of ready machines targeted by this deployment. + description: readyReplicas is the total number of ready machines targeted + by this deployment. format: int32 type: integer replicas: description: |- - Total number of non-terminated machines targeted by this deployment + replicas is the total number of non-terminated machines targeted by this deployment (their labels match the selector). format: int32 type: integer selector: description: |- - Selector is the same as the label selector but in the string format to avoid introspection + selector is the same as the label selector but in the string format to avoid introspection by clients. The string will be in the same format as the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors type: string unavailableReplicas: description: |- - Total number of unavailable machines targeted by this deployment. + unavailableReplicas is the total number of unavailable machines targeted by this deployment. This is the total number of machines that are still required for the deployment to have 100% available capacity. They may either be machines that are running but not yet available or machines @@ -6957,7 +7960,7 @@ data: type: integer updatedReplicas: description: |- - Total number of non-terminated machines targeted by this deployment + updatedReplicas is the total number of non-terminated machines targeted by this deployment that have the desired template spec. format: int32 type: integer @@ -7033,37 +8036,66 @@ data: metadata: type: object spec: - description: MachineDeploymentSpec defines the desired state of MachineDeployment. + description: spec is the desired state of MachineDeployment. properties: clusterName: - description: ClusterName is the name of the Cluster this object belongs + description: clusterName is the name of the Cluster this object belongs to. + maxLength: 63 minLength: 1 type: string + machineNamingStrategy: + description: |- + machineNamingStrategy allows changing the naming pattern used when creating Machines. + Note: InfraMachines & BootstrapConfigs will use the same name as the corresponding Machines. + properties: + template: + description: |- + template defines the template to use for generating the names of the + Machine objects. + If not defined, it will fallback to `{{ .machineSet.name }}-{{ .random }}`. + If the generated name string exceeds 63 characters, it will be trimmed to + 58 characters and will + get concatenated with a random suffix of length 5. + Length of the template string must not exceed 256 characters. + The template allows the following variables `.cluster.name`, + `.machineSet.name` and `.random`. + The variable `.cluster.name` retrieves the name of the cluster object + that owns the Machines being created. + The variable `.machineSet.name` retrieves the name of the MachineSet + object that owns the Machines being created. + The variable `.random` is substituted with random alphanumeric string, + without vowels, of length 5. This variable is required part of the + template. If not provided, validation will fail. + maxLength: 256 + minLength: 1 + type: string + type: object minReadySeconds: description: |- - MinReadySeconds is the minimum number of seconds for which a Node for a newly created machine should be ready before considering the replica available. + minReadySeconds is the minimum number of seconds for which a Node for a newly created machine should be ready before considering the replica available. Defaults to 0 (machine will be considered available as soon as the Node is ready) format: int32 type: integer paused: - description: Indicates that the deployment is paused. + description: paused indicates that the deployment is paused. type: boolean progressDeadlineSeconds: description: |- - The maximum time in seconds for a deployment to make progress before it + progressDeadlineSeconds is the maximum time in seconds for a deployment to make progress before it is considered to be failed. The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status. Note that progress will not be estimated during the time a deployment is paused. Defaults to 600s. + + Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/11470 for more details. format: int32 type: integer replicas: description: |- - Number of desired machines. + replicas is the number of desired machines. This is a pointer to distinguish between explicit zero and not specified. - Defaults to: * if the Kubernetes autoscaler min size and max size annotations are set: - if it's a new MachineDeployment, use min size @@ -7082,17 +8114,16 @@ data: type: integer revisionHistoryLimit: description: |- - The number of old MachineSets to retain to allow rollback. + revisionHistoryLimit is the number of old MachineSets to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1. - Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/10479 for more details. format: int32 type: integer rolloutAfter: description: |- - RolloutAfter is a field to indicate a rollout should be performed + rolloutAfter is a field to indicate a rollout should be performed after the specified time even if no changes have been made to the MachineDeployment. Example: In the YAML the time can be specified in the RFC3339 format. @@ -7102,7 +8133,7 @@ data: type: string selector: description: |- - Label selector for machines. Existing MachineSets whose machines are + selector is the label selector for machines. Existing MachineSets whose machines are selected by this will be the ones affected by this deployment. It must match the machine template's labels. properties: @@ -7151,12 +8182,12 @@ data: x-kubernetes-map-type: atomic strategy: description: |- - The deployment strategy to use to replace existing machines with + strategy is the deployment strategy to use to replace existing machines with new ones. properties: remediation: description: |- - Remediation controls the strategy of remediating unhealthy machines + remediation controls the strategy of remediating unhealthy machines and how remediating operations should occur during the lifecycle of the dependant MachineSets. properties: maxInFlight: @@ -7164,34 +8195,30 @@ data: - type: integer - type: string description: |- - MaxInFlight determines how many in flight remediations should happen at the same time. - + maxInFlight determines how many in flight remediations should happen at the same time. Remediation only happens on the MachineSet with the most current revision, while older MachineSets (usually present during rollout operations) aren't allowed to remediate. - Note: In general (independent of remediations), unhealthy machines are always prioritized during scale down operations over healthy ones. - MaxInFlight can be set to a fixed number or a percentage. Example: when this is set to 20%, the MachineSet controller deletes at most 20% of the desired replicas. - If not set, remediation is limited to all machines (bounded by replicas) under the active MachineSet's management. x-kubernetes-int-or-string: true type: object rollingUpdate: description: |- - Rolling update config params. Present only if + rollingUpdate is the rolling update config params. Present only if MachineDeploymentStrategyType = RollingUpdate. properties: deletePolicy: description: |- - DeletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling. + deletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling. Valid values are "Random, "Newest", "Oldest" When no value is supplied, the default DeletePolicy of MachineSet is used enum: @@ -7204,7 +8231,7 @@ data: - type: integer - type: string description: |- - The maximum number of machines that can be scheduled above the + maxSurge is the maximum number of machines that can be scheduled above the desired number of machines. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). @@ -7223,7 +8250,7 @@ data: - type: integer - type: string description: |- - The maximum number of machines that can be unavailable during the update. + maxUnavailable is the maximum number of machines that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). Absolute number is calculated from percentage by rounding down. @@ -7239,7 +8266,7 @@ data: type: object type: description: |- - Type of deployment. Allowed values are RollingUpdate and OnDelete. + type of deployment. Allowed values are RollingUpdate and OnDelete. The default is RollingUpdate. enum: - RollingUpdate @@ -7247,18 +8274,18 @@ data: type: string type: object template: - description: Template describes the machines that will be created. + description: template describes the machines that will be created. properties: metadata: description: |- - Standard object's metadata. + metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata properties: annotations: additionalProperties: type: string description: |- - Annotations is an unstructured key value map stored with a resource that may be + annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations @@ -7267,7 +8294,7 @@ data: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels @@ -7275,17 +8302,17 @@ data: type: object spec: description: |- - Specification of the desired behavior of the machine. + spec is the specification of the desired behavior of the machine. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status properties: bootstrap: description: |- - Bootstrap is a reference to a local struct which encapsulates + bootstrap is a reference to a local struct which encapsulates fields to configure the Machine’s bootstrapping mechanism. properties: configRef: description: |- - ConfigRef is a reference to a bootstrap provider-specific resource + configRef is a reference to a bootstrap provider-specific resource that holds configuration details. The reference is optional to allow users/operators to specify Bootstrap.DataSecretName without the need of a controller. @@ -7302,7 +8329,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -7333,23 +8359,28 @@ data: x-kubernetes-map-type: atomic dataSecretName: description: |- - DataSecretName is the name of the secret that stores the bootstrap data script. + dataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine should remain in the Pending state. + maxLength: 253 + minLength: 0 type: string type: object clusterName: - description: ClusterName is the name of the Cluster this object + description: clusterName is the name of the Cluster this object belongs to. + maxLength: 63 minLength: 1 type: string failureDomain: description: |- - FailureDomain is the failure domain the machine will be created in. + failureDomain is the failure domain the machine will be created in. Must match a key in the FailureDomains map stored on the cluster object. + maxLength: 256 + minLength: 1 type: string infrastructureRef: description: |- - InfrastructureRef is a required reference to a custom resource + infrastructureRef is a required reference to a custom resource offered by an infrastructure provider. properties: apiVersion: @@ -7364,7 +8395,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -7395,24 +8425,24 @@ data: x-kubernetes-map-type: atomic nodeDeletionTimeout: description: |- - NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine + nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. Defaults to 10 seconds. type: string nodeDrainTimeout: description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. + nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` type: string nodeVolumeDetachTimeout: description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes + nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. type: string providerID: description: |- - ProviderID is the identification ID of the machine provided by the provider. + providerID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out @@ -7422,11 +8452,63 @@ data: and then a comparison is done to find out unregistered machines and are marked for delete. This field will be set by the actuators and consumed by higher level entities like autoscaler that will be interfacing with cluster-api as generic provider. + maxLength: 512 + minLength: 1 type: string + readinessGates: + description: |- + readinessGates specifies additional conditions to include when evaluating Machine Ready condition. + + This field can be used e.g. by Cluster API control plane providers to extend the semantic of the + Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates + for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc. + + Another example are external controllers, e.g. responsible to install special software/hardware on the Machines; + they can include the status of those components with a new condition and add this condition to ReadinessGates. + + NOTE: This field is considered only for computing v1beta2 conditions. + NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those + readiness gates condition are reporting the same message, when computing the Machine's Ready condition those + readinessGates will be replaced by a single entry reporting "Control plane components: " + message. + This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster). + items: + description: MachineReadinessGate contains the type of a + Machine condition to be used as a readiness gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Machine's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this readinessGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map version: description: |- - Version defines the desired Kubernetes version. + version defines the desired Kubernetes version. This field is meant to be optionally used by bootstrap providers. + maxLength: 256 + minLength: 1 type: string required: - bootstrap @@ -7440,52 +8522,59 @@ data: - template type: object status: - description: MachineDeploymentStatus defines the observed state of MachineDeployment. + description: status is the observed state of MachineDeployment. properties: availableReplicas: description: |- - Total number of available machines (ready for at least minReadySeconds) + availableReplicas is the total number of available machines (ready for at least minReadySeconds) targeted by this deployment. format: int32 type: integer conditions: - description: Conditions defines current service state of the MachineDeployment. + description: conditions defines current service state of the MachineDeployment. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. + maxLength: 256 + minLength: 1 type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime @@ -7494,44 +8583,143 @@ data: type: object type: array observedGeneration: - description: The generation observed by the deployment controller. + description: observedGeneration is the generation observed by the + deployment controller. format: int64 type: integer phase: - description: Phase represents the current phase of a MachineDeployment + description: phase represents the current phase of a MachineDeployment (ScalingUp, ScalingDown, Running, Failed, or Unknown). + enum: + - ScalingUp + - ScalingDown + - Running + - Failed + - Unknown type: string readyReplicas: - description: Total number of ready machines targeted by this deployment. + description: readyReplicas is the total number of ready machines targeted + by this deployment. format: int32 type: integer replicas: description: |- - Total number of non-terminated machines targeted by this deployment + replicas is the total number of non-terminated machines targeted by this deployment (their labels match the selector). format: int32 type: integer selector: description: |- - Selector is the same as the label selector but in the string format to avoid introspection + selector is the same as the label selector but in the string format to avoid introspection by clients. The string will be in the same format as the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors + maxLength: 4096 + minLength: 1 type: string unavailableReplicas: description: |- - Total number of unavailable machines targeted by this deployment. + unavailableReplicas is the total number of unavailable machines targeted by this deployment. This is the total number of machines that are still required for the deployment to have 100% available capacity. They may either be machines that are running but not yet available or machines that still have not been created. + + Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. format: int32 type: integer updatedReplicas: description: |- - Total number of non-terminated machines targeted by this deployment + updatedReplicas is the total number of non-terminated machines targeted by this deployment that have the desired template spec. format: int32 type: integer + v1beta2: + description: v1beta2 groups all the fields that will be added or modified + in MachineDeployment's status with the V1Beta2 version. + properties: + availableReplicas: + description: availableReplicas is the number of available replicas + for this MachineDeployment. A machine is considered available + when Machine's Available condition is true. + format: int32 + type: integer + conditions: + description: |- + conditions represents the observations of a MachineDeployment's current state. + Known condition types are Available, MachinesReady, MachinesUpToDate, ScalingUp, ScalingDown, Remediating, Deleting, Paused. + items: + description: Condition contains details for one aspect of the + current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + readyReplicas: + description: readyReplicas is the number of ready replicas for + this MachineDeployment. A machine is considered ready when Machine's + Ready condition is true. + format: int32 + type: integer + upToDateReplicas: + description: upToDateReplicas is the number of up-to-date replicas + targeted by this deployment. A machine is considered up-to-date + when Machine's UpToDate condition is true. + format: int32 + type: integer + type: object type: object type: object served: true @@ -7548,10 +8736,10 @@ data: metadata: annotations: cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 labels: cluster.x-k8s.io/provider: cluster-api - name: machinehealthchecks.cluster.x-k8s.io + name: machinedrainrules.cluster.x-k8s.io spec: conversion: strategy: Webhook @@ -7568,36 +8756,445 @@ data: names: categories: - cluster-api - kind: MachineHealthCheck - listKind: MachineHealthCheckList - plural: machinehealthchecks - shortNames: - - mhc - - mhcs - singular: machinehealthcheck + kind: MachineDrainRule + listKind: MachineDrainRuleList + plural: machinedrainrules + singular: machinedrainrule scope: Namespaced versions: - additionalPrinterColumns: - - description: Maximum number of unhealthy machines allowed - jsonPath: .spec.maxUnhealthy - name: MaxUnhealthy + - description: Drain behavior + jsonPath: .spec.drain.behavior + name: Behavior type: string - - description: Number of machines currently monitored - jsonPath: .status.expectedMachines - name: ExpectedMachines - type: integer - - description: Current observed healthy machines - jsonPath: .status.currentHealthy - name: CurrentHealthy - type: integer - deprecated: true - name: v1alpha3 - schema: + - description: Drain order + jsonPath: .spec.drain.order + name: Order + type: string + - description: Time duration since creation of the MachineDrainRule + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: MachineDrainRule is the Schema for the MachineDrainRule API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec defines the spec of a MachineDrainRule. + properties: + drain: + description: drain configures if and how Pods are drained. + properties: + behavior: + description: |- + behavior defines the drain behavior. + Can be either "Drain", "Skip", or "WaitCompleted". + "Drain" means that the Pods to which this MachineDrainRule applies will be drained. + If behavior is set to "Drain" the order in which Pods are drained can be configured + with the order field. When draining Pods of a Node the Pods will be grouped by order + and one group after another will be drained (by increasing order). Cluster API will + wait until all Pods of a group are terminated / removed from the Node before starting + with the next group. + "Skip" means that the Pods to which this MachineDrainRule applies will be skipped during drain. + "WaitCompleted" means that the pods to which this MachineDrainRule applies will never be evicted + and we wait for them to be completed, it is enforced that pods marked with this behavior always have Order=0. + enum: + - Drain + - Skip + - WaitCompleted + type: string + order: + description: |- + order defines the order in which Pods are drained. + Pods with higher order are drained after Pods with lower order. + order can only be set if behavior is set to "Drain". + If order is not set, 0 will be used. + Valid values for order are from -2147483648 to 2147483647 (inclusive). + format: int32 + type: integer + required: + - behavior + type: object + machines: + description: |- + machines defines to which Machines this MachineDrainRule should be applied. + + If machines is not set, the MachineDrainRule applies to all Machines in the Namespace. + If machines contains multiple selectors, the results are ORed. + Within a single Machine selector the results of selector and clusterSelector are ANDed. + Machines will be selected from all Clusters in the Namespace unless otherwise + restricted with the clusterSelector. + + Example: Selects control plane Machines in all Clusters or + Machines with label "os" == "linux" in Clusters with label + "stage" == "production". + + - selector: + matchExpressions: + - key: cluster.x-k8s.io/control-plane + operator: Exists + - selector: + matchLabels: + os: linux + clusterSelector: + matchExpressions: + - key: stage + operator: In + values: + - production + items: + description: MachineDrainRuleMachineSelector defines to which Machines + this MachineDrainRule should be applied. + minProperties: 1 + properties: + clusterSelector: + description: |- + clusterSelector is a label selector which selects Machines by the labels of + their Clusters. + This field follows standard label selector semantics; if not present or + empty, it selects Machines of all Clusters. + + If selector is also set, then the selector as a whole selects + Machines matching selector belonging to Clusters selected by clusterSelector. + If selector is not set, it selects all Machines belonging to Clusters + selected by clusterSelector. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + selector: + description: |- + selector is a label selector which selects Machines by their labels. + This field follows standard label selector semantics; if not present or + empty, it selects all Machines. + + If clusterSelector is also set, then the selector as a whole selects + Machines matching selector belonging to Clusters selected by clusterSelector. + If clusterSelector is not set, it selects all Machines matching selector in + all Clusters. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: entries in machines must be unique + rule: self.all(x, self.exists_one(y, x == y)) + pods: + description: |- + pods defines to which Pods this MachineDrainRule should be applied. + + If pods is not set, the MachineDrainRule applies to all Pods in all Namespaces. + If pods contains multiple selectors, the results are ORed. + Within a single Pod selector the results of selector and namespaceSelector are ANDed. + Pods will be selected from all Namespaces unless otherwise + restricted with the namespaceSelector. + + Example: Selects Pods with label "app" == "logging" in all Namespaces or + Pods with label "app" == "prometheus" in the "monitoring" + Namespace. + + - selector: + matchExpressions: + - key: app + operator: In + values: + - logging + - selector: + matchLabels: + app: prometheus + namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: monitoring + items: + description: MachineDrainRulePodSelector defines to which Pods this + MachineDrainRule should be applied. + minProperties: 1 + properties: + namespaceSelector: + description: |- + namespaceSelector is a label selector which selects Pods by the labels of + their Namespaces. + This field follows standard label selector semantics; if not present or + empty, it selects Pods of all Namespaces. + + If selector is also set, then the selector as a whole selects + Pods matching selector in Namespaces selected by namespaceSelector. + If selector is not set, it selects all Pods in Namespaces selected by + namespaceSelector. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + selector: + description: |- + selector is a label selector which selects Pods by their labels. + This field follows standard label selector semantics; if not present or + empty, it selects all Pods. + + If namespaceSelector is also set, then the selector as a whole selects + Pods matching selector in Namespaces selected by namespaceSelector. + If namespaceSelector is not set, it selects all Pods matching selector in + all Namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: entries in pods must be unique + rule: self.all(x, self.exists_one(y, x == y)) + required: + - drain + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.17.2 + labels: + cluster.x-k8s.io/provider: cluster-api + name: machinehealthchecks.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: MachineHealthCheck + listKind: MachineHealthCheckList + plural: machinehealthchecks + shortNames: + - mhc + - mhcs + singular: machinehealthcheck + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Maximum number of unhealthy machines allowed + jsonPath: .spec.maxUnhealthy + name: MaxUnhealthy + type: string + - description: Number of machines currently monitored + jsonPath: .status.expectedMachines + name: ExpectedMachines + type: integer + - description: Current observed healthy machines + jsonPath: .status.currentHealthy + name: CurrentHealthy + type: integer + deprecated: true + name: v1alpha3 + schema: openAPIV3Schema: description: |- MachineHealthCheck is the Schema for the machinehealthchecks API. - Deprecated: This type will be removed in one of the next releases. properties: apiVersion: @@ -7618,10 +9215,10 @@ data: metadata: type: object spec: - description: Specification of machine health check policy + description: spec is the specification of machine health check policy properties: clusterName: - description: ClusterName is the name of the Cluster this object belongs + description: clusterName is the name of the Cluster this object belongs to. minLength: 1 type: string @@ -7630,20 +9227,20 @@ data: - type: integer - type: string description: |- - Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by + maxUnhealthy specifies the maximum number of unhealthy machines allowed. + Any further remediation is only allowed if at most "maxUnhealthy" machines selected by "selector" are not healthy. x-kubernetes-int-or-string: true nodeStartupTimeout: description: |- - Machines older than this duration without a node will be considered to have - failed and will be remediated. + nodeStartupTimeout is the duration after which machines without a node will be considered to + have failed and will be remediated. type: string remediationTemplate: description: |- - RemediationTemplate is a reference to a remediation template + remediationTemplate is a reference to a remediation template provided by an infrastructure provider. - This field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Cluster API. @@ -7660,7 +9257,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -7690,8 +9286,8 @@ data: type: object x-kubernetes-map-type: atomic selector: - description: Label selector to match machines whose health will be - exercised + description: selector is the label selector to match machines whose + health will be exercised properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -7738,7 +9334,7 @@ data: x-kubernetes-map-type: atomic unhealthyConditions: description: |- - UnhealthyConditions contains a list of the conditions that determine + unhealthyConditions contains a list of the conditions that determine whether a node is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy. items: @@ -7748,11 +9344,18 @@ data: status for at least the timeout value, a node is considered unhealthy. properties: status: + description: status of the condition, one of True, False, Unknown. minLength: 1 type: string timeout: + description: |- + timeout is the duration that a node must be in a given status for, + after which the node is considered unhealthy. + For example, with a value of "1h", the node must match the status + for at least 1 hour before being considered unhealthy. type: string type: + description: type of Node condition minLength: 1 type: string required: @@ -7768,44 +9371,45 @@ data: - unhealthyConditions type: object status: - description: Most recently observed status of MachineHealthCheck resource + description: status is the most recently observed status of MachineHealthCheck + resource properties: conditions: - description: Conditions defines current service state of the MachineHealthCheck. + description: conditions defines current service state of the MachineHealthCheck. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -7815,31 +9419,31 @@ data: type: object type: array currentHealthy: - description: total number of healthy machines counted by this machine - health check + description: currentHealthy is the total number of healthy machines + counted by this machine health check format: int32 minimum: 0 type: integer expectedMachines: - description: total number of machines counted by this machine health - check + description: expectedMachines is the total number of machines counted + by this machine health check format: int32 minimum: 0 type: integer observedGeneration: - description: ObservedGeneration is the latest generation observed + description: observedGeneration is the latest generation observed by the controller. format: int64 type: integer remediationsAllowed: description: |- - RemediationsAllowed is the number of further remediations allowed by this machine health check before + remediationsAllowed is the number of further remediations allowed by this machine health check before maxUnhealthy short circuiting will be applied format: int32 minimum: 0 type: integer targets: - description: Targets shows the current list of machines the machine + description: targets shows the current list of machines the machine health check is watching items: type: string @@ -7878,7 +9482,6 @@ data: description: |- MachineHealthCheck is the Schema for the machinehealthchecks API. - Deprecated: This type will be removed in one of the next releases. properties: apiVersion: @@ -7899,10 +9502,10 @@ data: metadata: type: object spec: - description: Specification of machine health check policy + description: spec is the specification of machine health check policy properties: clusterName: - description: ClusterName is the name of the Cluster this object belongs + description: clusterName is the name of the Cluster this object belongs to. minLength: 1 type: string @@ -7911,22 +9514,22 @@ data: - type: integer - type: string description: |- - Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by + maxUnhealthy specifies the maximum number of unhealthy machines allowed. + Any further remediation is only allowed if at most "maxUnhealthy" machines selected by "selector" are not healthy. x-kubernetes-int-or-string: true nodeStartupTimeout: description: |- - Machines older than this duration without a node will be considered to have - failed and will be remediated. + nodeStartupTimeout is the duration after which machines without a node will be considered to + have failed and will be remediated. If not set, this value is defaulted to 10 minutes. If you wish to disable this feature, set the value explicitly to 0. type: string remediationTemplate: description: |- - RemediationTemplate is a reference to a remediation template + remediationTemplate is a reference to a remediation template provided by an infrastructure provider. - This field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Cluster API. @@ -7943,7 +9546,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -7973,8 +9575,8 @@ data: type: object x-kubernetes-map-type: atomic selector: - description: Label selector to match machines whose health will be - exercised + description: selector is the label selector to match machines whose + health will be exercised properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -8021,7 +9623,7 @@ data: x-kubernetes-map-type: atomic unhealthyConditions: description: |- - UnhealthyConditions contains a list of the conditions that determine + unhealthyConditions contains a list of the conditions that determine whether a node is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy. items: @@ -8031,11 +9633,18 @@ data: status for at least the timeout value, a node is considered unhealthy. properties: status: + description: status of the condition, one of True, False, Unknown. minLength: 1 type: string timeout: + description: |- + timeout is the duration that a node must be in a given status for, + after which the node is considered unhealthy. + For example, with a value of "1h", the node must match the status + for at least 1 hour before being considered unhealthy. type: string type: + description: type of Node condition minLength: 1 type: string required: @@ -8047,8 +9656,9 @@ data: type: array unhealthyRange: description: |- + unhealthyRange specifies the range of unhealthy machines allowed. Any further remediation is only allowed if the number of machines selected by "selector" as not healthy - is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy. + is within the range of "unhealthyRange". Takes precedence over maxUnhealthy. Eg. "[3-5]" - This means that remediation will be allowed only when: (a) there are at least 3 unhealthy machines (and) (b) there are at most 5 unhealthy machines @@ -8060,44 +9670,45 @@ data: - unhealthyConditions type: object status: - description: Most recently observed status of MachineHealthCheck resource + description: status is the most recently observed status of MachineHealthCheck + resource properties: conditions: - description: Conditions defines current service state of the MachineHealthCheck. + description: conditions defines current service state of the MachineHealthCheck. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -8107,31 +9718,31 @@ data: type: object type: array currentHealthy: - description: total number of healthy machines counted by this machine - health check + description: currentHealthy is the total number of healthy machines + counted by this machine health check format: int32 minimum: 0 type: integer expectedMachines: - description: total number of machines counted by this machine health - check + description: expectedMachines is the total number of machines counted + by this machine health check format: int32 minimum: 0 type: integer observedGeneration: - description: ObservedGeneration is the latest generation observed + description: observedGeneration is the latest generation observed by the controller. format: int64 type: integer remediationsAllowed: description: |- - RemediationsAllowed is the number of further remediations allowed by this machine health check before + remediationsAllowed is the number of further remediations allowed by this machine health check before maxUnhealthy short circuiting will be applied format: int32 minimum: 0 type: integer targets: - description: Targets shows the current list of machines the machine + description: targets shows the current list of machines the machine health check is watching items: type: string @@ -8187,11 +9798,12 @@ data: metadata: type: object spec: - description: Specification of machine health check policy + description: spec is the specification of machine health check policy properties: clusterName: - description: ClusterName is the name of the Cluster this object belongs + description: clusterName is the name of the Cluster this object belongs to. + maxLength: 63 minLength: 1 type: string maxUnhealthy: @@ -8199,35 +9811,32 @@ data: - type: integer - type: string description: |- - Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by + maxUnhealthy specifies the maximum number of unhealthy machines allowed. + Any further remediation is only allowed if at most "maxUnhealthy" machines selected by "selector" are not healthy. - Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/10722 for more details. x-kubernetes-int-or-string: true nodeStartupTimeout: description: |- - NodeStartupTimeout allows to set the maximum time for MachineHealthCheck + nodeStartupTimeout allows to set the maximum time for MachineHealthCheck to consider a Machine unhealthy if a corresponding Node isn't associated through a `Spec.ProviderID` field. - The duration set in this field is compared to the greatest of: - Cluster's infrastructure ready condition timestamp (if and when available) - Control Plane's initialized condition timestamp (if and when available) - Machine's infrastructure ready condition timestamp (if and when available) - Machine's metadata creation timestamp - Defaults to 10 minutes. If you wish to disable this feature, set the value explicitly to 0. type: string remediationTemplate: description: |- - RemediationTemplate is a reference to a remediation template + remediationTemplate is a reference to a remediation template provided by an infrastructure provider. - This field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Cluster API. @@ -8244,7 +9853,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -8274,8 +9882,8 @@ data: type: object x-kubernetes-map-type: atomic selector: - description: Label selector to match machines whose health will be - exercised + description: selector is a label selector to match machines whose + health will be exercised properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -8322,7 +9930,7 @@ data: x-kubernetes-map-type: atomic unhealthyConditions: description: |- - UnhealthyConditions contains a list of the conditions that determine + unhealthyConditions contains a list of the conditions that determine whether a node is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy. items: @@ -8332,11 +9940,18 @@ data: status for at least the timeout value, a node is considered unhealthy. properties: status: + description: status of the condition, one of True, False, Unknown. minLength: 1 type: string timeout: + description: |- + timeout is the duration that a node must be in a given status for, + after which the node is considered unhealthy. + For example, with a value of "1h", the node must match the status + for at least 1 hour before being considered unhealthy. type: string type: + description: type of Node condition minLength: 1 type: string required: @@ -8344,17 +9959,20 @@ data: - timeout - type type: object + maxItems: 100 type: array unhealthyRange: description: |- + unhealthyRange specifies the range of unhealthy machines allowed. Any further remediation is only allowed if the number of machines selected by "selector" as not healthy - is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy. + is within the range of "unhealthyRange". Takes precedence over maxUnhealthy. Eg. "[3-5]" - This means that remediation will be allowed only when: (a) there are at least 3 unhealthy machines (and) (b) there are at most 5 unhealthy machines - Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/10722 for more details. + maxLength: 32 + minLength: 1 pattern: ^\[[0-9]+-[0-9]+\]$ type: string required: @@ -8362,46 +9980,54 @@ data: - selector type: object status: - description: Most recently observed status of MachineHealthCheck resource + description: status is the most recently observed status of MachineHealthCheck + resource properties: conditions: - description: Conditions defines current service state of the MachineHealthCheck. + description: conditions defines current service state of the MachineHealthCheck. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. + maxLength: 256 + minLength: 1 type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime @@ -8410,35 +10036,107 @@ data: type: object type: array currentHealthy: - description: total number of healthy machines counted by this machine - health check + description: currentHealthy is the total number of healthy machines + counted by this machine health check format: int32 minimum: 0 type: integer expectedMachines: - description: total number of machines counted by this machine health - check + description: expectedMachines is the total number of machines counted + by this machine health check format: int32 minimum: 0 type: integer observedGeneration: - description: ObservedGeneration is the latest generation observed + description: observedGeneration is the latest generation observed by the controller. format: int64 type: integer remediationsAllowed: description: |- - RemediationsAllowed is the number of further remediations allowed by this machine health check before + remediationsAllowed is the number of further remediations allowed by this machine health check before maxUnhealthy short circuiting will be applied format: int32 minimum: 0 type: integer targets: - description: Targets shows the current list of machines the machine + description: targets shows the current list of machines the machine health check is watching items: + maxLength: 253 + minLength: 1 type: string + maxItems: 10000 type: array + v1beta2: + description: v1beta2 groups all the fields that will be added or modified + in MachineHealthCheck's status with the V1Beta2 version. + properties: + conditions: + description: |- + conditions represents the observations of a MachineHealthCheck's current state. + Known condition types are RemediationAllowed, Paused. + items: + description: Condition contains details for one aspect of the + current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object type: object type: object served: true @@ -8451,7 +10149,7 @@ data: metadata: annotations: cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 labels: cluster.x-k8s.io/provider: cluster-api name: machinepools.cluster.x-k8s.io @@ -8500,7 +10198,6 @@ data: description: |- MachinePool is the Schema for the machinepools API. - Deprecated: This type will be removed in one of the next releases. properties: apiVersion: @@ -8521,22 +10218,22 @@ data: metadata: type: object spec: - description: MachinePoolSpec defines the desired state of MachinePool. + description: spec is the desired state of MachinePool. properties: clusterName: - description: ClusterName is the name of the Cluster this object belongs + description: clusterName is the name of the Cluster this object belongs to. minLength: 1 type: string failureDomains: - description: FailureDomains is the list of failure domains this MachinePool + description: failureDomains is the list of failure domains this MachinePool should be attached to. items: type: string type: array minReadySeconds: description: |- - Minimum number of seconds for which a newly created machine instances should + minReadySeconds is the minimum number of seconds for which a newly created machine instances should be ready. Defaults to 0 (machine instance will be considered available as soon as it is ready) @@ -8544,25 +10241,25 @@ data: type: integer providerIDList: description: |- - ProviderIDList are the identification IDs of machine instances provided by the provider. + providerIDList are the identification IDs of machine instances provided by the provider. This field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances. items: type: string type: array replicas: description: |- - Number of desired machines. Defaults to 1. + replicas is the number of desired machines. Defaults to 1. This is a pointer to distinguish between explicit zero and not specified. format: int32 type: integer strategy: description: |- - The deployment strategy to use to replace existing machine instances with + strategy is the deployment strategy to use to replace existing machine instances with new ones. properties: rollingUpdate: description: |- - Rolling update config params. Present only if + rollingUpdate is the rolling update config params. Present only if MachineDeploymentStrategyType = RollingUpdate. properties: maxSurge: @@ -8570,7 +10267,7 @@ data: - type: integer - type: string description: |- - The maximum number of machines that can be scheduled above the + maxSurge is the maximum number of machines that can be scheduled above the desired number of machines. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). @@ -8589,7 +10286,7 @@ data: - type: integer - type: string description: |- - The maximum number of machines that can be unavailable during the update. + maxUnavailable is the maximum number of machines that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). Absolute number is calculated from percentage by rounding down. @@ -8605,31 +10302,31 @@ data: type: object type: description: |- - Type of deployment. Currently the only supported strategy is + type of deployment. Currently the only supported strategy is "RollingUpdate". Default is RollingUpdate. type: string type: object template: - description: Template describes the machines that will be created. + description: template describes the machines that will be created. properties: metadata: description: |- - Standard object's metadata. + metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata properties: annotations: additionalProperties: type: string description: |- - Annotations is an unstructured key value map stored with a resource that may be + annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations type: object generateName: description: |- - GenerateName is an optional prefix, used by the server, to generate a unique + generateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. @@ -8637,63 +10334,56 @@ data: and may be truncated by the length of the suffix required to make the value unique on the server. - If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). - Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency - Deprecated: This field has no function and is going to be removed in a next release. type: string labels: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels type: object name: description: |- - Name must be unique within a namespace. Is required when creating resources, although + name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names - Deprecated: This field has no function and is going to be removed in a next release. type: string namespace: description: |- - Namespace defines the space within each name must be unique. An empty namespace is + namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. - Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces - Deprecated: This field has no function and is going to be removed in a next release. type: string ownerReferences: description: |- - List of objects depended by this object. If ALL objects in the list have + ownerReferences is the list of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. - Deprecated: This field has no function and is going to be removed in a next release. items: description: |- @@ -8745,17 +10435,17 @@ data: type: object spec: description: |- - Specification of the desired behavior of the machine. + spec is the specification of the desired behavior of the machine. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status properties: bootstrap: description: |- - Bootstrap is a reference to a local struct which encapsulates + bootstrap is a reference to a local struct which encapsulates fields to configure the Machine’s bootstrapping mechanism. properties: configRef: description: |- - ConfigRef is a reference to a bootstrap provider-specific resource + configRef is a reference to a bootstrap provider-specific resource that holds configuration details. The reference is optional to allow users/operators to specify Bootstrap.Data without the need of a controller. @@ -8772,7 +10462,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -8803,31 +10492,30 @@ data: x-kubernetes-map-type: atomic data: description: |- - Data contains the bootstrap data, such as cloud-init details scripts. + data contains the bootstrap data, such as cloud-init details scripts. If nil, the Machine should remain in the Pending state. - Deprecated: Switch to DataSecretName. type: string dataSecretName: description: |- - DataSecretName is the name of the secret that stores the bootstrap data script. + dataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine should remain in the Pending state. type: string type: object clusterName: - description: ClusterName is the name of the Cluster this object + description: clusterName is the name of the Cluster this object belongs to. minLength: 1 type: string failureDomain: description: |- - FailureDomain is the failure domain the machine will be created in. + failureDomain is the failure domain the machine will be created in. Must match a key in the FailureDomains map stored on the cluster object. type: string infrastructureRef: description: |- - InfrastructureRef is a required reference to a custom resource + infrastructureRef is a required reference to a custom resource offered by an infrastructure provider. properties: apiVersion: @@ -8842,7 +10530,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -8873,13 +10560,13 @@ data: x-kubernetes-map-type: atomic nodeDrainTimeout: description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. + nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` type: string providerID: description: |- - ProviderID is the identification ID of the machine provided by the provider. + providerID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out @@ -8892,7 +10579,7 @@ data: type: string version: description: |- - Version defines the desired Kubernetes version. + version defines the desired Kubernetes version. This field is meant to be optionally used by bootstrap providers. type: string required: @@ -8906,52 +10593,52 @@ data: - template type: object status: - description: MachinePoolStatus defines the observed state of MachinePool. + description: status is the observed state of MachinePool. properties: availableReplicas: - description: The number of available replicas (ready for at least - minReadySeconds) for this MachinePool. + description: availableReplicas is the number of available replicas + (ready for at least minReadySeconds) for this MachinePool. format: int32 type: integer bootstrapReady: - description: BootstrapReady is the state of the bootstrap provider. + description: bootstrapReady is the state of the bootstrap provider. type: boolean conditions: - description: Conditions define the current service state of the MachinePool. + description: conditions define the current service state of the MachinePool. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -8962,40 +10649,24 @@ data: type: array failureMessage: description: |- - FailureMessage indicates that there is a problem reconciling the state, + failureMessage indicates that there is a problem reconciling the state, and will be set to a descriptive error message. type: string failureReason: description: |- - FailureReason indicates that there is a problem reconciling the state, and + failureReason indicates that there is a problem reconciling the state, and will be set to a token value suitable for programmatic interpretation. type: string infrastructureReady: - description: InfrastructureReady is the state of the infrastructure + description: infrastructureReady is the state of the infrastructure provider. type: boolean nodeRefs: - description: NodeRefs will point to the corresponding Nodes if it + description: nodeRefs will point to the corresponding Nodes if it they exist. items: - description: |- - ObjectReference contains enough information to let you inspect or modify the referred object. - --- - New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. - 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. - 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular - restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". - Those cannot be well described when embedded. - 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. - 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity - during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple - and the version of the actual struct is irrelevant. - 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type - will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. - - - Instead of using this type, create a locally provided and used type that is well-focused on your reference. - For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . + description: ObjectReference contains enough information to let + you inspect or modify the referred object. properties: apiVersion: description: API version of the referent. @@ -9009,7 +10680,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -9040,28 +10710,28 @@ data: x-kubernetes-map-type: atomic type: array observedGeneration: - description: ObservedGeneration is the latest generation observed + description: observedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: description: |- - Phase represents the current phase of cluster actuation. + phase represents the current phase of cluster actuation. E.g. Pending, Running, Terminating, Failed etc. type: string readyReplicas: - description: The number of ready replicas for this MachinePool. A - machine is considered ready when the node has been created and is - "Ready". + description: readyReplicas is the number of ready replicas for this + MachinePool. A machine is considered ready when the node has been + created and is "Ready". format: int32 type: integer replicas: - description: Replicas is the most recently observed number of replicas. + description: replicas is the most recently observed number of replicas. format: int32 type: integer unavailableReplicas: description: |- - Total number of unavailable machine instances targeted by this machine pool. + unavailableReplicas is the total number of unavailable machine instances targeted by this machine pool. This is the total number of machine instances that are still required for the machine pool to have 100% available capacity. They may either be machine instances that are running but not yet available or machine instances @@ -9102,7 +10772,6 @@ data: description: |- MachinePool is the Schema for the machinepools API. - Deprecated: This type will be removed in one of the next releases. properties: apiVersion: @@ -9123,22 +10792,22 @@ data: metadata: type: object spec: - description: MachinePoolSpec defines the desired state of MachinePool. + description: spec is the desired state of MachinePool. properties: clusterName: - description: ClusterName is the name of the Cluster this object belongs + description: clusterName is the name of the Cluster this object belongs to. minLength: 1 type: string failureDomains: - description: FailureDomains is the list of failure domains this MachinePool + description: failureDomains is the list of failure domains this MachinePool should be attached to. items: type: string type: array minReadySeconds: description: |- - Minimum number of seconds for which a newly created machine instances should + minReadySeconds is the minimum number of seconds for which a newly created machine instances should be ready. Defaults to 0 (machine instance will be considered available as soon as it is ready) @@ -9146,30 +10815,30 @@ data: type: integer providerIDList: description: |- - ProviderIDList are the identification IDs of machine instances provided by the provider. + providerIDList are the identification IDs of machine instances provided by the provider. This field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances. items: type: string type: array replicas: description: |- - Number of desired machines. Defaults to 1. + replicas is the number of desired machines. Defaults to 1. This is a pointer to distinguish between explicit zero and not specified. format: int32 type: integer template: - description: Template describes the machines that will be created. + description: template describes the machines that will be created. properties: metadata: description: |- - Standard object's metadata. + metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata properties: annotations: additionalProperties: type: string description: |- - Annotations is an unstructured key value map stored with a resource that may be + annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations @@ -9178,7 +10847,7 @@ data: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels @@ -9186,17 +10855,17 @@ data: type: object spec: description: |- - Specification of the desired behavior of the machine. + spec is the specification of the desired behavior of the machine. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status properties: bootstrap: description: |- - Bootstrap is a reference to a local struct which encapsulates + bootstrap is a reference to a local struct which encapsulates fields to configure the Machine’s bootstrapping mechanism. properties: configRef: description: |- - ConfigRef is a reference to a bootstrap provider-specific resource + configRef is a reference to a bootstrap provider-specific resource that holds configuration details. The reference is optional to allow users/operators to specify Bootstrap.DataSecretName without the need of a controller. @@ -9213,7 +10882,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -9244,23 +10912,23 @@ data: x-kubernetes-map-type: atomic dataSecretName: description: |- - DataSecretName is the name of the secret that stores the bootstrap data script. + dataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine should remain in the Pending state. type: string type: object clusterName: - description: ClusterName is the name of the Cluster this object + description: clusterName is the name of the Cluster this object belongs to. minLength: 1 type: string failureDomain: description: |- - FailureDomain is the failure domain the machine will be created in. + failureDomain is the failure domain the machine will be created in. Must match a key in the FailureDomains map stored on the cluster object. type: string infrastructureRef: description: |- - InfrastructureRef is a required reference to a custom resource + infrastructureRef is a required reference to a custom resource offered by an infrastructure provider. properties: apiVersion: @@ -9275,7 +10943,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -9306,13 +10973,13 @@ data: x-kubernetes-map-type: atomic nodeDrainTimeout: description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. + nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` type: string providerID: description: |- - ProviderID is the identification ID of the machine provided by the provider. + providerID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out @@ -9325,7 +10992,7 @@ data: type: string version: description: |- - Version defines the desired Kubernetes version. + version defines the desired Kubernetes version. This field is meant to be optionally used by bootstrap providers. type: string required: @@ -9339,52 +11006,52 @@ data: - template type: object status: - description: MachinePoolStatus defines the observed state of MachinePool. + description: status is the observed state of MachinePool. properties: availableReplicas: - description: The number of available replicas (ready for at least - minReadySeconds) for this MachinePool. + description: availableReplicas is the number of available replicas + (ready for at least minReadySeconds) for this MachinePool. format: int32 type: integer bootstrapReady: - description: BootstrapReady is the state of the bootstrap provider. + description: bootstrapReady is the state of the bootstrap provider. type: boolean conditions: - description: Conditions define the current service state of the MachinePool. + description: conditions define the current service state of the MachinePool. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -9395,40 +11062,24 @@ data: type: array failureMessage: description: |- - FailureMessage indicates that there is a problem reconciling the state, + failureMessage indicates that there is a problem reconciling the state, and will be set to a descriptive error message. type: string failureReason: description: |- - FailureReason indicates that there is a problem reconciling the state, and + failureReason indicates that there is a problem reconciling the state, and will be set to a token value suitable for programmatic interpretation. type: string infrastructureReady: - description: InfrastructureReady is the state of the infrastructure + description: infrastructureReady is the state of the infrastructure provider. type: boolean nodeRefs: - description: NodeRefs will point to the corresponding Nodes if it + description: nodeRefs will point to the corresponding Nodes if it they exist. items: - description: |- - ObjectReference contains enough information to let you inspect or modify the referred object. - --- - New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. - 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. - 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular - restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". - Those cannot be well described when embedded. - 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. - 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity - during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple - and the version of the actual struct is irrelevant. - 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type - will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. - - - Instead of using this type, create a locally provided and used type that is well-focused on your reference. - For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . + description: ObjectReference contains enough information to let + you inspect or modify the referred object. properties: apiVersion: description: API version of the referent. @@ -9442,7 +11093,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -9473,28 +11123,28 @@ data: x-kubernetes-map-type: atomic type: array observedGeneration: - description: ObservedGeneration is the latest generation observed + description: observedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: description: |- - Phase represents the current phase of cluster actuation. + phase represents the current phase of cluster actuation. E.g. Pending, Running, Terminating, Failed etc. type: string readyReplicas: - description: The number of ready replicas for this MachinePool. A - machine is considered ready when the node has been created and is - "Ready". + description: readyReplicas is the number of ready replicas for this + MachinePool. A machine is considered ready when the node has been + created and is "Ready". format: int32 type: integer replicas: - description: Replicas is the most recently observed number of replicas. + description: replicas is the most recently observed number of replicas. format: int32 type: integer unavailableReplicas: description: |- - Total number of unavailable machine instances targeted by this machine pool. + unavailableReplicas is the total number of unavailable machine instances targeted by this machine pool. This is the total number of machine instances that are still required for the machine pool to have 100% available capacity. They may either be machine instances that are running but not yet available or machine instances @@ -9560,22 +11210,26 @@ data: metadata: type: object spec: - description: MachinePoolSpec defines the desired state of MachinePool. + description: spec is the desired state of MachinePool. properties: clusterName: - description: ClusterName is the name of the Cluster this object belongs + description: clusterName is the name of the Cluster this object belongs to. + maxLength: 63 minLength: 1 type: string failureDomains: - description: FailureDomains is the list of failure domains this MachinePool + description: failureDomains is the list of failure domains this MachinePool should be attached to. items: + maxLength: 256 + minLength: 1 type: string + maxItems: 100 type: array minReadySeconds: description: |- - Minimum number of seconds for which a newly created machine instances should + minReadySeconds is the minimum number of seconds for which a newly created machine instances should be ready. Defaults to 0 (machine instance will be considered available as soon as it is ready) @@ -9583,30 +11237,33 @@ data: type: integer providerIDList: description: |- - ProviderIDList are the identification IDs of machine instances provided by the provider. + providerIDList are the identification IDs of machine instances provided by the provider. This field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances. items: + maxLength: 512 + minLength: 1 type: string + maxItems: 10000 type: array replicas: description: |- - Number of desired machines. Defaults to 1. + replicas is the number of desired machines. Defaults to 1. This is a pointer to distinguish between explicit zero and not specified. format: int32 type: integer template: - description: Template describes the machines that will be created. + description: template describes the machines that will be created. properties: metadata: description: |- - Standard object's metadata. + metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata properties: annotations: additionalProperties: type: string description: |- - Annotations is an unstructured key value map stored with a resource that may be + annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations @@ -9615,7 +11272,7 @@ data: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels @@ -9623,17 +11280,17 @@ data: type: object spec: description: |- - Specification of the desired behavior of the machine. + spec is the specification of the desired behavior of the machine. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status properties: bootstrap: description: |- - Bootstrap is a reference to a local struct which encapsulates + bootstrap is a reference to a local struct which encapsulates fields to configure the Machine’s bootstrapping mechanism. properties: configRef: description: |- - ConfigRef is a reference to a bootstrap provider-specific resource + configRef is a reference to a bootstrap provider-specific resource that holds configuration details. The reference is optional to allow users/operators to specify Bootstrap.DataSecretName without the need of a controller. @@ -9650,7 +11307,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -9681,23 +11337,28 @@ data: x-kubernetes-map-type: atomic dataSecretName: description: |- - DataSecretName is the name of the secret that stores the bootstrap data script. + dataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine should remain in the Pending state. + maxLength: 253 + minLength: 0 type: string type: object clusterName: - description: ClusterName is the name of the Cluster this object + description: clusterName is the name of the Cluster this object belongs to. + maxLength: 63 minLength: 1 type: string failureDomain: description: |- - FailureDomain is the failure domain the machine will be created in. + failureDomain is the failure domain the machine will be created in. Must match a key in the FailureDomains map stored on the cluster object. + maxLength: 256 + minLength: 1 type: string infrastructureRef: description: |- - InfrastructureRef is a required reference to a custom resource + infrastructureRef is a required reference to a custom resource offered by an infrastructure provider. properties: apiVersion: @@ -9712,7 +11373,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -9743,24 +11403,24 @@ data: x-kubernetes-map-type: atomic nodeDeletionTimeout: description: |- - NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine + nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. Defaults to 10 seconds. type: string nodeDrainTimeout: description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. + nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` type: string nodeVolumeDetachTimeout: description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes + nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. type: string providerID: description: |- - ProviderID is the identification ID of the machine provided by the provider. + providerID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out @@ -9770,11 +11430,63 @@ data: and then a comparison is done to find out unregistered machines and are marked for delete. This field will be set by the actuators and consumed by higher level entities like autoscaler that will be interfacing with cluster-api as generic provider. + maxLength: 512 + minLength: 1 type: string + readinessGates: + description: |- + readinessGates specifies additional conditions to include when evaluating Machine Ready condition. + + This field can be used e.g. by Cluster API control plane providers to extend the semantic of the + Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates + for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc. + + Another example are external controllers, e.g. responsible to install special software/hardware on the Machines; + they can include the status of those components with a new condition and add this condition to ReadinessGates. + + NOTE: This field is considered only for computing v1beta2 conditions. + NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those + readiness gates condition are reporting the same message, when computing the Machine's Ready condition those + readinessGates will be replaced by a single entry reporting "Control plane components: " + message. + This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster). + items: + description: MachineReadinessGate contains the type of a + Machine condition to be used as a readiness gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Machine's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this readinessGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map version: description: |- - Version defines the desired Kubernetes version. + version defines the desired Kubernetes version. This field is meant to be optionally used by bootstrap providers. + maxLength: 256 + minLength: 1 type: string required: - bootstrap @@ -9787,54 +11499,61 @@ data: - template type: object status: - description: MachinePoolStatus defines the observed state of MachinePool. + description: status is the observed state of MachinePool. properties: availableReplicas: - description: The number of available replicas (ready for at least - minReadySeconds) for this MachinePool. + description: availableReplicas is the number of available replicas + (ready for at least minReadySeconds) for this MachinePool. format: int32 type: integer bootstrapReady: - description: BootstrapReady is the state of the bootstrap provider. + description: bootstrapReady is the state of the bootstrap provider. type: boolean conditions: - description: Conditions define the current service state of the MachinePool. + description: conditions define the current service state of the MachinePool. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string + This field may be empty. + maxLength: 256 + minLength: 1 + type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime @@ -9844,40 +11563,30 @@ data: type: array failureMessage: description: |- - FailureMessage indicates that there is a problem reconciling the state, + failureMessage indicates that there is a problem reconciling the state, and will be set to a descriptive error message. + + Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + maxLength: 10240 + minLength: 1 type: string failureReason: description: |- - FailureReason indicates that there is a problem reconciling the state, and + failureReason indicates that there is a problem reconciling the state, and will be set to a token value suitable for programmatic interpretation. + + Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. type: string infrastructureReady: - description: InfrastructureReady is the state of the infrastructure + description: infrastructureReady is the state of the infrastructure provider. type: boolean nodeRefs: - description: NodeRefs will point to the corresponding Nodes if it + description: nodeRefs will point to the corresponding Nodes if it they exist. items: - description: |- - ObjectReference contains enough information to let you inspect or modify the referred object. - --- - New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. - 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. - 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular - restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". - Those cannot be well described when embedded. - 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. - 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity - during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple - and the version of the actual struct is irrelevant. - 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type - will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. - - - Instead of using this type, create a locally provided and used type that is well-focused on your reference. - For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . + description: ObjectReference contains enough information to let + you inspect or modify the referred object. properties: apiVersion: description: API version of the referent. @@ -9891,7 +11600,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -9920,36 +11628,136 @@ data: type: string type: object x-kubernetes-map-type: atomic + maxItems: 10000 type: array observedGeneration: - description: ObservedGeneration is the latest generation observed + description: observedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: - description: |- - Phase represents the current phase of cluster actuation. - E.g. Pending, Running, Terminating, Failed etc. + description: phase represents the current phase of cluster actuation. + enum: + - Pending + - Provisioning + - Provisioned + - Running + - ScalingUp + - ScalingDown + - Scaling + - Deleting + - Failed + - Unknown type: string readyReplicas: - description: The number of ready replicas for this MachinePool. A - machine is considered ready when the node has been created and is - "Ready". + description: readyReplicas is the number of ready replicas for this + MachinePool. A machine is considered ready when the node has been + created and is "Ready". format: int32 type: integer replicas: - description: Replicas is the most recently observed number of replicas. + description: replicas is the most recently observed number of replicas. format: int32 type: integer unavailableReplicas: description: |- - Total number of unavailable machine instances targeted by this machine pool. + unavailableReplicas is the total number of unavailable machine instances targeted by this machine pool. This is the total number of machine instances that are still required for the machine pool to have 100% available capacity. They may either be machine instances that are running but not yet available or machine instances that still have not been created. + + Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. format: int32 type: integer + v1beta2: + description: v1beta2 groups all the fields that will be added or modified + in MachinePool's status with the V1Beta2 version. + properties: + availableReplicas: + description: availableReplicas is the number of available replicas + for this MachinePool. A machine is considered available when + Machine's Available condition is true. + format: int32 + type: integer + conditions: + description: |- + conditions represents the observations of a MachinePool's current state. + Known condition types are Available, BootstrapConfigReady, InfrastructureReady, MachinesReady, MachinesUpToDate, + ScalingUp, ScalingDown, Remediating, Deleting, Paused. + items: + description: Condition contains details for one aspect of the + current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + readyReplicas: + description: readyReplicas is the number of ready replicas for + this MachinePool. A machine is considered ready when Machine's + Ready condition is true. + format: int32 + type: integer + upToDateReplicas: + description: upToDateReplicas is the number of up-to-date replicas + targeted by this MachinePool. A machine is considered up-to-date + when Machine's UpToDate condition is true. + format: int32 + type: integer + type: object type: object type: object served: true @@ -9965,7 +11773,7 @@ data: metadata: annotations: cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 labels: cluster.x-k8s.io/provider: cluster-api name: machines.cluster.x-k8s.io @@ -10018,7 +11826,6 @@ data: description: |- Machine is the Schema for the machines API. - Deprecated: This type will be removed in one of the next releases. properties: apiVersion: @@ -10039,16 +11846,16 @@ data: metadata: type: object spec: - description: MachineSpec defines the desired state of Machine. + description: spec is the desired state of Machine. properties: bootstrap: description: |- - Bootstrap is a reference to a local struct which encapsulates + bootstrap is a reference to a local struct which encapsulates fields to configure the Machine’s bootstrapping mechanism. properties: configRef: description: |- - ConfigRef is a reference to a bootstrap provider-specific resource + configRef is a reference to a bootstrap provider-specific resource that holds configuration details. The reference is optional to allow users/operators to specify Bootstrap.Data without the need of a controller. @@ -10065,7 +11872,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -10096,31 +11902,30 @@ data: x-kubernetes-map-type: atomic data: description: |- - Data contains the bootstrap data, such as cloud-init details scripts. + data contains the bootstrap data, such as cloud-init details scripts. If nil, the Machine should remain in the Pending state. - Deprecated: Switch to DataSecretName. type: string dataSecretName: description: |- - DataSecretName is the name of the secret that stores the bootstrap data script. + dataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine should remain in the Pending state. type: string type: object clusterName: - description: ClusterName is the name of the Cluster this object belongs + description: clusterName is the name of the Cluster this object belongs to. minLength: 1 type: string failureDomain: description: |- - FailureDomain is the failure domain the machine will be created in. + failureDomain is the failure domain the machine will be created in. Must match a key in the FailureDomains map stored on the cluster object. type: string infrastructureRef: description: |- - InfrastructureRef is a required reference to a custom resource + infrastructureRef is a required reference to a custom resource offered by an infrastructure provider. properties: apiVersion: @@ -10135,7 +11940,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -10166,13 +11970,13 @@ data: x-kubernetes-map-type: atomic nodeDrainTimeout: description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. + nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` type: string providerID: description: |- - ProviderID is the identification ID of the machine provided by the provider. + providerID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out @@ -10185,7 +11989,7 @@ data: type: string version: description: |- - Version defines the desired Kubernetes version. + version defines the desired Kubernetes version. This field is meant to be optionally used by bootstrap providers. type: string required: @@ -10194,22 +11998,22 @@ data: - infrastructureRef type: object status: - description: MachineStatus defines the observed state of Machine. + description: status is the observed state of Machine. properties: addresses: description: |- - Addresses is a list of addresses assigned to the machine. + addresses is a list of addresses assigned to the machine. This field is copied from the infrastructure provider reference. items: description: MachineAddress contains information for the node's address. properties: address: - description: The machine address. + description: address is the machine address. type: string type: - description: Machine address type, one of Hostname, ExternalIP - or InternalIP. + description: type is the machine address type, one of Hostname, + ExternalIP or InternalIP. type: string required: - address @@ -10217,44 +12021,44 @@ data: type: object type: array bootstrapReady: - description: BootstrapReady is the state of the bootstrap provider. + description: bootstrapReady is the state of the bootstrap provider. type: boolean conditions: - description: Conditions defines current service state of the Machine. + description: conditions defines current service state of the Machine. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -10265,11 +12069,10 @@ data: type: array failureMessage: description: |- - FailureMessage will be set in the event that there is a terminal problem + failureMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption. - This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is @@ -10279,18 +12082,16 @@ data: spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. - Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output. type: string failureReason: description: |- - FailureReason will be set in the event that there is a terminal problem + failureReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation. - This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is @@ -10300,22 +12101,21 @@ data: spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. - Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output. type: string infrastructureReady: - description: InfrastructureReady is the state of the infrastructure + description: infrastructureReady is the state of the infrastructure provider. type: boolean lastUpdated: - description: LastUpdated identifies when the phase of the Machine + description: lastUpdated identifies when the phase of the Machine last transitioned. format: date-time type: string nodeRef: - description: NodeRef will point to the corresponding Node if it exists. + description: nodeRef will point to the corresponding Node if it exists. properties: apiVersion: description: API version of the referent. @@ -10329,7 +12129,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -10359,18 +12158,18 @@ data: type: object x-kubernetes-map-type: atomic observedGeneration: - description: ObservedGeneration is the latest generation observed + description: observedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: description: |- - Phase represents the current phase of machine actuation. + phase represents the current phase of machine actuation. E.g. Pending, Running, Terminating, Failed etc. type: string version: description: |- - Version specifies the current version of Kubernetes running + version specifies the current version of Kubernetes running on the corresponding Node. This is meant to be a means of bubbling up status from the Node to the Machine. It is entirely optional, but useful for end-user UX if it’s present. @@ -10414,7 +12213,6 @@ data: description: |- Machine is the Schema for the machines API. - Deprecated: This type will be removed in one of the next releases. properties: apiVersion: @@ -10435,16 +12233,16 @@ data: metadata: type: object spec: - description: MachineSpec defines the desired state of Machine. + description: spec is the desired state of Machine. properties: bootstrap: description: |- - Bootstrap is a reference to a local struct which encapsulates + bootstrap is a reference to a local struct which encapsulates fields to configure the Machine’s bootstrapping mechanism. properties: configRef: description: |- - ConfigRef is a reference to a bootstrap provider-specific resource + configRef is a reference to a bootstrap provider-specific resource that holds configuration details. The reference is optional to allow users/operators to specify Bootstrap.DataSecretName without the need of a controller. @@ -10461,7 +12259,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -10492,23 +12289,23 @@ data: x-kubernetes-map-type: atomic dataSecretName: description: |- - DataSecretName is the name of the secret that stores the bootstrap data script. + dataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine should remain in the Pending state. type: string type: object clusterName: - description: ClusterName is the name of the Cluster this object belongs + description: clusterName is the name of the Cluster this object belongs to. minLength: 1 type: string failureDomain: description: |- - FailureDomain is the failure domain the machine will be created in. + failureDomain is the failure domain the machine will be created in. Must match a key in the FailureDomains map stored on the cluster object. type: string infrastructureRef: description: |- - InfrastructureRef is a required reference to a custom resource + infrastructureRef is a required reference to a custom resource offered by an infrastructure provider. properties: apiVersion: @@ -10523,7 +12320,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -10554,13 +12350,13 @@ data: x-kubernetes-map-type: atomic nodeDrainTimeout: description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. + nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` type: string providerID: description: |- - ProviderID is the identification ID of the machine provided by the provider. + providerID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out @@ -10573,7 +12369,7 @@ data: type: string version: description: |- - Version defines the desired Kubernetes version. + version defines the desired Kubernetes version. This field is meant to be optionally used by bootstrap providers. type: string required: @@ -10582,22 +12378,22 @@ data: - infrastructureRef type: object status: - description: MachineStatus defines the observed state of Machine. + description: status is the observed state of Machine. properties: addresses: description: |- - Addresses is a list of addresses assigned to the machine. + addresses is a list of addresses assigned to the machine. This field is copied from the infrastructure provider reference. items: description: MachineAddress contains information for the node's address. properties: address: - description: The machine address. + description: address is the machine address. type: string type: - description: Machine address type, one of Hostname, ExternalIP - or InternalIP. + description: type is the machine address type, one of Hostname, + ExternalIP or InternalIP. type: string required: - address @@ -10605,44 +12401,44 @@ data: type: object type: array bootstrapReady: - description: BootstrapReady is the state of the bootstrap provider. + description: bootstrapReady is the state of the bootstrap provider. type: boolean conditions: - description: Conditions defines current service state of the Machine. + description: conditions defines current service state of the Machine. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -10653,11 +12449,10 @@ data: type: array failureMessage: description: |- - FailureMessage will be set in the event that there is a terminal problem + failureMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption. - This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is @@ -10667,18 +12462,16 @@ data: spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. - Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output. type: string failureReason: description: |- - FailureReason will be set in the event that there is a terminal problem + failureReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation. - This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is @@ -10688,23 +12481,22 @@ data: spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. - Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output. type: string infrastructureReady: - description: InfrastructureReady is the state of the infrastructure + description: infrastructureReady is the state of the infrastructure provider. type: boolean lastUpdated: - description: LastUpdated identifies when the phase of the Machine + description: lastUpdated identifies when the phase of the Machine last transitioned. format: date-time type: string nodeInfo: description: |- - NodeInfo is a set of ids/uuids to uniquely identify the node. + nodeInfo is a set of ids/uuids to uniquely identify the node. More info: https://kubernetes.io/docs/concepts/nodes/node/#info properties: architecture: @@ -10722,7 +12514,7 @@ data: (e.g. 3.16.0-0.bpo.4-amd64). type: string kubeProxyVersion: - description: KubeProxy Version reported by the node. + description: 'Deprecated: KubeProxy Version reported by the node.' type: string kubeletVersion: description: Kubelet Version reported by the node. @@ -10759,7 +12551,7 @@ data: - systemUUID type: object nodeRef: - description: NodeRef will point to the corresponding Node if it exists. + description: nodeRef will point to the corresponding Node if it exists. properties: apiVersion: description: API version of the referent. @@ -10773,7 +12565,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -10803,18 +12594,18 @@ data: type: object x-kubernetes-map-type: atomic observedGeneration: - description: ObservedGeneration is the latest generation observed + description: observedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: description: |- - Phase represents the current phase of machine actuation. + phase represents the current phase of machine actuation. E.g. Pending, Running, Terminating, Failed etc. type: string version: description: |- - Version specifies the current version of Kubernetes running + version specifies the current version of Kubernetes running on the corresponding Node. This is meant to be a means of bubbling up status from the Node to the Machine. It is entirely optional, but useful for end-user UX if it’s present. @@ -10873,16 +12664,16 @@ data: metadata: type: object spec: - description: MachineSpec defines the desired state of Machine. + description: spec is the desired state of Machine. properties: bootstrap: description: |- - Bootstrap is a reference to a local struct which encapsulates + bootstrap is a reference to a local struct which encapsulates fields to configure the Machine’s bootstrapping mechanism. properties: configRef: description: |- - ConfigRef is a reference to a bootstrap provider-specific resource + configRef is a reference to a bootstrap provider-specific resource that holds configuration details. The reference is optional to allow users/operators to specify Bootstrap.DataSecretName without the need of a controller. @@ -10899,7 +12690,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -10930,23 +12720,28 @@ data: x-kubernetes-map-type: atomic dataSecretName: description: |- - DataSecretName is the name of the secret that stores the bootstrap data script. + dataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine should remain in the Pending state. + maxLength: 253 + minLength: 0 type: string type: object clusterName: - description: ClusterName is the name of the Cluster this object belongs + description: clusterName is the name of the Cluster this object belongs to. + maxLength: 63 minLength: 1 type: string failureDomain: description: |- - FailureDomain is the failure domain the machine will be created in. + failureDomain is the failure domain the machine will be created in. Must match a key in the FailureDomains map stored on the cluster object. + maxLength: 256 + minLength: 1 type: string infrastructureRef: description: |- - InfrastructureRef is a required reference to a custom resource + infrastructureRef is a required reference to a custom resource offered by an infrastructure provider. properties: apiVersion: @@ -10961,7 +12756,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -10992,24 +12786,24 @@ data: x-kubernetes-map-type: atomic nodeDeletionTimeout: description: |- - NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine + nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. Defaults to 10 seconds. type: string nodeDrainTimeout: description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. + nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` type: string nodeVolumeDetachTimeout: description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes + nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. type: string providerID: description: |- - ProviderID is the identification ID of the machine provided by the provider. + providerID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out @@ -11019,11 +12813,63 @@ data: and then a comparison is done to find out unregistered machines and are marked for delete. This field will be set by the actuators and consumed by higher level entities like autoscaler that will be interfacing with cluster-api as generic provider. + maxLength: 512 + minLength: 1 type: string + readinessGates: + description: |- + readinessGates specifies additional conditions to include when evaluating Machine Ready condition. + + This field can be used e.g. by Cluster API control plane providers to extend the semantic of the + Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates + for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc. + + Another example are external controllers, e.g. responsible to install special software/hardware on the Machines; + they can include the status of those components with a new condition and add this condition to ReadinessGates. + + NOTE: This field is considered only for computing v1beta2 conditions. + NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those + readiness gates condition are reporting the same message, when computing the Machine's Ready condition those + readinessGates will be replaced by a single entry reporting "Control plane components: " + message. + This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster). + items: + description: MachineReadinessGate contains the type of a Machine + condition to be used as a readiness gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Machine's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this readinessGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map version: description: |- - Version defines the desired Kubernetes version. + version defines the desired Kubernetes version. This field is meant to be optionally used by bootstrap providers. + maxLength: 256 + minLength: 1 type: string required: - bootstrap @@ -11031,22 +12877,30 @@ data: - infrastructureRef type: object status: - description: MachineStatus defines the observed state of Machine. + description: status is the observed state of Machine. properties: addresses: description: |- - Addresses is a list of addresses assigned to the machine. + addresses is a list of addresses assigned to the machine. This field is copied from the infrastructure provider reference. items: description: MachineAddress contains information for the node's address. properties: address: - description: The machine address. + description: address is the machine address. + maxLength: 256 + minLength: 1 type: string type: - description: Machine address type, one of Hostname, ExternalIP, - InternalIP, ExternalDNS or InternalDNS. + description: type is the machine address type, one of Hostname, + ExternalIP, InternalIP, ExternalDNS or InternalDNS. + enum: + - Hostname + - ExternalIP + - InternalIP + - ExternalDNS + - InternalDNS type: string required: - address @@ -11054,52 +12908,59 @@ data: type: object type: array bootstrapReady: - description: BootstrapReady is the state of the bootstrap provider. + description: bootstrapReady is the state of the bootstrap provider. type: boolean certificatesExpiryDate: description: |- - CertificatesExpiryDate is the expiry date of the machine certificates. + certificatesExpiryDate is the expiry date of the machine certificates. This value is only set for control plane machines. format: date-time type: string conditions: - description: Conditions defines current service state of the Machine. + description: conditions defines current service state of the Machine. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. + maxLength: 256 + minLength: 1 type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime @@ -11107,13 +12968,34 @@ data: - type type: object type: array + deletion: + description: |- + deletion contains information relating to removal of the Machine. + Only present when the Machine has a deletionTimestamp and drain or wait for volume detach started. + properties: + nodeDrainStartTime: + description: |- + nodeDrainStartTime is the time when the drain of the node started and is used to determine + if the NodeDrainTimeout is exceeded. + Only present when the Machine has a deletionTimestamp and draining the node had been started. + format: date-time + type: string + waitForNodeVolumeDetachStartTime: + description: |- + waitForNodeVolumeDetachStartTime is the time when waiting for volume detachment started + and is used to determine if the NodeVolumeDetachTimeout is exceeded. + Detaching volumes from nodes is usually done by CSI implementations and the current state + is observed from the node's `.Status.VolumesAttached` field. + Only present when the Machine has a deletionTimestamp and waiting for volume detachments had been started. + format: date-time + type: string + type: object failureMessage: description: |- - FailureMessage will be set in the event that there is a terminal problem + failureMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption. - This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is @@ -11123,18 +13005,20 @@ data: spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. - Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output. + + Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + maxLength: 10240 + minLength: 1 type: string failureReason: description: |- - FailureReason will be set in the event that there is a terminal problem + failureReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation. - This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is @@ -11144,23 +13028,24 @@ data: spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. - Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output. + + Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. type: string infrastructureReady: - description: InfrastructureReady is the state of the infrastructure + description: infrastructureReady is the state of the infrastructure provider. type: boolean lastUpdated: - description: LastUpdated identifies when the phase of the Machine + description: lastUpdated identifies when the phase of the Machine last transitioned. format: date-time type: string nodeInfo: description: |- - NodeInfo is a set of ids/uuids to uniquely identify the node. + nodeInfo is a set of ids/uuids to uniquely identify the node. More info: https://kubernetes.io/docs/concepts/nodes/node/#info properties: architecture: @@ -11178,7 +13063,7 @@ data: (e.g. 3.16.0-0.bpo.4-amd64). type: string kubeProxyVersion: - description: KubeProxy Version reported by the node. + description: 'Deprecated: KubeProxy Version reported by the node.' type: string kubeletVersion: description: Kubelet Version reported by the node. @@ -11215,7 +13100,7 @@ data: - systemUUID type: object nodeRef: - description: NodeRef will point to the corresponding Node if it exists. + description: nodeRef will point to the corresponding Node if it exists. properties: apiVersion: description: API version of the referent. @@ -11229,7 +13114,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -11259,15 +13143,95 @@ data: type: object x-kubernetes-map-type: atomic observedGeneration: - description: ObservedGeneration is the latest generation observed + description: observedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: - description: |- - Phase represents the current phase of machine actuation. - E.g. Pending, Running, Terminating, Failed etc. + description: phase represents the current phase of machine actuation. + enum: + - Pending + - Provisioning + - Provisioned + - Running + - Deleting + - Deleted + - Failed + - Unknown type: string + v1beta2: + description: v1beta2 groups all the fields that will be added or modified + in Machine's status with the V1Beta2 version. + properties: + conditions: + description: |- + conditions represents the observations of a Machine's current state. + Known condition types are Available, Ready, UpToDate, BootstrapConfigReady, InfrastructureReady, NodeReady, + NodeHealthy, Deleting, Paused. + If a MachineHealthCheck is targeting this machine, also HealthCheckSucceeded, OwnerRemediated conditions are added. + Additionally control plane Machines controlled by KubeadmControlPlane will have following additional conditions: + APIServerPodHealthy, ControllerManagerPodHealthy, SchedulerPodHealthy, EtcdPodHealthy, EtcdMemberHealthy. + items: + description: Condition contains details for one aspect of the + current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object type: object type: object served: true @@ -11280,7 +13244,7 @@ data: metadata: annotations: cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 labels: cluster.x-k8s.io/provider: cluster-api name: machinesets.cluster.x-k8s.io @@ -11328,7 +13292,6 @@ data: description: |- MachineSet is the Schema for the machinesets API. - Deprecated: This type will be removed in one of the next releases. properties: apiVersion: @@ -11349,16 +13312,16 @@ data: metadata: type: object spec: - description: MachineSetSpec defines the desired state of MachineSet. + description: spec is the desired state of MachineSet. properties: clusterName: - description: ClusterName is the name of the Cluster this object belongs + description: clusterName is the name of the Cluster this object belongs to. minLength: 1 type: string deletePolicy: description: |- - DeletePolicy defines the policy used to identify nodes to delete when downscaling. + deletePolicy defines the policy used to identify nodes to delete when downscaling. Defaults to "Random". Valid values are "Random, "Newest", "Oldest" enum: - Random @@ -11367,20 +13330,20 @@ data: type: string minReadySeconds: description: |- - MinReadySeconds is the minimum number of seconds for which a newly created machine should be ready. + minReadySeconds is the minimum number of seconds for which a newly created machine should be ready. Defaults to 0 (machine will be considered available as soon as it is ready) format: int32 type: integer replicas: description: |- - Replicas is the number of desired replicas. + replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified. Defaults to 1. format: int32 type: integer selector: description: |- - Selector is a label query over machines that should match the replica count. + selector is a label query over machines that should match the replica count. Label keys and values that must match in order to be controlled by this MachineSet. It must match the machine template's labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors @@ -11430,27 +13393,27 @@ data: x-kubernetes-map-type: atomic template: description: |- - Template is the object that describes the machine that will be created if + template is the object that describes the machine that will be created if insufficient replicas are detected. Object references to custom resources are treated as templates. properties: metadata: description: |- - Standard object's metadata. + metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata properties: annotations: additionalProperties: type: string description: |- - Annotations is an unstructured key value map stored with a resource that may be + annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations type: object generateName: description: |- - GenerateName is an optional prefix, used by the server, to generate a unique + generateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. @@ -11458,63 +13421,56 @@ data: and may be truncated by the length of the suffix required to make the value unique on the server. - If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). - Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency - Deprecated: This field has no function and is going to be removed in a next release. type: string labels: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels type: object name: description: |- - Name must be unique within a namespace. Is required when creating resources, although + name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names - Deprecated: This field has no function and is going to be removed in a next release. type: string namespace: description: |- - Namespace defines the space within each name must be unique. An empty namespace is + namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. - Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces - Deprecated: This field has no function and is going to be removed in a next release. type: string ownerReferences: description: |- - List of objects depended by this object. If ALL objects in the list have + ownerReferences is the list of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. - Deprecated: This field has no function and is going to be removed in a next release. items: description: |- @@ -11566,17 +13522,17 @@ data: type: object spec: description: |- - Specification of the desired behavior of the machine. + spec is the specification of the desired behavior of the machine. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status properties: bootstrap: description: |- - Bootstrap is a reference to a local struct which encapsulates + bootstrap is a reference to a local struct which encapsulates fields to configure the Machine’s bootstrapping mechanism. properties: configRef: description: |- - ConfigRef is a reference to a bootstrap provider-specific resource + configRef is a reference to a bootstrap provider-specific resource that holds configuration details. The reference is optional to allow users/operators to specify Bootstrap.Data without the need of a controller. @@ -11593,7 +13549,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -11624,31 +13579,30 @@ data: x-kubernetes-map-type: atomic data: description: |- - Data contains the bootstrap data, such as cloud-init details scripts. + data contains the bootstrap data, such as cloud-init details scripts. If nil, the Machine should remain in the Pending state. - Deprecated: Switch to DataSecretName. type: string dataSecretName: description: |- - DataSecretName is the name of the secret that stores the bootstrap data script. + dataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine should remain in the Pending state. type: string type: object clusterName: - description: ClusterName is the name of the Cluster this object + description: clusterName is the name of the Cluster this object belongs to. minLength: 1 type: string failureDomain: description: |- - FailureDomain is the failure domain the machine will be created in. + failureDomain is the failure domain the machine will be created in. Must match a key in the FailureDomains map stored on the cluster object. type: string infrastructureRef: description: |- - InfrastructureRef is a required reference to a custom resource + infrastructureRef is a required reference to a custom resource offered by an infrastructure provider. properties: apiVersion: @@ -11663,7 +13617,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -11694,13 +13647,13 @@ data: x-kubernetes-map-type: atomic nodeDrainTimeout: description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. + nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` type: string providerID: description: |- - ProviderID is the identification ID of the machine provided by the provider. + providerID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out @@ -11713,7 +13666,7 @@ data: type: string version: description: |- - Version defines the desired Kubernetes version. + version defines the desired Kubernetes version. This field is meant to be optionally used by bootstrap providers. type: string required: @@ -11727,24 +13680,31 @@ data: - selector type: object status: - description: MachineSetStatus defines the observed state of MachineSet. + description: status is the observed state of MachineSet. properties: availableReplicas: - description: The number of available replicas (ready for at least - minReadySeconds) for this MachineSet. + description: availableReplicas is the number of available replicas + (ready for at least minReadySeconds) for this MachineSet. format: int32 type: integer failureMessage: + description: |- + failureMessage will be set in the event that there is a terminal problem + reconciling the Machine and will contain a more verbose string suitable + for logging and human consumption. type: string failureReason: description: |- + failureReason will be set in the event that there is a terminal problem + reconciling the Machine and will contain a succinct value suitable + for machine interpretation. + In the event that there is a terminal problem reconciling the replicas, both FailureReason and FailureMessage will be set. FailureReason will be populated with a succinct value suitable for machine interpretation, while FailureMessage will contain a more verbose string suitable for logging and human consumption. - These fields should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is @@ -11754,33 +13714,33 @@ data: spec, values that are unsupported by the machine controller, or the responsible machine controller itself being critically misconfigured. - Any transient errors that occur during the reconciliation of Machines can be added as events to the MachineSet object and/or logged in the controller's output. type: string fullyLabeledReplicas: - description: The number of replicas that have labels matching the - labels of the machine template of the MachineSet. + description: fullyLabeledReplicas is the number of replicas that have + labels matching the labels of the machine template of the MachineSet. format: int32 type: integer observedGeneration: - description: ObservedGeneration reflects the generation of the most + description: observedGeneration reflects the generation of the most recently observed MachineSet. format: int64 type: integer readyReplicas: - description: The number of ready replicas for this MachineSet. A machine - is considered ready when the node has been created and is "Ready". + description: readyReplicas is the number of ready replicas for this + MachineSet. A machine is considered ready when the node has been + created and is "Ready". format: int32 type: integer replicas: - description: Replicas is the most recently observed number of replicas. + description: replicas is the most recently observed number of replicas. format: int32 type: integer selector: description: |- - Selector is the same as the label selector but in the string format to avoid introspection + selector is the same as the label selector but in the string format to avoid introspection by clients. The string will be in the same format as the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors type: string @@ -11822,7 +13782,6 @@ data: description: |- MachineSet is the Schema for the machinesets API. - Deprecated: This type will be removed in one of the next releases. properties: apiVersion: @@ -11843,16 +13802,16 @@ data: metadata: type: object spec: - description: MachineSetSpec defines the desired state of MachineSet. + description: spec is the desired state of MachineSet. properties: clusterName: - description: ClusterName is the name of the Cluster this object belongs + description: clusterName is the name of the Cluster this object belongs to. minLength: 1 type: string deletePolicy: description: |- - DeletePolicy defines the policy used to identify nodes to delete when downscaling. + deletePolicy defines the policy used to identify nodes to delete when downscaling. Defaults to "Random". Valid values are "Random, "Newest", "Oldest" enum: - Random @@ -11861,21 +13820,21 @@ data: type: string minReadySeconds: description: |- - MinReadySeconds is the minimum number of seconds for which a newly created machine should be ready. + minReadySeconds is the minimum number of seconds for which a newly created machine should be ready. Defaults to 0 (machine will be considered available as soon as it is ready) format: int32 type: integer replicas: default: 1 description: |- - Replicas is the number of desired replicas. + replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified. Defaults to 1. format: int32 type: integer selector: description: |- - Selector is a label query over machines that should match the replica count. + selector is a label query over machines that should match the replica count. Label keys and values that must match in order to be controlled by this MachineSet. It must match the machine template's labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors @@ -11925,20 +13884,20 @@ data: x-kubernetes-map-type: atomic template: description: |- - Template is the object that describes the machine that will be created if + template is the object that describes the machine that will be created if insufficient replicas are detected. Object references to custom resources are treated as templates. properties: metadata: description: |- - Standard object's metadata. + metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata properties: annotations: additionalProperties: type: string description: |- - Annotations is an unstructured key value map stored with a resource that may be + annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations @@ -11947,7 +13906,7 @@ data: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels @@ -11955,17 +13914,17 @@ data: type: object spec: description: |- - Specification of the desired behavior of the machine. + spec is the specification of the desired behavior of the machine. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status properties: bootstrap: description: |- - Bootstrap is a reference to a local struct which encapsulates + bootstrap is a reference to a local struct which encapsulates fields to configure the Machine’s bootstrapping mechanism. properties: configRef: description: |- - ConfigRef is a reference to a bootstrap provider-specific resource + configRef is a reference to a bootstrap provider-specific resource that holds configuration details. The reference is optional to allow users/operators to specify Bootstrap.DataSecretName without the need of a controller. @@ -11982,7 +13941,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -12013,23 +13971,23 @@ data: x-kubernetes-map-type: atomic dataSecretName: description: |- - DataSecretName is the name of the secret that stores the bootstrap data script. + dataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine should remain in the Pending state. type: string type: object clusterName: - description: ClusterName is the name of the Cluster this object + description: clusterName is the name of the Cluster this object belongs to. minLength: 1 type: string failureDomain: description: |- - FailureDomain is the failure domain the machine will be created in. + failureDomain is the failure domain the machine will be created in. Must match a key in the FailureDomains map stored on the cluster object. type: string infrastructureRef: description: |- - InfrastructureRef is a required reference to a custom resource + infrastructureRef is a required reference to a custom resource offered by an infrastructure provider. properties: apiVersion: @@ -12044,7 +14002,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -12075,13 +14032,13 @@ data: x-kubernetes-map-type: atomic nodeDrainTimeout: description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. + nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` type: string providerID: description: |- - ProviderID is the identification ID of the machine provided by the provider. + providerID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out @@ -12094,7 +14051,7 @@ data: type: string version: description: |- - Version defines the desired Kubernetes version. + version defines the desired Kubernetes version. This field is meant to be optionally used by bootstrap providers. type: string required: @@ -12108,49 +14065,49 @@ data: - selector type: object status: - description: MachineSetStatus defines the observed state of MachineSet. + description: status is the observed state of MachineSet. properties: availableReplicas: - description: The number of available replicas (ready for at least - minReadySeconds) for this MachineSet. + description: availableReplicas is the number of available replicas + (ready for at least minReadySeconds) for this MachineSet. format: int32 type: integer conditions: - description: Conditions defines current service state of the MachineSet. + description: conditions defines current service state of the MachineSet. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -12160,16 +14117,23 @@ data: type: object type: array failureMessage: + description: |- + failureMessage will be set in the event that there is a terminal problem + reconciling the Machine and will contain a more verbose string suitable + for logging and human consumption. type: string failureReason: description: |- + failureReason will be set in the event that there is a terminal problem + reconciling the Machine and will contain a succinct value suitable + for machine interpretation. + In the event that there is a terminal problem reconciling the replicas, both FailureReason and FailureMessage will be set. FailureReason will be populated with a succinct value suitable for machine interpretation, while FailureMessage will contain a more verbose string suitable for logging and human consumption. - These fields should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is @@ -12179,33 +14143,33 @@ data: spec, values that are unsupported by the machine controller, or the responsible machine controller itself being critically misconfigured. - Any transient errors that occur during the reconciliation of Machines can be added as events to the MachineSet object and/or logged in the controller's output. type: string fullyLabeledReplicas: - description: The number of replicas that have labels matching the - labels of the machine template of the MachineSet. + description: fullyLabeledReplicas is the number of replicas that have + labels matching the labels of the machine template of the MachineSet. format: int32 type: integer observedGeneration: - description: ObservedGeneration reflects the generation of the most + description: observedGeneration reflects the generation of the most recently observed MachineSet. format: int64 type: integer readyReplicas: - description: The number of ready replicas for this MachineSet. A machine - is considered ready when the node has been created and is "Ready". + description: readyReplicas is the number of ready replicas for this + MachineSet. A machine is considered ready when the node has been + created and is "Ready". format: int32 type: integer replicas: - description: Replicas is the most recently observed number of replicas. + description: replicas is the most recently observed number of replicas. format: int32 type: integer selector: description: |- - Selector is the same as the label selector but in the string format to avoid introspection + selector is the same as the label selector but in the string format to avoid introspection by clients. The string will be in the same format as the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors type: string @@ -12272,34 +14236,61 @@ data: metadata: type: object spec: - description: MachineSetSpec defines the desired state of MachineSet. + description: spec is the desired state of MachineSet. properties: clusterName: - description: ClusterName is the name of the Cluster this object belongs + description: clusterName is the name of the Cluster this object belongs to. + maxLength: 63 minLength: 1 type: string deletePolicy: description: |- - DeletePolicy defines the policy used to identify nodes to delete when downscaling. + deletePolicy defines the policy used to identify nodes to delete when downscaling. Defaults to "Random". Valid values are "Random, "Newest", "Oldest" enum: - Random - Newest - Oldest type: string + machineNamingStrategy: + description: |- + machineNamingStrategy allows changing the naming pattern used when creating Machines. + Note: InfraMachines & BootstrapConfigs will use the same name as the corresponding Machines. + properties: + template: + description: |- + template defines the template to use for generating the names of the + Machine objects. + If not defined, it will fallback to `{{ .machineSet.name }}-{{ .random }}`. + If the generated name string exceeds 63 characters, it will be trimmed to + 58 characters and will + get concatenated with a random suffix of length 5. + Length of the template string must not exceed 256 characters. + The template allows the following variables `.cluster.name`, + `.machineSet.name` and `.random`. + The variable `.cluster.name` retrieves the name of the cluster object + that owns the Machines being created. + The variable `.machineSet.name` retrieves the name of the MachineSet + object that owns the Machines being created. + The variable `.random` is substituted with random alphanumeric string, + without vowels, of length 5. This variable is required part of the + template. If not provided, validation will fail. + maxLength: 256 + minLength: 1 + type: string + type: object minReadySeconds: description: |- - MinReadySeconds is the minimum number of seconds for which a Node for a newly created machine should be ready before considering the replica available. + minReadySeconds is the minimum number of seconds for which a Node for a newly created machine should be ready before considering the replica available. Defaults to 0 (machine will be considered available as soon as the Node is ready) format: int32 type: integer replicas: description: |- - Replicas is the number of desired replicas. + replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified. - Defaults to: * if the Kubernetes autoscaler min size and max size annotations are set: - if it's a new MachineSet, use min size @@ -12318,7 +14309,7 @@ data: type: integer selector: description: |- - Selector is a label query over machines that should match the replica count. + selector is a label query over machines that should match the replica count. Label keys and values that must match in order to be controlled by this MachineSet. It must match the machine template's labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors @@ -12368,20 +14359,20 @@ data: x-kubernetes-map-type: atomic template: description: |- - Template is the object that describes the machine that will be created if + template is the object that describes the machine that will be created if insufficient replicas are detected. Object references to custom resources are treated as templates. properties: metadata: description: |- - Standard object's metadata. + metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata properties: annotations: additionalProperties: type: string description: |- - Annotations is an unstructured key value map stored with a resource that may be + annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations @@ -12390,7 +14381,7 @@ data: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels @@ -12398,17 +14389,17 @@ data: type: object spec: description: |- - Specification of the desired behavior of the machine. + spec is the specification of the desired behavior of the machine. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status properties: bootstrap: description: |- - Bootstrap is a reference to a local struct which encapsulates + bootstrap is a reference to a local struct which encapsulates fields to configure the Machine’s bootstrapping mechanism. properties: configRef: description: |- - ConfigRef is a reference to a bootstrap provider-specific resource + configRef is a reference to a bootstrap provider-specific resource that holds configuration details. The reference is optional to allow users/operators to specify Bootstrap.DataSecretName without the need of a controller. @@ -12425,7 +14416,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -12456,23 +14446,28 @@ data: x-kubernetes-map-type: atomic dataSecretName: description: |- - DataSecretName is the name of the secret that stores the bootstrap data script. + dataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine should remain in the Pending state. + maxLength: 253 + minLength: 0 type: string type: object clusterName: - description: ClusterName is the name of the Cluster this object + description: clusterName is the name of the Cluster this object belongs to. + maxLength: 63 minLength: 1 type: string failureDomain: description: |- - FailureDomain is the failure domain the machine will be created in. + failureDomain is the failure domain the machine will be created in. Must match a key in the FailureDomains map stored on the cluster object. + maxLength: 256 + minLength: 1 type: string infrastructureRef: description: |- - InfrastructureRef is a required reference to a custom resource + infrastructureRef is a required reference to a custom resource offered by an infrastructure provider. properties: apiVersion: @@ -12487,7 +14482,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -12518,24 +14512,24 @@ data: x-kubernetes-map-type: atomic nodeDeletionTimeout: description: |- - NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine + nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. Defaults to 10 seconds. type: string nodeDrainTimeout: description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. + nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` type: string nodeVolumeDetachTimeout: description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes + nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. type: string providerID: description: |- - ProviderID is the identification ID of the machine provided by the provider. + providerID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out @@ -12545,11 +14539,63 @@ data: and then a comparison is done to find out unregistered machines and are marked for delete. This field will be set by the actuators and consumed by higher level entities like autoscaler that will be interfacing with cluster-api as generic provider. + maxLength: 512 + minLength: 1 type: string + readinessGates: + description: |- + readinessGates specifies additional conditions to include when evaluating Machine Ready condition. + + This field can be used e.g. by Cluster API control plane providers to extend the semantic of the + Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates + for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc. + + Another example are external controllers, e.g. responsible to install special software/hardware on the Machines; + they can include the status of those components with a new condition and add this condition to ReadinessGates. + + NOTE: This field is considered only for computing v1beta2 conditions. + NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those + readiness gates condition are reporting the same message, when computing the Machine's Ready condition those + readinessGates will be replaced by a single entry reporting "Control plane components: " + message. + This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster). + items: + description: MachineReadinessGate contains the type of a + Machine condition to be used as a readiness gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Machine's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this readinessGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map version: description: |- - Version defines the desired Kubernetes version. + version defines the desired Kubernetes version. This field is meant to be optionally used by bootstrap providers. + maxLength: 256 + minLength: 1 type: string required: - bootstrap @@ -12562,51 +14608,58 @@ data: - selector type: object status: - description: MachineSetStatus defines the observed state of MachineSet. + description: status is the observed state of MachineSet. properties: availableReplicas: - description: The number of available replicas (ready for at least - minReadySeconds) for this MachineSet. + description: availableReplicas is the number of available replicas + (ready for at least minReadySeconds) for this MachineSet. format: int32 type: integer conditions: - description: Conditions defines current service state of the MachineSet. + description: conditions defines current service state of the MachineSet. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. + maxLength: 256 + minLength: 1 type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime @@ -12615,16 +14668,27 @@ data: type: object type: array failureMessage: + description: |- + failureMessage will be set in the event that there is a terminal problem + reconciling the Machine and will contain a more verbose string suitable + for logging and human consumption. + + Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + maxLength: 10240 + minLength: 1 type: string failureReason: description: |- + failureReason will be set in the event that there is a terminal problem + reconciling the Machine and will contain a succinct value suitable + for machine interpretation. + In the event that there is a terminal problem reconciling the replicas, both FailureReason and FailureMessage will be set. FailureReason will be populated with a succinct value suitable for machine interpretation, while FailureMessage will contain a more verbose string suitable for logging and human consumption. - These fields should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is @@ -12634,36 +14698,129 @@ data: spec, values that are unsupported by the machine controller, or the responsible machine controller itself being critically misconfigured. - Any transient errors that occur during the reconciliation of Machines can be added as events to the MachineSet object and/or logged in the controller's output. + + Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. type: string fullyLabeledReplicas: - description: The number of replicas that have labels matching the - labels of the machine template of the MachineSet. + description: |- + fullyLabeledReplicas is the number of replicas that have labels matching the labels of the machine template of the MachineSet. + + Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. format: int32 type: integer observedGeneration: - description: ObservedGeneration reflects the generation of the most + description: observedGeneration reflects the generation of the most recently observed MachineSet. format: int64 type: integer readyReplicas: - description: The number of ready replicas for this MachineSet. A machine - is considered ready when the node has been created and is "Ready". + description: readyReplicas is the number of ready replicas for this + MachineSet. A machine is considered ready when the node has been + created and is "Ready". format: int32 type: integer replicas: - description: Replicas is the most recently observed number of replicas. + description: replicas is the most recently observed number of replicas. format: int32 type: integer selector: description: |- - Selector is the same as the label selector but in the string format to avoid introspection + selector is the same as the label selector but in the string format to avoid introspection by clients. The string will be in the same format as the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors + maxLength: 4096 + minLength: 1 type: string + v1beta2: + description: v1beta2 groups all the fields that will be added or modified + in MachineSet's status with the V1Beta2 version. + properties: + availableReplicas: + description: availableReplicas is the number of available replicas + for this MachineSet. A machine is considered available when + Machine's Available condition is true. + format: int32 + type: integer + conditions: + description: |- + conditions represents the observations of a MachineSet's current state. + Known condition types are MachinesReady, MachinesUpToDate, ScalingUp, ScalingDown, Remediating, Deleting, Paused. + items: + description: Condition contains details for one aspect of the + current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + readyReplicas: + description: readyReplicas is the number of ready replicas for + this MachineSet. A machine is considered ready when Machine's + Ready condition is true. + format: int32 + type: integer + upToDateReplicas: + description: upToDateReplicas is the number of up-to-date replicas + for this MachineSet. A machine is considered up-to-date when + Machine's UpToDate condition is true. + format: int32 + type: integer + type: object type: object type: object served: true @@ -12730,6 +14887,23 @@ data: cluster.x-k8s.io/provider: cluster-api name: capi-manager-role rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch - apiGroups: - "" resources: @@ -12739,9 +14913,9 @@ data: - list - watch - apiGroups: - - addons.cluster.x-k8s.io + - "" resources: - - '*' + - secrets verbs: - create - delete @@ -12753,11 +14927,27 @@ data: - apiGroups: - addons.cluster.x-k8s.io resources: + - clusterresourcesets/finalizers - clusterresourcesets/status verbs: - get - patch - update + - apiGroups: + - addons.cluster.x-k8s.io + - bootstrap.cluster.x-k8s.io + - controlplane.cluster.x-k8s.io + - infrastructure.cluster.x-k8s.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - apiextensions.k8s.io resources: @@ -12766,6 +14956,28 @@ data: - get - list - watch + - apiGroups: + - apiextensions.k8s.io + resourceNames: + - clusterclasses.cluster.x-k8s.io + - clusterresourcesetbindings.addons.cluster.x-k8s.io + - clusterresourcesets.addons.cluster.x-k8s.io + - clusters.cluster.x-k8s.io + - extensionconfigs.runtime.cluster.x-k8s.io + - ipaddressclaims.ipam.cluster.x-k8s.io + - ipaddresses.ipam.cluster.x-k8s.io + - machinedeployments.cluster.x-k8s.io + - machinedrainrules.cluster.x-k8s.io + - machinehealthchecks.cluster.x-k8s.io + - machinepools.cluster.x-k8s.io + - machines.cluster.x-k8s.io + - machinesets.cluster.x-k8s.io + resources: + - customresourcedefinitions + - customresourcedefinitions/status + verbs: + - patch + - update - apiGroups: - authentication.k8s.io resources: @@ -12778,67 +14990,17 @@ data: - subjectaccessreviews verbs: - create - - apiGroups: - - bootstrap.cluster.x-k8s.io - - controlplane.cluster.x-k8s.io - - infrastructure.cluster.x-k8s.io - resources: - - '*' - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - bootstrap.cluster.x-k8s.io - - infrastructure.cluster.x-k8s.io - resources: - - '*' - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - clusterclasses - verbs: - - get - - list - - patch - - update - - watch - apiGroups: - cluster.x-k8s.io resources: - clusterclasses - clusterclasses/status - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - clusters - verbs: - - get - - list - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - clusters + - clusters/finalizers - clusters/status + - machinedrainrules + - machinehealthchecks/finalizers + - machinehealthchecks/status verbs: - get - list @@ -12849,102 +15011,17 @@ data: - cluster.x-k8s.io resources: - machinedeployments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - machinedeployments + - machinedeployments/finalizers - machinedeployments/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - machinehealthchecks - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - machinehealthchecks - - machinehealthchecks/status - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - machinepools - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - machinepools + - machinepools/finalizers - machinepools/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - machines + - machines/finalizers - machines/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - machinesets - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - machinesets + - machinesets/finalizers - machinesets/status verbs: - create @@ -12955,9 +15032,10 @@ data: - update - watch - apiGroups: - - "" + - ipam.cluster.x-k8s.io resources: - - configmaps + - ipaddressclaims + - ipaddresses verbs: - get - list @@ -12965,32 +15043,12 @@ data: - update - watch - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - "" + - ipam.cluster.x-k8s.io resources: - - secrets + - ipaddressclaims/status verbs: - - create - - delete - - get - - list - patch - update - - watch - - apiGroups: - - ipam.cluster.x-k8s.io - resources: - - ipaddressclaims - verbs: - - get - - list - - watch - apiGroups: - runtime.cluster.x-k8s.io resources: @@ -13073,8 +15131,7 @@ data: - --leader-elect - --diagnostics-address=${CAPI_DIAGNOSTICS_ADDRESS:=:8443} - --insecure-diagnostics=${CAPI_INSECURE_DIAGNOSTICS:=false} - - --use-deprecated-infra-machine-naming=${CAPI_USE_DEPRECATED_INFRA_MACHINE_NAMING:=false} - - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=true},ClusterResourceSet=${EXP_CLUSTER_RESOURCE_SET:=true},ClusterTopology=${CLUSTER_TOPOLOGY:=false},RuntimeSDK=${EXP_RUNTIME_SDK:=false},MachineSetPreflightChecks=${EXP_MACHINE_SET_PREFLIGHT_CHECKS:=false} + - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=true},ClusterResourceSet=${EXP_CLUSTER_RESOURCE_SET:=true},ClusterTopology=${CLUSTER_TOPOLOGY:=false},RuntimeSDK=${EXP_RUNTIME_SDK:=false},MachineSetPreflightChecks=${EXP_MACHINE_SET_PREFLIGHT_CHECKS:=true},MachineWaitForVolumeDetachConsiderVolumeAttachments=${EXP_MACHINE_WAITFORVOLUMEDETACH_CONSIDER_VOLUMEATTACHMENTS:=true},PriorityQueue=${EXP_PRIORITY_QUEUE:=false} command: - /manager env: @@ -13090,7 +15147,7 @@ data: valueFrom: fieldRef: fieldPath: metadata.uid - image: registry.k8s.io/cluster-api/cluster-api-controller:v1.8.0 + image: registry.k8s.io/cluster-api/cluster-api-controller:v1.10.4 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -13222,6 +15279,28 @@ data: resources: - clusterclasses sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-addons-cluster-x-k8s-io-v1beta1-clusterresourceset + failurePolicy: Fail + matchPolicy: Equivalent + name: default.clusterresourceset.addons.cluster.x-k8s.io + rules: + - apiGroups: + - addons.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - clusterresourcesets + sideEffects: None - admissionReviewVersions: - v1 - v1beta1 @@ -13354,28 +15433,6 @@ data: resources: - machinepools sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /mutate-addons-cluster-x-k8s-io-v1beta1-clusterresourceset - failurePolicy: Fail - matchPolicy: Equivalent - name: default.clusterresourceset.addons.cluster.x-k8s.io - rules: - - apiGroups: - - addons.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - clusterresourcesets - sideEffects: None --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration @@ -13439,20 +15496,20 @@ data: service: name: capi-webhook-service namespace: capi-system - path: /validate-cluster-x-k8s-io-v1beta1-machine + path: /validate-addons-cluster-x-k8s-io-v1beta1-clusterresourceset failurePolicy: Fail matchPolicy: Equivalent - name: validation.machine.cluster.x-k8s.io + name: validation.clusterresourceset.addons.cluster.x-k8s.io rules: - apiGroups: - - cluster.x-k8s.io + - addons.cluster.x-k8s.io apiVersions: - v1beta1 operations: - CREATE - UPDATE resources: - - machines + - clusterresourcesets sideEffects: None - admissionReviewVersions: - v1 @@ -13461,20 +15518,20 @@ data: service: name: capi-webhook-service namespace: capi-system - path: /validate-cluster-x-k8s-io-v1beta1-machinedeployment + path: /validate-addons-cluster-x-k8s-io-v1beta1-clusterresourcesetbinding failurePolicy: Fail matchPolicy: Equivalent - name: validation.machinedeployment.cluster.x-k8s.io + name: validation.clusterresourcesetbinding.addons.cluster.x-k8s.io rules: - apiGroups: - - cluster.x-k8s.io + - addons.cluster.x-k8s.io apiVersions: - v1beta1 operations: - CREATE - UPDATE resources: - - machinedeployments + - clusterresourcesetbindings sideEffects: None - admissionReviewVersions: - v1 @@ -13483,10 +15540,10 @@ data: service: name: capi-webhook-service namespace: capi-system - path: /validate-cluster-x-k8s-io-v1beta1-machinehealthcheck + path: /validate-cluster-x-k8s-io-v1beta1-machine failurePolicy: Fail matchPolicy: Equivalent - name: validation.machinehealthcheck.cluster.x-k8s.io + name: validation.machine.cluster.x-k8s.io rules: - apiGroups: - cluster.x-k8s.io @@ -13496,7 +15553,7 @@ data: - CREATE - UPDATE resources: - - machinehealthchecks + - machines sideEffects: None - admissionReviewVersions: - v1 @@ -13505,10 +15562,10 @@ data: service: name: capi-webhook-service namespace: capi-system - path: /validate-cluster-x-k8s-io-v1beta1-machineset + path: /validate-cluster-x-k8s-io-v1beta1-machinedeployment failurePolicy: Fail matchPolicy: Equivalent - name: validation.machineset.cluster.x-k8s.io + name: validation.machinedeployment.cluster.x-k8s.io rules: - apiGroups: - cluster.x-k8s.io @@ -13518,7 +15575,7 @@ data: - CREATE - UPDATE resources: - - machinesets + - machinedeployments sideEffects: None - admissionReviewVersions: - v1 @@ -13527,20 +15584,20 @@ data: service: name: capi-webhook-service namespace: capi-system - path: /validate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig + path: /validate-cluster-x-k8s-io-v1beta1-machinedrainrule failurePolicy: Fail matchPolicy: Equivalent - name: validation.extensionconfig.runtime.cluster.x-k8s.io + name: validation.machinedrainrule.cluster.x-k8s.io rules: - apiGroups: - - runtime.cluster.x-k8s.io + - cluster.x-k8s.io apiVersions: - - v1alpha1 + - v1beta1 operations: - CREATE - UPDATE resources: - - extensionconfigs + - machinedrainrules sideEffects: None - admissionReviewVersions: - v1 @@ -13549,10 +15606,10 @@ data: service: name: capi-webhook-service namespace: capi-system - path: /validate-cluster-x-k8s-io-v1beta1-machinepool + path: /validate-cluster-x-k8s-io-v1beta1-machinehealthcheck failurePolicy: Fail matchPolicy: Equivalent - name: validation.machinepool.cluster.x-k8s.io + name: validation.machinehealthcheck.cluster.x-k8s.io rules: - apiGroups: - cluster.x-k8s.io @@ -13562,7 +15619,7 @@ data: - CREATE - UPDATE resources: - - machinepools + - machinehealthchecks sideEffects: None - admissionReviewVersions: - v1 @@ -13571,20 +15628,20 @@ data: service: name: capi-webhook-service namespace: capi-system - path: /validate-addons-cluster-x-k8s-io-v1beta1-clusterresourceset + path: /validate-cluster-x-k8s-io-v1beta1-machineset failurePolicy: Fail matchPolicy: Equivalent - name: validation.clusterresourceset.addons.cluster.x-k8s.io + name: validation.machineset.cluster.x-k8s.io rules: - apiGroups: - - addons.cluster.x-k8s.io + - cluster.x-k8s.io apiVersions: - v1beta1 operations: - CREATE - UPDATE resources: - - clusterresourcesets + - machinesets sideEffects: None - admissionReviewVersions: - v1 @@ -13593,20 +15650,42 @@ data: service: name: capi-webhook-service namespace: capi-system - path: /validate-addons-cluster-x-k8s-io-v1beta1-clusterresourcesetbinding + path: /validate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig failurePolicy: Fail matchPolicy: Equivalent - name: validation.clusterresourcesetbinding.addons.cluster.x-k8s.io + name: validation.extensionconfig.runtime.cluster.x-k8s.io rules: - apiGroups: - - addons.cluster.x-k8s.io + - runtime.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - extensionconfigs + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta1-machinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.machinepool.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io apiVersions: - v1beta1 operations: - CREATE - UPDATE resources: - - clusterresourcesetbindings + - machinepools sideEffects: None - admissionReviewVersions: - v1 @@ -13663,6 +15742,12 @@ data: apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 kind: Metadata releaseSeries: + - major: 1 + minor: 10 + contract: v1beta1 + - major: 1 + minor: 9 + contract: v1beta1 - major: 1 minor: 8 contract: v1beta1 @@ -13690,14 +15775,11 @@ data: - major: 1 minor: 0 contract: v1beta1 - - major: 0 - minor: 4 - contract: v1alpha4 kind: ConfigMap metadata: labels: provider.cluster.x-k8s.io/name: cluster-api provider.cluster.x-k8s.io/type: core - provider.cluster.x-k8s.io/version: v1.8.0 - name: core-cluster-api-v1.8.0 + provider.cluster.x-k8s.io/version: v1.10.4 + name: core-cluster-api-v1.10.4 namespace: capi-system diff --git a/test/e2e/resources/core-cluster-api-v1.11.0.yaml b/test/e2e/resources/core-cluster-api-v1.11.0.yaml new file mode 100644 index 000000000..48e00c903 --- /dev/null +++ b/test/e2e/resources/core-cluster-api-v1.11.0.yaml @@ -0,0 +1,18150 @@ +apiVersion: v1 +data: + components: | + apiVersion: v1 + kind: Namespace + metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + control-plane: controller-manager + name: capi-system + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.18.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: clusterclasses.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: ClusterClass + listKind: ClusterClassList + plural: clusterclasses + shortNames: + - cc + singular: clusterclass + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of ClusterClass + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1beta1 + schema: + openAPIV3Schema: + description: ClusterClass is a template which can be used to create managed + topologies. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the desired state of ClusterClass. + properties: + availabilityGates: + description: |- + availabilityGates specifies additional conditions to include when evaluating Cluster Available condition. + + NOTE: this field is considered only for computing v1beta2 conditions. + NOTE: If a Cluster is using this ClusterClass, and this Cluster defines a custom list of availabilityGates, + such list overrides availabilityGates defined in this field. + items: + description: ClusterAvailabilityGate contains the type of a Cluster + condition to be used as availability gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Cluster's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as availability gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this availabilityGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map + controlPlane: + description: |- + controlPlane is a reference to a local struct that holds the details + for provisioning the Control Plane for the Cluster. + properties: + machineHealthCheck: + description: |- + machineHealthCheck defines a MachineHealthCheck for this ControlPlaneClass. + This field is supported if and only if the ControlPlane provider template + referenced above is Machine based and supports setting replicas. + properties: + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: |- + maxUnhealthy specifies the maximum number of unhealthy machines allowed. + Any further remediation is only allowed if at most "maxUnhealthy" machines selected by + "selector" are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: |- + nodeStartupTimeout allows to set the maximum time for MachineHealthCheck + to consider a Machine unhealthy if a corresponding Node isn't associated + through a `Spec.ProviderID` field. + + The duration set in this field is compared to the greatest of: + - Cluster's infrastructure ready condition timestamp (if and when available) + - Control Plane's initialized condition timestamp (if and when available) + - Machine's infrastructure ready condition timestamp (if and when available) + - Machine's metadata creation timestamp + + Defaults to 10 minutes. + If you wish to disable this feature, set the value explicitly to 0. + type: string + remediationTemplate: + description: |- + remediationTemplate is a reference to a remediation template + provided by an infrastructure provider. + + This field is completely optional, when filled, the MachineHealthCheck controller + creates a new object from the template referenced and hands off remediation of the machine to + a controller that lives outside of Cluster API. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: |- + unhealthyConditions contains a list of the conditions that determine + whether a node is considered unhealthy. The conditions are combined in a + logical OR, i.e. if any of the conditions is met, the node is unhealthy. + items: + description: |- + UnhealthyCondition represents a Node condition type and value with a timeout + specified as a duration. When the named condition has been in the given + status for at least the timeout value, a node is considered unhealthy. + properties: + status: + description: status of the condition, one of True, False, + Unknown. + minLength: 1 + type: string + timeout: + description: |- + timeout is the duration that a node must be in a given status for, + after which the node is considered unhealthy. + For example, with a value of "1h", the node must match the status + for at least 1 hour before being considered unhealthy. + type: string + type: + description: type of Node condition + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + maxItems: 100 + type: array + unhealthyRange: + description: |- + unhealthyRange specifies the range of unhealthy machines allowed. + Any further remediation is only allowed if the number of machines selected by "selector" as not healthy + is within the range of "unhealthyRange". Takes precedence over maxUnhealthy. + Eg. "[3-5]" - This means that remediation will be allowed only when: + (a) there are at least 3 unhealthy machines (and) + (b) there are at most 5 unhealthy machines + maxLength: 32 + minLength: 1 + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + type: object + machineInfrastructure: + description: |- + machineInfrastructure defines the metadata and infrastructure information + for control plane machines. + + This field is supported if and only if the control plane provider template + referenced above is Machine based and supports setting replicas. + properties: + ref: + description: |- + ref is a required reference to a custom resource + offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + metadata: + description: |- + metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane + if the ControlPlaneTemplate referenced is machine based. If not, it is applied only to the + ControlPlane. + At runtime this metadata is merged with the corresponding metadata from the topology. + + This field is supported if and only if the control plane provider template + referenced is Machine based. + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + namingStrategy: + description: namingStrategy allows changing the naming pattern + used when creating the control plane provider object. + properties: + template: + description: |- + template defines the template to use for generating the name of the ControlPlane object. + If not defined, it will fallback to `{{ .cluster.name }}-{{ .random }}`. + If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will + get concatenated with a random suffix of length 5. + The templating mechanism provides the following arguments: + * `.cluster.name`: The name of the cluster object. + * `.random`: A random alphanumeric string, without vowels, of length 5. + maxLength: 1024 + minLength: 1 + type: string + type: object + nodeDeletionTimeout: + description: |- + nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine + hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. + Defaults to 10 seconds. + NOTE: This value can be overridden while defining a Cluster.Topology. + type: string + nodeDrainTimeout: + description: |- + nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + NOTE: This value can be overridden while defining a Cluster.Topology. + type: string + nodeVolumeDetachTimeout: + description: |- + nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + NOTE: This value can be overridden while defining a Cluster.Topology. + type: string + readinessGates: + description: |- + readinessGates specifies additional conditions to include when evaluating Machine Ready condition. + + This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready + computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine. + + NOTE: This field is considered only for computing v1beta2 conditions. + NOTE: If a Cluster defines a custom list of readinessGates for the control plane, + such list overrides readinessGates defined in this field. + NOTE: Specific control plane provider implementations might automatically extend the list of readinessGates; + e.g. the kubeadm control provider adds ReadinessGates for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc. + items: + description: MachineReadinessGate contains the type of a Machine + condition to be used as a readiness gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Machine's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this readinessGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map + ref: + description: |- + ref is a required reference to a custom resource + offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + infrastructure: + description: |- + infrastructure is a reference to a provider-specific template that holds + the details for provisioning infrastructure specific cluster + for the underlying provider. + The underlying provider is responsible for the implementation + of the template to an infrastructure cluster. + properties: + ref: + description: |- + ref is a required reference to a custom resource + offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + infrastructureNamingStrategy: + description: infrastructureNamingStrategy allows changing the naming + pattern used when creating the infrastructure object. + properties: + template: + description: |- + template defines the template to use for generating the name of the Infrastructure object. + If not defined, it will fallback to `{{ .cluster.name }}-{{ .random }}`. + If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will + get concatenated with a random suffix of length 5. + The templating mechanism provides the following arguments: + * `.cluster.name`: The name of the cluster object. + * `.random`: A random alphanumeric string, without vowels, of length 5. + maxLength: 1024 + minLength: 1 + type: string + type: object + patches: + description: |- + patches defines the patches which are applied to customize + referenced templates of a ClusterClass. + Note: Patches will be applied in the order of the array. + items: + description: ClusterClassPatch defines a patch which is applied + to customize the referenced templates. + properties: + definitions: + description: |- + definitions define inline patches. + Note: Patches will be applied in the order of the array. + Note: Exactly one of Definitions or External must be set. + items: + description: PatchDefinition defines a patch which is applied + to customize the referenced templates. + properties: + jsonPatches: + description: |- + jsonPatches defines the patches which should be applied on the templates + matching the selector. + Note: Patches will be applied in the order of the array. + items: + description: JSONPatch defines a JSON patch. + properties: + op: + description: |- + op defines the operation of the patch. + Note: Only `add`, `replace` and `remove` are supported. + enum: + - add + - replace + - remove + type: string + path: + description: |- + path defines the path of the patch. + Note: Only the spec of a template can be patched, thus the path has to start with /spec/. + Note: For now the only allowed array modifications are `append` and `prepend`, i.e.: + * for op: `add`: only index 0 (prepend) and - (append) are allowed + * for op: `replace` or `remove`: no indexes are allowed + maxLength: 512 + minLength: 1 + type: string + value: + description: |- + value defines the value of the patch. + Note: Either Value or ValueFrom is required for add and replace + operations. Only one of them is allowed to be set at the same time. + Note: We have to use apiextensionsv1.JSON instead of our JSON type, + because controller-tools has a hard-coded schema for apiextensionsv1.JSON + which cannot be produced by another type (unset type field). + Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 + x-kubernetes-preserve-unknown-fields: true + valueFrom: + description: |- + valueFrom defines the value of the patch. + Note: Either Value or ValueFrom is required for add and replace + operations. Only one of them is allowed to be set at the same time. + properties: + template: + description: |- + template is the Go template to be used to calculate the value. + A template can reference variables defined in .spec.variables and builtin variables. + Note: The template must evaluate to a valid YAML or JSON value. + maxLength: 10240 + minLength: 1 + type: string + variable: + description: |- + variable is the variable to be used as value. + Variable can be one of the variables defined in .spec.variables or a builtin variable. + maxLength: 256 + minLength: 1 + type: string + type: object + required: + - op + - path + type: object + maxItems: 100 + type: array + selector: + description: selector defines on which templates the patch + should be applied. + properties: + apiVersion: + description: apiVersion filters templates by apiVersion. + maxLength: 512 + minLength: 1 + type: string + kind: + description: kind filters templates by kind. + maxLength: 256 + minLength: 1 + type: string + matchResources: + description: matchResources selects templates based + on where they are referenced. + properties: + controlPlane: + description: |- + controlPlane selects templates referenced in .spec.ControlPlane. + Note: this will match the controlPlane and also the controlPlane + machineInfrastructure (depending on the kind and apiVersion). + type: boolean + infrastructureCluster: + description: infrastructureCluster selects templates + referenced in .spec.infrastructure. + type: boolean + machineDeploymentClass: + description: |- + machineDeploymentClass selects templates referenced in specific MachineDeploymentClasses in + .spec.workers.machineDeployments. + properties: + names: + description: names selects templates by class + names. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + type: array + type: object + machinePoolClass: + description: |- + machinePoolClass selects templates referenced in specific MachinePoolClasses in + .spec.workers.machinePools. + properties: + names: + description: names selects templates by class + names. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + type: array + type: object + type: object + required: + - apiVersion + - kind + - matchResources + type: object + required: + - jsonPatches + - selector + type: object + maxItems: 100 + type: array + description: + description: description is a human-readable description of + this patch. + maxLength: 1024 + minLength: 1 + type: string + enabledIf: + description: |- + enabledIf is a Go template to be used to calculate if a patch should be enabled. + It can reference variables defined in .spec.variables and builtin variables. + The patch will be enabled if the template evaluates to `true`, otherwise it will + be disabled. + If EnabledIf is not set, the patch will be enabled per default. + maxLength: 256 + minLength: 1 + type: string + external: + description: |- + external defines an external patch. + Note: Exactly one of Definitions or External must be set. + properties: + discoverVariablesExtension: + description: discoverVariablesExtension references an extension + which is called to discover variables. + maxLength: 512 + minLength: 1 + type: string + generateExtension: + description: generateExtension references an extension which + is called to generate patches. + maxLength: 512 + minLength: 1 + type: string + settings: + additionalProperties: + type: string + description: |- + settings defines key value pairs to be passed to the extensions. + Values defined here take precedence over the values defined in the + corresponding ExtensionConfig. + type: object + validateExtension: + description: validateExtension references an extension which + is called to validate the topology. + maxLength: 512 + minLength: 1 + type: string + type: object + name: + description: name of the patch. + maxLength: 256 + minLength: 1 + type: string + required: + - name + type: object + maxItems: 1000 + type: array + variables: + description: |- + variables defines the variables which can be configured + in the Cluster topology and are then used in patches. + items: + description: |- + ClusterClassVariable defines a variable which can + be configured in the Cluster topology and used in patches. + properties: + metadata: + description: |- + metadata is the metadata of a variable. + It can be used to add additional data for higher level tools to + a ClusterClassVariable. + + Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please use XMetadata in JSONSchemaProps instead. + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map that can be used to store and + retrieve arbitrary metadata. + They are not queryable. + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) variables. + type: object + type: object + name: + description: name of the variable. + maxLength: 256 + minLength: 1 + type: string + required: + description: |- + required specifies if the variable is required. + Note: this applies to the variable as a whole and thus the + top-level object defined in the schema. If nested fields are + required, this will be specified inside the schema. + type: boolean + schema: + description: schema defines the schema of the variable. + properties: + openAPIV3Schema: + description: |- + openAPIV3Schema defines the schema of a variable via OpenAPI v3 + schema. The schema is a subset of the schema used in + Kubernetes CRDs. + properties: + additionalProperties: + description: |- + additionalProperties specifies the schema of values in a map (keys are always strings). + NOTE: Can only be set if type is object. + NOTE: AdditionalProperties is mutually exclusive with Properties. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + allOf: + description: |- + allOf specifies that the variable must validate against all of the subschemas in the array. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + anyOf: + description: |- + anyOf specifies that the variable must validate against one or more of the subschemas in the array. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + default: + description: |- + default is the default value of the variable. + NOTE: Can be set for all types. + x-kubernetes-preserve-unknown-fields: true + description: + description: description is a human-readable description + of this variable. + maxLength: 4096 + minLength: 1 + type: string + enum: + description: |- + enum is the list of valid values of the variable. + NOTE: Can be set for all types. + items: + x-kubernetes-preserve-unknown-fields: true + maxItems: 100 + type: array + example: + description: example is an example for this variable. + x-kubernetes-preserve-unknown-fields: true + exclusiveMaximum: + description: |- + exclusiveMaximum specifies if the Maximum is exclusive. + NOTE: Can only be set if type is integer or number. + type: boolean + exclusiveMinimum: + description: |- + exclusiveMinimum specifies if the Minimum is exclusive. + NOTE: Can only be set if type is integer or number. + type: boolean + format: + description: |- + format is an OpenAPI v3 format string. Unknown formats are ignored. + For a list of supported formats please see: (of the k8s.io/apiextensions-apiserver version we're currently using) + https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go + NOTE: Can only be set if type is string. + maxLength: 32 + minLength: 1 + type: string + items: + description: |- + items specifies fields of an array. + NOTE: Can only be set if type is array. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + maxItems: + description: |- + maxItems is the max length of an array variable. + NOTE: Can only be set if type is array. + format: int64 + type: integer + maxLength: + description: |- + maxLength is the max length of a string variable. + NOTE: Can only be set if type is string. + format: int64 + type: integer + maxProperties: + description: |- + maxProperties is the maximum amount of entries in a map or properties in an object. + NOTE: Can only be set if type is object. + format: int64 + type: integer + maximum: + description: |- + maximum is the maximum of an integer or number variable. + If ExclusiveMaximum is false, the variable is valid if it is lower than, or equal to, the value of Maximum. + If ExclusiveMaximum is true, the variable is valid if it is strictly lower than the value of Maximum. + NOTE: Can only be set if type is integer or number. + format: int64 + type: integer + minItems: + description: |- + minItems is the min length of an array variable. + NOTE: Can only be set if type is array. + format: int64 + type: integer + minLength: + description: |- + minLength is the min length of a string variable. + NOTE: Can only be set if type is string. + format: int64 + type: integer + minProperties: + description: |- + minProperties is the minimum amount of entries in a map or properties in an object. + NOTE: Can only be set if type is object. + format: int64 + type: integer + minimum: + description: |- + minimum is the minimum of an integer or number variable. + If ExclusiveMinimum is false, the variable is valid if it is greater than, or equal to, the value of Minimum. + If ExclusiveMinimum is true, the variable is valid if it is strictly greater than the value of Minimum. + NOTE: Can only be set if type is integer or number. + format: int64 + type: integer + not: + description: |- + not specifies that the variable must not validate against the subschema. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + oneOf: + description: |- + oneOf specifies that the variable must validate against exactly one of the subschemas in the array. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + pattern: + description: |- + pattern is the regex which a string variable must match. + NOTE: Can only be set if type is string. + maxLength: 512 + minLength: 1 + type: string + properties: + description: |- + properties specifies fields of an object. + NOTE: Can only be set if type is object. + NOTE: Properties is mutually exclusive with AdditionalProperties. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + required: + description: |- + required specifies which fields of an object are required. + NOTE: Can only be set if type is object. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 1000 + type: array + type: + description: |- + type is the type of the variable. + Valid values are: object, array, string, integer, number or boolean. + enum: + - object + - array + - string + - integer + - number + - boolean + type: string + uniqueItems: + description: |- + uniqueItems specifies if items in an array must be unique. + NOTE: Can only be set if type is array. + type: boolean + x-kubernetes-int-or-string: + description: |- + x-kubernetes-int-or-string specifies that this value is + either an integer or a string. If this is true, an empty + type is allowed and type as child of anyOf is permitted + if following one of the following patterns: + + 1) anyOf: + - type: integer + - type: string + 2) allOf: + - anyOf: + - type: integer + - type: string + - ... zero or more + type: boolean + x-kubernetes-preserve-unknown-fields: + description: |- + x-kubernetes-preserve-unknown-fields allows setting fields in a variable object + which are not defined in the variable schema. This affects fields recursively, + except if nested properties or additionalProperties are specified in the schema. + type: boolean + x-kubernetes-validations: + description: x-kubernetes-validations describes a list + of validation rules written in the CEL expression + language. + items: + description: ValidationRule describes a validation + rule written in the CEL expression language. + properties: + fieldPath: + description: |- + fieldPath represents the field path returned when the validation fails. + It must be a relative JSON path (i.e. with array notation) scoped to the location of this x-kubernetes-validations extension in the schema and refer to an existing field. + e.g. when validation checks if a specific attribute `foo` under a map `testMap`, the fieldPath could be set to `.testMap.foo` + If the validation checks two lists must have unique attributes, the fieldPath could be set to either of the list: e.g. `.testList` + It does not support list numeric index. + It supports child operation to refer to an existing field currently. Refer to [JSONPath support in Kubernetes](https://kubernetes.io/docs/reference/kubectl/jsonpath/) for more info. + Numeric index of array is not supported. + For field name which contains special characters, use `['specialName']` to refer the field name. + e.g. for attribute `foo.34$` appears in a list `testList`, the fieldPath could be set to `.testList['foo.34$']` + maxLength: 512 + minLength: 1 + type: string + message: + description: |- + message represents the message displayed when validation fails. The message is required if the Rule contains + line breaks. The message must not contain line breaks. + If unset, the message is "failed rule: {Rule}". + e.g. "must be a URL with the host matching spec.host" + maxLength: 512 + minLength: 1 + type: string + messageExpression: + description: |- + messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. + Since messageExpression is used as a failure message, it must evaluate to a string. + If both message and messageExpression are present on a rule, then messageExpression will be used if validation + fails. If messageExpression results in a runtime error, the validation failure message is produced + as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string + that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset. + messageExpression has access to all the same variables as the rule; the only difference is the return type. + Example: + "x must be less than max ("+string(self.max)+")" + maxLength: 1024 + minLength: 1 + type: string + reason: + default: FieldValueInvalid + description: |- + reason provides a machine-readable validation failure reason that is returned to the caller when a request fails this validation rule. + The currently supported reasons are: "FieldValueInvalid", "FieldValueForbidden", "FieldValueRequired", "FieldValueDuplicate". + If not set, default to use "FieldValueInvalid". + All future added reasons must be accepted by clients when reading this value and unknown reasons should be treated as FieldValueInvalid. + enum: + - FieldValueInvalid + - FieldValueForbidden + - FieldValueRequired + - FieldValueDuplicate + type: string + rule: + description: "rule represents the expression which + will be evaluated by CEL.\nref: https://github.com/google/cel-spec\nThe + Rule is scoped to the location of the x-kubernetes-validations + extension in the schema.\nThe `self` variable + in the CEL expression is bound to the scoped + value.\nIf the Rule is scoped to an object with + properties, the accessible properties of the + object are field selectable\nvia `self.field` + and field presence can be checked via `has(self.field)`.\nIf + the Rule is scoped to an object with additionalProperties + (i.e. a map) the value of the map\nare accessible + via `self[mapKey]`, map containment can be checked + via `mapKey in self` and all entries of the + map\nare accessible via CEL macros and functions + such as `self.all(...)`.\nIf the Rule is scoped + to an array, the elements of the array are accessible + via `self[i]` and also by macros and\nfunctions.\nIf + the Rule is scoped to a scalar, `self` is bound + to the scalar value.\nExamples:\n- Rule scoped + to a map of objects: {\"rule\": \"self.components['Widget'].priority + < 10\"}\n- Rule scoped to a list of integers: + {\"rule\": \"self.values.all(value, value >= + 0 && value < 100)\"}\n- Rule scoped to a string + value: {\"rule\": \"self.startsWith('kube')\"}\n\nUnknown + data preserved in custom resources via x-kubernetes-preserve-unknown-fields + is not accessible in CEL\nexpressions. This + includes:\n- Unknown field values that are preserved + by object schemas with x-kubernetes-preserve-unknown-fields.\n- + Object properties where the property schema + is of an \"unknown type\". An \"unknown type\" + is recursively defined as:\n - A schema with + no type and x-kubernetes-preserve-unknown-fields + set to true\n - An array where the items schema + is of an \"unknown type\"\n - An object where + the additionalProperties schema is of an \"unknown + type\"\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` + are accessible.\nAccessible property names are + escaped according to the following rules when + accessed in the expression:\n- '__' escapes + to '__underscores__'\n- '.' escapes to '__dot__'\n- + '-' escapes to '__dash__'\n- '/' escapes to + '__slash__'\n- Property names that exactly match + a CEL RESERVED keyword escape to '__{keyword}__'. + The keywords are:\n\t \"true\", \"false\", + \"null\", \"in\", \"as\", \"break\", \"const\", + \"continue\", \"else\", \"for\", \"function\", + \"if\",\n\t \"import\", \"let\", \"loop\", + \"package\", \"namespace\", \"return\".\nExamples:\n + \ - Rule accessing a property named \"namespace\": + {\"rule\": \"self.__namespace__ > 0\"}\n - + Rule accessing a property named \"x-prop\": + {\"rule\": \"self.x__dash__prop > 0\"}\n - + Rule accessing a property named \"redact__d\": + {\"rule\": \"self.redact__underscores__d > 0\"}\n\nIf + `rule` makes use of the `oldSelf` variable it + is implicitly a\n`transition rule`.\n\nBy default, + the `oldSelf` variable is the same type as `self`.\n\nTransition + rules by default are applied only on UPDATE + requests and are\nskipped if an old value could + not be found." + maxLength: 4096 + minLength: 1 + type: string + required: + - rule + type: object + maxItems: 100 + type: array + x-kubernetes-list-map-keys: + - rule + x-kubernetes-list-type: map + x-metadata: + description: |- + x-metadata is the metadata of a variable or a nested field within a variable. + It can be used to add additional data for higher level tools. + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map that can be used to store and + retrieve arbitrary metadata. + They are not queryable. + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) variables. + type: object + type: object + type: object + required: + - openAPIV3Schema + type: object + required: + - name + - required + - schema + type: object + maxItems: 1000 + type: array + workers: + description: |- + workers describes the worker nodes for the cluster. + It is a collection of node types which can be used to create + the worker nodes of the cluster. + properties: + machineDeployments: + description: |- + machineDeployments is a list of machine deployment classes that can be used to create + a set of worker nodes. + items: + description: |- + MachineDeploymentClass serves as a template to define a set of worker nodes of the cluster + provisioned using the `ClusterClass`. + properties: + class: + description: |- + class denotes a type of worker node present in the cluster, + this name MUST be unique within a ClusterClass and can be referenced + in the Cluster to create a managed MachineDeployment. + maxLength: 256 + minLength: 1 + type: string + failureDomain: + description: |- + failureDomain is the failure domain the machines will be created in. + Must match a key in the FailureDomains map stored on the cluster object. + NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. + maxLength: 256 + minLength: 1 + type: string + machineHealthCheck: + description: machineHealthCheck defines a MachineHealthCheck + for this MachineDeploymentClass. + properties: + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: |- + maxUnhealthy specifies the maximum number of unhealthy machines allowed. + Any further remediation is only allowed if at most "maxUnhealthy" machines selected by + "selector" are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: |- + nodeStartupTimeout allows to set the maximum time for MachineHealthCheck + to consider a Machine unhealthy if a corresponding Node isn't associated + through a `Spec.ProviderID` field. + + The duration set in this field is compared to the greatest of: + - Cluster's infrastructure ready condition timestamp (if and when available) + - Control Plane's initialized condition timestamp (if and when available) + - Machine's infrastructure ready condition timestamp (if and when available) + - Machine's metadata creation timestamp + + Defaults to 10 minutes. + If you wish to disable this feature, set the value explicitly to 0. + type: string + remediationTemplate: + description: |- + remediationTemplate is a reference to a remediation template + provided by an infrastructure provider. + + This field is completely optional, when filled, the MachineHealthCheck controller + creates a new object from the template referenced and hands off remediation of the machine to + a controller that lives outside of Cluster API. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: |- + unhealthyConditions contains a list of the conditions that determine + whether a node is considered unhealthy. The conditions are combined in a + logical OR, i.e. if any of the conditions is met, the node is unhealthy. + items: + description: |- + UnhealthyCondition represents a Node condition type and value with a timeout + specified as a duration. When the named condition has been in the given + status for at least the timeout value, a node is considered unhealthy. + properties: + status: + description: status of the condition, one of True, + False, Unknown. + minLength: 1 + type: string + timeout: + description: |- + timeout is the duration that a node must be in a given status for, + after which the node is considered unhealthy. + For example, with a value of "1h", the node must match the status + for at least 1 hour before being considered unhealthy. + type: string + type: + description: type of Node condition + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + maxItems: 100 + type: array + unhealthyRange: + description: |- + unhealthyRange specifies the range of unhealthy machines allowed. + Any further remediation is only allowed if the number of machines selected by "selector" as not healthy + is within the range of "unhealthyRange". Takes precedence over maxUnhealthy. + Eg. "[3-5]" - This means that remediation will be allowed only when: + (a) there are at least 3 unhealthy machines (and) + (b) there are at most 5 unhealthy machines + maxLength: 32 + minLength: 1 + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + type: object + minReadySeconds: + description: |- + minReadySeconds is the minimum number of seconds for which a newly created machine should + be ready. + Defaults to 0 (machine will be considered available as soon as it + is ready) + NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. + format: int32 + type: integer + namingStrategy: + description: namingStrategy allows changing the naming pattern + used when creating the MachineDeployment. + properties: + template: + description: |- + template defines the template to use for generating the name of the MachineDeployment object. + If not defined, it will fallback to `{{ .cluster.name }}-{{ .machineDeployment.topologyName }}-{{ .random }}`. + If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will + get concatenated with a random suffix of length 5. + The templating mechanism provides the following arguments: + * `.cluster.name`: The name of the cluster object. + * `.random`: A random alphanumeric string, without vowels, of length 5. + * `.machineDeployment.topologyName`: The name of the MachineDeployment topology (Cluster.spec.topology.workers.machineDeployments[].name). + maxLength: 1024 + minLength: 1 + type: string + type: object + nodeDeletionTimeout: + description: |- + nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine + hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. + Defaults to 10 seconds. + NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. + type: string + nodeDrainTimeout: + description: |- + nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. + type: string + nodeVolumeDetachTimeout: + description: |- + nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. + type: string + readinessGates: + description: |- + readinessGates specifies additional conditions to include when evaluating Machine Ready condition. + + This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready + computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine. + + NOTE: This field is considered only for computing v1beta2 conditions. + NOTE: If a Cluster defines a custom list of readinessGates for a MachineDeployment using this MachineDeploymentClass, + such list overrides readinessGates defined in this field. + items: + description: MachineReadinessGate contains the type of + a Machine condition to be used as a readiness gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Machine's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this readinessGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map + strategy: + description: |- + strategy is the deployment strategy to use to replace existing machines with + new ones. + NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. + properties: + remediation: + description: |- + remediation controls the strategy of remediating unhealthy machines + and how remediating operations should occur during the lifecycle of the dependant MachineSets. + properties: + maxInFlight: + anyOf: + - type: integer + - type: string + description: |- + maxInFlight determines how many in flight remediations should happen at the same time. + + Remediation only happens on the MachineSet with the most current revision, while + older MachineSets (usually present during rollout operations) aren't allowed to remediate. + + Note: In general (independent of remediations), unhealthy machines are always + prioritized during scale down operations over healthy ones. + + MaxInFlight can be set to a fixed number or a percentage. + Example: when this is set to 20%, the MachineSet controller deletes at most 20% of + the desired replicas. + + If not set, remediation is limited to all machines (bounded by replicas) + under the active MachineSet's management. + x-kubernetes-int-or-string: true + type: object + rollingUpdate: + description: |- + rollingUpdate is the rolling update config params. Present only if + MachineDeploymentStrategyType = RollingUpdate. + properties: + deletePolicy: + description: |- + deletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling. + Valid values are "Random, "Newest", "Oldest" + When no value is supplied, the default DeletePolicy of MachineSet is used + enum: + - Random + - Newest + - Oldest + type: string + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + maxSurge is the maximum number of machines that can be scheduled above the + desired number of machines. + Value can be an absolute number (ex: 5) or a percentage of + desired machines (ex: 10%). + This can not be 0 if MaxUnavailable is 0. + Absolute number is calculated from percentage by rounding up. + Defaults to 1. + Example: when this is set to 30%, the new MachineSet can be scaled + up immediately when the rolling update starts, such that the total + number of old and new machines do not exceed 130% of desired + machines. Once old machines have been killed, new MachineSet can + be scaled up further, ensuring that total number of machines running + at any time during the update is at most 130% of desired machines. + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + maxUnavailable is the maximum number of machines that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of desired + machines (ex: 10%). + Absolute number is calculated from percentage by rounding down. + This can not be 0 if MaxSurge is 0. + Defaults to 0. + Example: when this is set to 30%, the old MachineSet can be scaled + down to 70% of desired machines immediately when the rolling update + starts. Once new machines are ready, old MachineSet can be scaled + down further, followed by scaling up the new MachineSet, ensuring + that the total number of machines available at all times + during the update is at least 70% of desired machines. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + type of deployment. Allowed values are RollingUpdate and OnDelete. + The default is RollingUpdate. + enum: + - RollingUpdate + - OnDelete + type: string + type: object + template: + description: |- + template is a local struct containing a collection of templates for creation of + MachineDeployment objects representing a set of worker nodes. + properties: + bootstrap: + description: |- + bootstrap contains the bootstrap template reference to be used + for the creation of worker Machines. + properties: + ref: + description: |- + ref is a required reference to a custom resource + offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + infrastructure: + description: |- + infrastructure contains the infrastructure template reference to be used + for the creation of worker Machines. + properties: + ref: + description: |- + ref is a required reference to a custom resource + offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + metadata: + description: |- + metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment. + At runtime this metadata is merged with the corresponding metadata from the topology. + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + required: + - bootstrap + - infrastructure + type: object + required: + - class + - template + type: object + maxItems: 100 + type: array + x-kubernetes-list-map-keys: + - class + x-kubernetes-list-type: map + machinePools: + description: |- + machinePools is a list of machine pool classes that can be used to create + a set of worker nodes. + items: + description: |- + MachinePoolClass serves as a template to define a pool of worker nodes of the cluster + provisioned using `ClusterClass`. + properties: + class: + description: |- + class denotes a type of machine pool present in the cluster, + this name MUST be unique within a ClusterClass and can be referenced + in the Cluster to create a managed MachinePool. + maxLength: 256 + minLength: 1 + type: string + failureDomains: + description: |- + failureDomains is the list of failure domains the MachinePool should be attached to. + Must match a key in the FailureDomains map stored on the cluster object. + NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + type: array + minReadySeconds: + description: |- + minReadySeconds is the minimum number of seconds for which a newly created machine pool should + be ready. + Defaults to 0 (machine will be considered available as soon as it + is ready) + NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. + format: int32 + type: integer + namingStrategy: + description: namingStrategy allows changing the naming pattern + used when creating the MachinePool. + properties: + template: + description: |- + template defines the template to use for generating the name of the MachinePool object. + If not defined, it will fallback to `{{ .cluster.name }}-{{ .machinePool.topologyName }}-{{ .random }}`. + If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will + get concatenated with a random suffix of length 5. + The templating mechanism provides the following arguments: + * `.cluster.name`: The name of the cluster object. + * `.random`: A random alphanumeric string, without vowels, of length 5. + * `.machinePool.topologyName`: The name of the MachinePool topology (Cluster.spec.topology.workers.machinePools[].name). + maxLength: 1024 + minLength: 1 + type: string + type: object + nodeDeletionTimeout: + description: |- + nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine + hosts after the Machine Pool is marked for deletion. A duration of 0 will retry deletion indefinitely. + Defaults to 10 seconds. + NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. + type: string + nodeDrainTimeout: + description: |- + nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. + type: string + nodeVolumeDetachTimeout: + description: |- + nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. + type: string + template: + description: |- + template is a local struct containing a collection of templates for creation of + MachinePools objects representing a pool of worker nodes. + properties: + bootstrap: + description: |- + bootstrap contains the bootstrap template reference to be used + for the creation of the Machines in the MachinePool. + properties: + ref: + description: |- + ref is a required reference to a custom resource + offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + infrastructure: + description: |- + infrastructure contains the infrastructure template reference to be used + for the creation of the MachinePool. + properties: + ref: + description: |- + ref is a required reference to a custom resource + offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + metadata: + description: |- + metadata is the metadata applied to the MachinePool. + At runtime this metadata is merged with the corresponding metadata from the topology. + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + required: + - bootstrap + - infrastructure + type: object + required: + - class + - template + type: object + maxItems: 100 + type: array + x-kubernetes-list-map-keys: + - class + x-kubernetes-list-type: map + type: object + type: object + status: + description: status is the observed state of ClusterClass. + properties: + conditions: + description: conditions defines current observed state of the ClusterClass. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + observedGeneration: + description: observedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + v1beta2: + description: v1beta2 groups all the fields that will be added or modified + in ClusterClass's status with the V1Beta2 version. + properties: + conditions: + description: |- + conditions represents the observations of a ClusterClass's current state. + Known condition types are VariablesReady, RefVersionsUpToDate, Paused. + items: + description: Condition contains details for one aspect of the + current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + variables: + description: variables is a list of ClusterClassStatusVariable that + are defined for the ClusterClass. + items: + description: ClusterClassStatusVariable defines a variable which + appears in the status of a ClusterClass. + properties: + definitions: + description: definitions is a list of definitions for a variable. + items: + description: ClusterClassStatusVariableDefinition defines + a variable which appears in the status of a ClusterClass. + properties: + from: + description: |- + from specifies the origin of the variable definition. + This will be `inline` for variables defined in the ClusterClass or the name of a patch defined in the ClusterClass + for variables discovered from a DiscoverVariables runtime extensions. + maxLength: 256 + minLength: 1 + type: string + metadata: + description: |- + metadata is the metadata of a variable. + It can be used to add additional data for higher level tools to + a ClusterClassVariable. + + Deprecated: This field is deprecated and is going to be removed in the next apiVersion. + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map that can be used to store and + retrieve arbitrary metadata. + They are not queryable. + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) variables. + type: object + type: object + required: + description: |- + required specifies if the variable is required. + Note: this applies to the variable as a whole and thus the + top-level object defined in the schema. If nested fields are + required, this will be specified inside the schema. + type: boolean + schema: + description: schema defines the schema of the variable. + properties: + openAPIV3Schema: + description: |- + openAPIV3Schema defines the schema of a variable via OpenAPI v3 + schema. The schema is a subset of the schema used in + Kubernetes CRDs. + properties: + additionalProperties: + description: |- + additionalProperties specifies the schema of values in a map (keys are always strings). + NOTE: Can only be set if type is object. + NOTE: AdditionalProperties is mutually exclusive with Properties. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + allOf: + description: |- + allOf specifies that the variable must validate against all of the subschemas in the array. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + anyOf: + description: |- + anyOf specifies that the variable must validate against one or more of the subschemas in the array. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + default: + description: |- + default is the default value of the variable. + NOTE: Can be set for all types. + x-kubernetes-preserve-unknown-fields: true + description: + description: description is a human-readable description + of this variable. + maxLength: 4096 + minLength: 1 + type: string + enum: + description: |- + enum is the list of valid values of the variable. + NOTE: Can be set for all types. + items: + x-kubernetes-preserve-unknown-fields: true + maxItems: 100 + type: array + example: + description: example is an example for this variable. + x-kubernetes-preserve-unknown-fields: true + exclusiveMaximum: + description: |- + exclusiveMaximum specifies if the Maximum is exclusive. + NOTE: Can only be set if type is integer or number. + type: boolean + exclusiveMinimum: + description: |- + exclusiveMinimum specifies if the Minimum is exclusive. + NOTE: Can only be set if type is integer or number. + type: boolean + format: + description: |- + format is an OpenAPI v3 format string. Unknown formats are ignored. + For a list of supported formats please see: (of the k8s.io/apiextensions-apiserver version we're currently using) + https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go + NOTE: Can only be set if type is string. + maxLength: 32 + minLength: 1 + type: string + items: + description: |- + items specifies fields of an array. + NOTE: Can only be set if type is array. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + maxItems: + description: |- + maxItems is the max length of an array variable. + NOTE: Can only be set if type is array. + format: int64 + type: integer + maxLength: + description: |- + maxLength is the max length of a string variable. + NOTE: Can only be set if type is string. + format: int64 + type: integer + maxProperties: + description: |- + maxProperties is the maximum amount of entries in a map or properties in an object. + NOTE: Can only be set if type is object. + format: int64 + type: integer + maximum: + description: |- + maximum is the maximum of an integer or number variable. + If ExclusiveMaximum is false, the variable is valid if it is lower than, or equal to, the value of Maximum. + If ExclusiveMaximum is true, the variable is valid if it is strictly lower than the value of Maximum. + NOTE: Can only be set if type is integer or number. + format: int64 + type: integer + minItems: + description: |- + minItems is the min length of an array variable. + NOTE: Can only be set if type is array. + format: int64 + type: integer + minLength: + description: |- + minLength is the min length of a string variable. + NOTE: Can only be set if type is string. + format: int64 + type: integer + minProperties: + description: |- + minProperties is the minimum amount of entries in a map or properties in an object. + NOTE: Can only be set if type is object. + format: int64 + type: integer + minimum: + description: |- + minimum is the minimum of an integer or number variable. + If ExclusiveMinimum is false, the variable is valid if it is greater than, or equal to, the value of Minimum. + If ExclusiveMinimum is true, the variable is valid if it is strictly greater than the value of Minimum. + NOTE: Can only be set if type is integer or number. + format: int64 + type: integer + not: + description: |- + not specifies that the variable must not validate against the subschema. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + oneOf: + description: |- + oneOf specifies that the variable must validate against exactly one of the subschemas in the array. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + pattern: + description: |- + pattern is the regex which a string variable must match. + NOTE: Can only be set if type is string. + maxLength: 512 + minLength: 1 + type: string + properties: + description: |- + properties specifies fields of an object. + NOTE: Can only be set if type is object. + NOTE: Properties is mutually exclusive with AdditionalProperties. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + required: + description: |- + required specifies which fields of an object are required. + NOTE: Can only be set if type is object. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 1000 + type: array + type: + description: |- + type is the type of the variable. + Valid values are: object, array, string, integer, number or boolean. + enum: + - object + - array + - string + - integer + - number + - boolean + type: string + uniqueItems: + description: |- + uniqueItems specifies if items in an array must be unique. + NOTE: Can only be set if type is array. + type: boolean + x-kubernetes-int-or-string: + description: |- + x-kubernetes-int-or-string specifies that this value is + either an integer or a string. If this is true, an empty + type is allowed and type as child of anyOf is permitted + if following one of the following patterns: + + 1) anyOf: + - type: integer + - type: string + 2) allOf: + - anyOf: + - type: integer + - type: string + - ... zero or more + type: boolean + x-kubernetes-preserve-unknown-fields: + description: |- + x-kubernetes-preserve-unknown-fields allows setting fields in a variable object + which are not defined in the variable schema. This affects fields recursively, + except if nested properties or additionalProperties are specified in the schema. + type: boolean + x-kubernetes-validations: + description: x-kubernetes-validations describes + a list of validation rules written in the CEL + expression language. + items: + description: ValidationRule describes a validation + rule written in the CEL expression language. + properties: + fieldPath: + description: |- + fieldPath represents the field path returned when the validation fails. + It must be a relative JSON path (i.e. with array notation) scoped to the location of this x-kubernetes-validations extension in the schema and refer to an existing field. + e.g. when validation checks if a specific attribute `foo` under a map `testMap`, the fieldPath could be set to `.testMap.foo` + If the validation checks two lists must have unique attributes, the fieldPath could be set to either of the list: e.g. `.testList` + It does not support list numeric index. + It supports child operation to refer to an existing field currently. Refer to [JSONPath support in Kubernetes](https://kubernetes.io/docs/reference/kubectl/jsonpath/) for more info. + Numeric index of array is not supported. + For field name which contains special characters, use `['specialName']` to refer the field name. + e.g. for attribute `foo.34$` appears in a list `testList`, the fieldPath could be set to `.testList['foo.34$']` + maxLength: 512 + minLength: 1 + type: string + message: + description: |- + message represents the message displayed when validation fails. The message is required if the Rule contains + line breaks. The message must not contain line breaks. + If unset, the message is "failed rule: {Rule}". + e.g. "must be a URL with the host matching spec.host" + maxLength: 512 + minLength: 1 + type: string + messageExpression: + description: |- + messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. + Since messageExpression is used as a failure message, it must evaluate to a string. + If both message and messageExpression are present on a rule, then messageExpression will be used if validation + fails. If messageExpression results in a runtime error, the validation failure message is produced + as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string + that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset. + messageExpression has access to all the same variables as the rule; the only difference is the return type. + Example: + "x must be less than max ("+string(self.max)+")" + maxLength: 1024 + minLength: 1 + type: string + reason: + default: FieldValueInvalid + description: |- + reason provides a machine-readable validation failure reason that is returned to the caller when a request fails this validation rule. + The currently supported reasons are: "FieldValueInvalid", "FieldValueForbidden", "FieldValueRequired", "FieldValueDuplicate". + If not set, default to use "FieldValueInvalid". + All future added reasons must be accepted by clients when reading this value and unknown reasons should be treated as FieldValueInvalid. + enum: + - FieldValueInvalid + - FieldValueForbidden + - FieldValueRequired + - FieldValueDuplicate + type: string + rule: + description: "rule represents the expression + which will be evaluated by CEL.\nref: + https://github.com/google/cel-spec\nThe + Rule is scoped to the location of the + x-kubernetes-validations extension in + the schema.\nThe `self` variable in the + CEL expression is bound to the scoped + value.\nIf the Rule is scoped to an object + with properties, the accessible properties + of the object are field selectable\nvia + `self.field` and field presence can be + checked via `has(self.field)`.\nIf the + Rule is scoped to an object with additionalProperties + (i.e. a map) the value of the map\nare + accessible via `self[mapKey]`, map containment + can be checked via `mapKey in self` and + all entries of the map\nare accessible + via CEL macros and functions such as `self.all(...)`.\nIf + the Rule is scoped to an array, the elements + of the array are accessible via `self[i]` + and also by macros and\nfunctions.\nIf + the Rule is scoped to a scalar, `self` + is bound to the scalar value.\nExamples:\n- + Rule scoped to a map of objects: {\"rule\": + \"self.components['Widget'].priority < + 10\"}\n- Rule scoped to a list of integers: + {\"rule\": \"self.values.all(value, value + >= 0 && value < 100)\"}\n- Rule scoped + to a string value: {\"rule\": \"self.startsWith('kube')\"}\n\nUnknown + data preserved in custom resources via + x-kubernetes-preserve-unknown-fields is + not accessible in CEL\nexpressions. This + includes:\n- Unknown field values that + are preserved by object schemas with x-kubernetes-preserve-unknown-fields.\n- + Object properties where the property schema + is of an \"unknown type\". An \"unknown + type\" is recursively defined as:\n - + A schema with no type and x-kubernetes-preserve-unknown-fields + set to true\n - An array where the items + schema is of an \"unknown type\"\n - + An object where the additionalProperties + schema is of an \"unknown type\"\n\nOnly + property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` + are accessible.\nAccessible property names + are escaped according to the following + rules when accessed in the expression:\n- + '__' escapes to '__underscores__'\n- '.' + escapes to '__dot__'\n- '-' escapes to + '__dash__'\n- '/' escapes to '__slash__'\n- + Property names that exactly match a CEL + RESERVED keyword escape to '__{keyword}__'. + The keywords are:\n\t \"true\", \"false\", + \"null\", \"in\", \"as\", \"break\", \"const\", + \"continue\", \"else\", \"for\", \"function\", + \"if\",\n\t \"import\", \"let\", \"loop\", + \"package\", \"namespace\", \"return\".\nExamples:\n + \ - Rule accessing a property named \"namespace\": + {\"rule\": \"self.__namespace__ > 0\"}\n + \ - Rule accessing a property named \"x-prop\": + {\"rule\": \"self.x__dash__prop > 0\"}\n + \ - Rule accessing a property named \"redact__d\": + {\"rule\": \"self.redact__underscores__d + > 0\"}\n\nIf `rule` makes use of the `oldSelf` + variable it is implicitly a\n`transition + rule`.\n\nBy default, the `oldSelf` variable + is the same type as `self`.\n\nTransition + rules by default are applied only on UPDATE + requests and are\nskipped if an old value + could not be found." + maxLength: 4096 + minLength: 1 + type: string + required: + - rule + type: object + maxItems: 100 + type: array + x-kubernetes-list-map-keys: + - rule + x-kubernetes-list-type: map + x-metadata: + description: |- + x-metadata is the metadata of a variable or a nested field within a variable. + It can be used to add additional data for higher level tools. + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map that can be used to store and + retrieve arbitrary metadata. + They are not queryable. + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) variables. + type: object + type: object + type: object + required: + - openAPIV3Schema + type: object + required: + - from + - required + - schema + type: object + maxItems: 100 + type: array + definitionsConflict: + description: definitionsConflict specifies whether or not there + are conflicting definitions for a single variable name. + type: boolean + name: + description: name is the name of the variable. + maxLength: 256 + minLength: 1 + type: string + required: + - definitions + - name + type: object + maxItems: 1000 + type: array + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Reconciliation paused + jsonPath: .status.conditions[?(@.type=="Paused")].status + name: Paused + priority: 10 + type: string + - description: Variables ready + jsonPath: .status.conditions[?(@.type=="VariablesReady")].status + name: Variables Ready + type: string + - description: Time duration since creation of ClusterClass + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: |- + ClusterClass is a template which can be used to create managed topologies. + NOTE: This CRD can only be used if the ClusterTopology feature gate is enabled. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the desired state of ClusterClass. + properties: + availabilityGates: + description: |- + availabilityGates specifies additional conditions to include when evaluating Cluster Available condition. + + NOTE: If a Cluster is using this ClusterClass, and this Cluster defines a custom list of availabilityGates, + such list overrides availabilityGates defined in this field. + items: + description: ClusterAvailabilityGate contains the type of a Cluster + condition to be used as availability gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Cluster's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as availability gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this availabilityGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map + controlPlane: + description: |- + controlPlane is a reference to a local struct that holds the details + for provisioning the Control Plane for the Cluster. + properties: + deletion: + description: deletion contains configuration options for Machine + deletion. + minProperties: 1 + properties: + nodeDeletionTimeoutSeconds: + description: |- + nodeDeletionTimeoutSeconds defines how long the controller will attempt to delete the Node that the Machine + hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. + Defaults to 10 seconds. + NOTE: This value can be overridden while defining a Cluster.Topology. + format: int32 + minimum: 0 + type: integer + nodeDrainTimeoutSeconds: + description: |- + nodeDrainTimeoutSeconds is the total amount of time that the controller will spend on draining a node. + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: nodeDrainTimeoutSeconds is different from `kubectl drain --timeout` + NOTE: This value can be overridden while defining a Cluster.Topology. + format: int32 + minimum: 0 + type: integer + nodeVolumeDetachTimeoutSeconds: + description: |- + nodeVolumeDetachTimeoutSeconds is the total amount of time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + NOTE: This value can be overridden while defining a Cluster.Topology. + format: int32 + minimum: 0 + type: integer + type: object + healthCheck: + description: |- + healthCheck defines a MachineHealthCheck for this ControlPlaneClass. + This field is supported if and only if the ControlPlane provider template + referenced above is Machine based and supports setting replicas. + minProperties: 1 + properties: + checks: + description: |- + checks are the checks that are used to evaluate if a Machine is healthy. + + Independent of this configuration the MachineHealthCheck controller will always + flag Machines with `cluster.x-k8s.io/remediate-machine` annotation and + Machines with deleted Nodes as unhealthy. + + Furthermore, if checks.nodeStartupTimeoutSeconds is not set it + is defaulted to 10 minutes and evaluated accordingly. + minProperties: 1 + properties: + nodeStartupTimeoutSeconds: + description: |- + nodeStartupTimeoutSeconds allows to set the maximum time for MachineHealthCheck + to consider a Machine unhealthy if a corresponding Node isn't associated + through a `Spec.ProviderID` field. + + The duration set in this field is compared to the greatest of: + - Cluster's infrastructure ready condition timestamp (if and when available) + - Control Plane's initialized condition timestamp (if and when available) + - Machine's infrastructure ready condition timestamp (if and when available) + - Machine's metadata creation timestamp + + Defaults to 10 minutes. + If you wish to disable this feature, set the value explicitly to 0. + format: int32 + minimum: 0 + type: integer + unhealthyNodeConditions: + description: |- + unhealthyNodeConditions contains a list of conditions that determine + whether a node is considered unhealthy. The conditions are combined in a + logical OR, i.e. if any of the conditions is met, the node is unhealthy. + items: + description: |- + UnhealthyNodeCondition represents a Node condition type and value with a timeout + specified as a duration. When the named condition has been in the given + status for at least the timeout value, a node is considered unhealthy. + properties: + status: + description: status of the condition, one of True, + False, Unknown. + minLength: 1 + type: string + timeoutSeconds: + description: |- + timeoutSeconds is the duration that a node must be in a given status for, + after which the node is considered unhealthy. + For example, with a value of "1h", the node must match the status + for at least 1 hour before being considered unhealthy. + format: int32 + minimum: 0 + type: integer + type: + description: type of Node condition + minLength: 1 + type: string + required: + - status + - timeoutSeconds + - type + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + remediation: + description: |- + remediation configures if and how remediations are triggered if a Machine is unhealthy. + + If remediation or remediation.triggerIf is not set, + remediation will always be triggered for unhealthy Machines. + + If remediation or remediation.templateRef is not set, + the OwnerRemediated condition will be set on unhealthy Machines to trigger remediation via + the owner of the Machines, for example a MachineSet or a KubeadmControlPlane. + minProperties: 1 + properties: + templateRef: + description: |- + templateRef is a reference to a remediation template + provided by an infrastructure provider. + + This field is completely optional, when filled, the MachineHealthCheck controller + creates a new object from the template referenced and hands off remediation of the machine to + a controller that lives outside of Cluster API. + properties: + apiVersion: + description: |- + apiVersion of the remediation template. + apiVersion must be fully qualified domain name followed by / and a version. + NOTE: This field must be kept in sync with the APIVersion of the remediation template. + maxLength: 317 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[a-z]([-a-z0-9]*[a-z0-9])?$ + type: string + kind: + description: |- + kind of the remediation template. + kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: |- + name of the remediation template. + name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - apiVersion + - kind + - name + type: object + triggerIf: + description: |- + triggerIf configures if remediations are triggered. + If this field is not set, remediations are always triggered. + minProperties: 1 + properties: + unhealthyInRange: + description: |- + unhealthyInRange specifies that remediations are only triggered if the number of + unhealthy Machines is in the configured range. + Takes precedence over unhealthyLessThanOrEqualTo. + Eg. "[3-5]" - This means that remediation will be allowed only when: + (a) there are at least 3 unhealthy Machines (and) + (b) there are at most 5 unhealthy Machines + maxLength: 32 + minLength: 1 + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + unhealthyLessThanOrEqualTo: + anyOf: + - type: integer + - type: string + description: |- + unhealthyLessThanOrEqualTo specifies that remediations are only triggered if the number of + unhealthy Machines is less than or equal to the configured value. + unhealthyInRange takes precedence if set. + x-kubernetes-int-or-string: true + type: object + type: object + type: object + machineInfrastructure: + description: |- + machineInfrastructure defines the metadata and infrastructure information + for control plane machines. + + This field is supported if and only if the control plane provider template + referenced above is Machine based and supports setting replicas. + properties: + templateRef: + description: templateRef is a required reference to the template + for a MachineInfrastructure of a ControlPlane. + properties: + apiVersion: + description: |- + apiVersion of the template. + apiVersion must be fully qualified domain name followed by / and a version. + maxLength: 317 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[a-z]([-a-z0-9]*[a-z0-9])?$ + type: string + kind: + description: |- + kind of the template. + kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: |- + name of the template. + name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - apiVersion + - kind + - name + type: object + required: + - templateRef + type: object + metadata: + description: |- + metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane + if the ControlPlaneTemplate referenced is machine based. If not, it is applied only to the + ControlPlane. + At runtime this metadata is merged with the corresponding metadata from the topology. + + This field is supported if and only if the control plane provider template + referenced is Machine based. + minProperties: 1 + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + naming: + description: naming allows changing the naming pattern used when + creating the control plane provider object. + minProperties: 1 + properties: + template: + description: |- + template defines the template to use for generating the name of the ControlPlane object. + If not defined, it will fallback to `{{ .cluster.name }}-{{ .random }}`. + If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will + get concatenated with a random suffix of length 5. + The templating mechanism provides the following arguments: + * `.cluster.name`: The name of the cluster object. + * `.random`: A random alphanumeric string, without vowels, of length 5. + maxLength: 1024 + minLength: 1 + type: string + type: object + readinessGates: + description: |- + readinessGates specifies additional conditions to include when evaluating Machine Ready condition. + + This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready + computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine. + + NOTE: If a Cluster defines a custom list of readinessGates for the control plane, + such list overrides readinessGates defined in this field. + NOTE: Specific control plane provider implementations might automatically extend the list of readinessGates; + e.g. the kubeadm control provider adds ReadinessGates for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc. + items: + description: MachineReadinessGate contains the type of a Machine + condition to be used as a readiness gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Machine's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this readinessGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map + templateRef: + description: templateRef contains the reference to a provider-specific + control plane template. + properties: + apiVersion: + description: |- + apiVersion of the template. + apiVersion must be fully qualified domain name followed by / and a version. + maxLength: 317 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[a-z]([-a-z0-9]*[a-z0-9])?$ + type: string + kind: + description: |- + kind of the template. + kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: |- + name of the template. + name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - apiVersion + - kind + - name + type: object + required: + - templateRef + type: object + infrastructure: + description: |- + infrastructure is a reference to a local struct that holds the details + for provisioning the infrastructure cluster for the Cluster. + properties: + naming: + description: naming allows changing the naming pattern used when + creating the infrastructure cluster object. + minProperties: 1 + properties: + template: + description: |- + template defines the template to use for generating the name of the Infrastructure object. + If not defined, it will fallback to `{{ .cluster.name }}-{{ .random }}`. + If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will + get concatenated with a random suffix of length 5. + The templating mechanism provides the following arguments: + * `.cluster.name`: The name of the cluster object. + * `.random`: A random alphanumeric string, without vowels, of length 5. + maxLength: 1024 + minLength: 1 + type: string + type: object + templateRef: + description: templateRef contains the reference to a provider-specific + infrastructure cluster template. + properties: + apiVersion: + description: |- + apiVersion of the template. + apiVersion must be fully qualified domain name followed by / and a version. + maxLength: 317 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[a-z]([-a-z0-9]*[a-z0-9])?$ + type: string + kind: + description: |- + kind of the template. + kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: |- + name of the template. + name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - apiVersion + - kind + - name + type: object + required: + - templateRef + type: object + patches: + description: |- + patches defines the patches which are applied to customize + referenced templates of a ClusterClass. + Note: Patches will be applied in the order of the array. + items: + description: ClusterClassPatch defines a patch which is applied + to customize the referenced templates. + properties: + definitions: + description: |- + definitions define inline patches. + Note: Patches will be applied in the order of the array. + Note: Exactly one of Definitions or External must be set. + items: + description: PatchDefinition defines a patch which is applied + to customize the referenced templates. + properties: + jsonPatches: + description: |- + jsonPatches defines the patches which should be applied on the templates + matching the selector. + Note: Patches will be applied in the order of the array. + items: + description: JSONPatch defines a JSON patch. + properties: + op: + description: |- + op defines the operation of the patch. + Note: Only `add`, `replace` and `remove` are supported. + enum: + - add + - replace + - remove + type: string + path: + description: |- + path defines the path of the patch. + Note: Only the spec of a template can be patched, thus the path has to start with /spec/. + Note: For now the only allowed array modifications are `append` and `prepend`, i.e.: + * for op: `add`: only index 0 (prepend) and - (append) are allowed + * for op: `replace` or `remove`: no indexes are allowed + maxLength: 512 + minLength: 1 + type: string + value: + description: |- + value defines the value of the patch. + Note: Either Value or ValueFrom is required for add and replace + operations. Only one of them is allowed to be set at the same time. + Note: We have to use apiextensionsv1.JSON instead of our JSON type, + because controller-tools has a hard-coded schema for apiextensionsv1.JSON + which cannot be produced by another type (unset type field). + Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 + x-kubernetes-preserve-unknown-fields: true + valueFrom: + description: |- + valueFrom defines the value of the patch. + Note: Either Value or ValueFrom is required for add and replace + operations. Only one of them is allowed to be set at the same time. + properties: + template: + description: |- + template is the Go template to be used to calculate the value. + A template can reference variables defined in .spec.variables and builtin variables. + Note: The template must evaluate to a valid YAML or JSON value. + maxLength: 10240 + minLength: 1 + type: string + variable: + description: |- + variable is the variable to be used as value. + Variable can be one of the variables defined in .spec.variables or a builtin variable. + maxLength: 256 + minLength: 1 + type: string + type: object + required: + - op + - path + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + selector: + description: selector defines on which templates the patch + should be applied. + properties: + apiVersion: + description: |- + apiVersion filters templates by apiVersion. + apiVersion must be fully qualified domain name followed by / and a version. + maxLength: 317 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[a-z]([-a-z0-9]*[a-z0-9])?$ + type: string + kind: + description: |- + kind filters templates by kind. + kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + matchResources: + description: matchResources selects templates based + on where they are referenced. + minProperties: 1 + properties: + controlPlane: + description: |- + controlPlane selects templates referenced in .spec.ControlPlane. + Note: this will match the controlPlane and also the controlPlane + machineInfrastructure (depending on the kind and apiVersion). + type: boolean + infrastructureCluster: + description: infrastructureCluster selects templates + referenced in .spec.infrastructure. + type: boolean + machineDeploymentClass: + description: |- + machineDeploymentClass selects templates referenced in specific MachineDeploymentClasses in + .spec.workers.machineDeployments. + properties: + names: + description: names selects templates by class + names. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + type: array + x-kubernetes-list-type: atomic + type: object + machinePoolClass: + description: |- + machinePoolClass selects templates referenced in specific MachinePoolClasses in + .spec.workers.machinePools. + properties: + names: + description: names selects templates by class + names. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + type: array + x-kubernetes-list-type: atomic + type: object + type: object + required: + - apiVersion + - kind + - matchResources + type: object + required: + - jsonPatches + - selector + type: object + maxItems: 100 + type: array + x-kubernetes-list-type: atomic + description: + description: description is a human-readable description of + this patch. + maxLength: 1024 + minLength: 1 + type: string + enabledIf: + description: |- + enabledIf is a Go template to be used to calculate if a patch should be enabled. + It can reference variables defined in .spec.variables and builtin variables. + The patch will be enabled if the template evaluates to `true`, otherwise it will + be disabled. + If EnabledIf is not set, the patch will be enabled per default. + maxLength: 256 + minLength: 1 + type: string + external: + description: |- + external defines an external patch. + Note: Exactly one of Definitions or External must be set. + properties: + discoverVariablesExtension: + description: discoverVariablesExtension references an extension + which is called to discover variables. + maxLength: 512 + minLength: 1 + type: string + generatePatchesExtension: + description: generatePatchesExtension references an extension + which is called to generate patches. + maxLength: 512 + minLength: 1 + type: string + settings: + additionalProperties: + type: string + description: |- + settings defines key value pairs to be passed to the extensions. + Values defined here take precedence over the values defined in the + corresponding ExtensionConfig. + type: object + validateTopologyExtension: + description: validateTopologyExtension references an extension + which is called to validate the topology. + maxLength: 512 + minLength: 1 + type: string + type: object + name: + description: name of the patch. + maxLength: 256 + minLength: 1 + type: string + required: + - name + type: object + maxItems: 1000 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + variables: + description: |- + variables defines the variables which can be configured + in the Cluster topology and are then used in patches. + items: + description: |- + ClusterClassVariable defines a variable which can + be configured in the Cluster topology and used in patches. + properties: + deprecatedV1Beta1Metadata: + description: |- + deprecatedV1Beta1Metadata is the metadata of a variable. + It can be used to add additional data for higher level tools to + a ClusterClassVariable. + + Deprecated: This field is deprecated and will be removed when support for v1beta1 will be dropped. Please use XMetadata in JSONSchemaProps instead. + minProperties: 1 + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map that can be used to store and + retrieve arbitrary metadata. + They are not queryable. + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) variables. + type: object + type: object + name: + description: name of the variable. + maxLength: 256 + minLength: 1 + type: string + required: + description: |- + required specifies if the variable is required. + Note: this applies to the variable as a whole and thus the + top-level object defined in the schema. If nested fields are + required, this will be specified inside the schema. + type: boolean + schema: + description: schema defines the schema of the variable. + properties: + openAPIV3Schema: + description: |- + openAPIV3Schema defines the schema of a variable via OpenAPI v3 + schema. The schema is a subset of the schema used in + Kubernetes CRDs. + minProperties: 1 + properties: + additionalProperties: + description: |- + additionalProperties specifies the schema of values in a map (keys are always strings). + NOTE: Can only be set if type is object. + NOTE: AdditionalProperties is mutually exclusive with Properties. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + allOf: + description: |- + allOf specifies that the variable must validate against all of the subschemas in the array. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + anyOf: + description: |- + anyOf specifies that the variable must validate against one or more of the subschemas in the array. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + default: + description: |- + default is the default value of the variable. + NOTE: Can be set for all types. + x-kubernetes-preserve-unknown-fields: true + description: + description: description is a human-readable description + of this variable. + maxLength: 4096 + minLength: 1 + type: string + enum: + description: |- + enum is the list of valid values of the variable. + NOTE: Can be set for all types. + items: + x-kubernetes-preserve-unknown-fields: true + maxItems: 100 + type: array + x-kubernetes-list-type: atomic + example: + description: example is an example for this variable. + x-kubernetes-preserve-unknown-fields: true + exclusiveMaximum: + description: |- + exclusiveMaximum specifies if the Maximum is exclusive. + NOTE: Can only be set if type is integer or number. + type: boolean + exclusiveMinimum: + description: |- + exclusiveMinimum specifies if the Minimum is exclusive. + NOTE: Can only be set if type is integer or number. + type: boolean + format: + description: |- + format is an OpenAPI v3 format string. Unknown formats are ignored. + For a list of supported formats please see: (of the k8s.io/apiextensions-apiserver version we're currently using) + https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go + NOTE: Can only be set if type is string. + maxLength: 32 + minLength: 1 + type: string + items: + description: |- + items specifies fields of an array. + NOTE: Can only be set if type is array. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + maxItems: + description: |- + maxItems is the max length of an array variable. + NOTE: Can only be set if type is array. + format: int64 + type: integer + maxLength: + description: |- + maxLength is the max length of a string variable. + NOTE: Can only be set if type is string. + format: int64 + type: integer + maxProperties: + description: |- + maxProperties is the maximum amount of entries in a map or properties in an object. + NOTE: Can only be set if type is object. + format: int64 + type: integer + maximum: + description: |- + maximum is the maximum of an integer or number variable. + If ExclusiveMaximum is false, the variable is valid if it is lower than, or equal to, the value of Maximum. + If ExclusiveMaximum is true, the variable is valid if it is strictly lower than the value of Maximum. + NOTE: Can only be set if type is integer or number. + format: int64 + type: integer + minItems: + description: |- + minItems is the min length of an array variable. + NOTE: Can only be set if type is array. + format: int64 + type: integer + minLength: + description: |- + minLength is the min length of a string variable. + NOTE: Can only be set if type is string. + format: int64 + type: integer + minProperties: + description: |- + minProperties is the minimum amount of entries in a map or properties in an object. + NOTE: Can only be set if type is object. + format: int64 + type: integer + minimum: + description: |- + minimum is the minimum of an integer or number variable. + If ExclusiveMinimum is false, the variable is valid if it is greater than, or equal to, the value of Minimum. + If ExclusiveMinimum is true, the variable is valid if it is strictly greater than the value of Minimum. + NOTE: Can only be set if type is integer or number. + format: int64 + type: integer + not: + description: |- + not specifies that the variable must not validate against the subschema. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + oneOf: + description: |- + oneOf specifies that the variable must validate against exactly one of the subschemas in the array. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + pattern: + description: |- + pattern is the regex which a string variable must match. + NOTE: Can only be set if type is string. + maxLength: 512 + minLength: 1 + type: string + properties: + description: |- + properties specifies fields of an object. + NOTE: Can only be set if type is object. + NOTE: Properties is mutually exclusive with AdditionalProperties. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + required: + description: |- + required specifies which fields of an object are required. + NOTE: Can only be set if type is object. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 1000 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: + description: |- + type is the type of the variable. + Valid values are: object, array, string, integer, number or boolean. + enum: + - object + - array + - string + - integer + - number + - boolean + type: string + uniqueItems: + description: |- + uniqueItems specifies if items in an array must be unique. + NOTE: Can only be set if type is array. + type: boolean + x-kubernetes-int-or-string: + description: |- + x-kubernetes-int-or-string specifies that this value is + either an integer or a string. If this is true, an empty + type is allowed and type as child of anyOf is permitted + if following one of the following patterns: + + 1) anyOf: + - type: integer + - type: string + 2) allOf: + - anyOf: + - type: integer + - type: string + - ... zero or more + type: boolean + x-kubernetes-preserve-unknown-fields: + description: |- + x-kubernetes-preserve-unknown-fields allows setting fields in a variable object + which are not defined in the variable schema. This affects fields recursively, + except if nested properties or additionalProperties are specified in the schema. + type: boolean + x-kubernetes-validations: + description: x-kubernetes-validations describes a list + of validation rules written in the CEL expression + language. + items: + description: ValidationRule describes a validation + rule written in the CEL expression language. + properties: + fieldPath: + description: |- + fieldPath represents the field path returned when the validation fails. + It must be a relative JSON path (i.e. with array notation) scoped to the location of this x-kubernetes-validations extension in the schema and refer to an existing field. + e.g. when validation checks if a specific attribute `foo` under a map `testMap`, the fieldPath could be set to `.testMap.foo` + If the validation checks two lists must have unique attributes, the fieldPath could be set to either of the list: e.g. `.testList` + It does not support list numeric index. + It supports child operation to refer to an existing field currently. Refer to [JSONPath support in Kubernetes](https://kubernetes.io/docs/reference/kubectl/jsonpath/) for more info. + Numeric index of array is not supported. + For field name which contains special characters, use `['specialName']` to refer the field name. + e.g. for attribute `foo.34$` appears in a list `testList`, the fieldPath could be set to `.testList['foo.34$']` + maxLength: 512 + minLength: 1 + type: string + message: + description: |- + message represents the message displayed when validation fails. The message is required if the Rule contains + line breaks. The message must not contain line breaks. + If unset, the message is "failed rule: {Rule}". + e.g. "must be a URL with the host matching spec.host" + maxLength: 512 + minLength: 1 + type: string + messageExpression: + description: |- + messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. + Since messageExpression is used as a failure message, it must evaluate to a string. + If both message and messageExpression are present on a rule, then messageExpression will be used if validation + fails. If messageExpression results in a runtime error, the validation failure message is produced + as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string + that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset. + messageExpression has access to all the same variables as the rule; the only difference is the return type. + Example: + "x must be less than max ("+string(self.max)+")" + maxLength: 1024 + minLength: 1 + type: string + reason: + default: FieldValueInvalid + description: |- + reason provides a machine-readable validation failure reason that is returned to the caller when a request fails this validation rule. + The currently supported reasons are: "FieldValueInvalid", "FieldValueForbidden", "FieldValueRequired", "FieldValueDuplicate". + If not set, default to use "FieldValueInvalid". + All future added reasons must be accepted by clients when reading this value and unknown reasons should be treated as FieldValueInvalid. + enum: + - FieldValueInvalid + - FieldValueForbidden + - FieldValueRequired + - FieldValueDuplicate + type: string + rule: + description: "rule represents the expression which + will be evaluated by CEL.\nref: https://github.com/google/cel-spec\nThe + Rule is scoped to the location of the x-kubernetes-validations + extension in the schema.\nThe `self` variable + in the CEL expression is bound to the scoped + value.\nIf the Rule is scoped to an object with + properties, the accessible properties of the + object are field selectable\nvia `self.field` + and field presence can be checked via `has(self.field)`.\nIf + the Rule is scoped to an object with additionalProperties + (i.e. a map) the value of the map\nare accessible + via `self[mapKey]`, map containment can be checked + via `mapKey in self` and all entries of the + map\nare accessible via CEL macros and functions + such as `self.all(...)`.\nIf the Rule is scoped + to an array, the elements of the array are accessible + via `self[i]` and also by macros and\nfunctions.\nIf + the Rule is scoped to a scalar, `self` is bound + to the scalar value.\nExamples:\n- Rule scoped + to a map of objects: {\"rule\": \"self.components['Widget'].priority + < 10\"}\n- Rule scoped to a list of integers: + {\"rule\": \"self.values.all(value, value >= + 0 && value < 100)\"}\n- Rule scoped to a string + value: {\"rule\": \"self.startsWith('kube')\"}\n\nUnknown + data preserved in custom resources via x-kubernetes-preserve-unknown-fields + is not accessible in CEL\nexpressions. This + includes:\n- Unknown field values that are preserved + by object schemas with x-kubernetes-preserve-unknown-fields.\n- + Object properties where the property schema + is of an \"unknown type\". An \"unknown type\" + is recursively defined as:\n - A schema with + no type and x-kubernetes-preserve-unknown-fields + set to true\n - An array where the items schema + is of an \"unknown type\"\n - An object where + the additionalProperties schema is of an \"unknown + type\"\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` + are accessible.\nAccessible property names are + escaped according to the following rules when + accessed in the expression:\n- '__' escapes + to '__underscores__'\n- '.' escapes to '__dot__'\n- + '-' escapes to '__dash__'\n- '/' escapes to + '__slash__'\n- Property names that exactly match + a CEL RESERVED keyword escape to '__{keyword}__'. + The keywords are:\n\t \"true\", \"false\", + \"null\", \"in\", \"as\", \"break\", \"const\", + \"continue\", \"else\", \"for\", \"function\", + \"if\",\n\t \"import\", \"let\", \"loop\", + \"package\", \"namespace\", \"return\".\nExamples:\n + \ - Rule accessing a property named \"namespace\": + {\"rule\": \"self.__namespace__ > 0\"}\n - + Rule accessing a property named \"x-prop\": + {\"rule\": \"self.x__dash__prop > 0\"}\n - + Rule accessing a property named \"redact__d\": + {\"rule\": \"self.redact__underscores__d > 0\"}\n\nIf + `rule` makes use of the `oldSelf` variable it + is implicitly a\n`transition rule`.\n\nBy default, + the `oldSelf` variable is the same type as `self`.\n\nTransition + rules by default are applied only on UPDATE + requests and are\nskipped if an old value could + not be found." + maxLength: 4096 + minLength: 1 + type: string + required: + - rule + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - rule + x-kubernetes-list-type: map + x-metadata: + description: |- + x-metadata is the metadata of a variable or a nested field within a variable. + It can be used to add additional data for higher level tools. + minProperties: 1 + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map that can be used to store and + retrieve arbitrary metadata. + They are not queryable. + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) variables. + type: object + type: object + type: object + required: + - openAPIV3Schema + type: object + required: + - name + - required + - schema + type: object + maxItems: 1000 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + workers: + description: |- + workers describes the worker nodes for the cluster. + It is a collection of node types which can be used to create + the worker nodes of the cluster. + minProperties: 1 + properties: + machineDeployments: + description: |- + machineDeployments is a list of machine deployment classes that can be used to create + a set of worker nodes. + items: + description: |- + MachineDeploymentClass serves as a template to define a set of worker nodes of the cluster + provisioned using the `ClusterClass`. + properties: + bootstrap: + description: |- + bootstrap contains the bootstrap template reference to be used + for the creation of worker Machines. + properties: + templateRef: + description: templateRef is a required reference to + the BootstrapTemplate for a MachineDeployment. + properties: + apiVersion: + description: |- + apiVersion of the template. + apiVersion must be fully qualified domain name followed by / and a version. + maxLength: 317 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[a-z]([-a-z0-9]*[a-z0-9])?$ + type: string + kind: + description: |- + kind of the template. + kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: |- + name of the template. + name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - apiVersion + - kind + - name + type: object + required: + - templateRef + type: object + class: + description: |- + class denotes a type of worker node present in the cluster, + this name MUST be unique within a ClusterClass and can be referenced + in the Cluster to create a managed MachineDeployment. + maxLength: 256 + minLength: 1 + type: string + deletion: + description: deletion contains configuration options for + Machine deletion. + minProperties: 1 + properties: + nodeDeletionTimeoutSeconds: + description: |- + nodeDeletionTimeoutSeconds defines how long the controller will attempt to delete the Node that the Machine + hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. + Defaults to 10 seconds. + NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. + format: int32 + minimum: 0 + type: integer + nodeDrainTimeoutSeconds: + description: |- + nodeDrainTimeoutSeconds is the total amount of time that the controller will spend on draining a node. + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: nodeDrainTimeoutSeconds is different from `kubectl drain --timeout` + NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. + format: int32 + minimum: 0 + type: integer + nodeVolumeDetachTimeoutSeconds: + description: |- + nodeVolumeDetachTimeoutSeconds is the total amount of time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. + format: int32 + minimum: 0 + type: integer + order: + description: |- + order defines the order in which Machines are deleted when downscaling. + Defaults to "Random". Valid values are "Random, "Newest", "Oldest" + enum: + - Random + - Newest + - Oldest + type: string + type: object + failureDomain: + description: |- + failureDomain is the failure domain the machines will be created in. + Must match the name of a FailureDomain from the Cluster status. + NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. + maxLength: 256 + minLength: 1 + type: string + healthCheck: + description: healthCheck defines a MachineHealthCheck for + this MachineDeploymentClass. + minProperties: 1 + properties: + checks: + description: |- + checks are the checks that are used to evaluate if a Machine is healthy. + + Independent of this configuration the MachineHealthCheck controller will always + flag Machines with `cluster.x-k8s.io/remediate-machine` annotation and + Machines with deleted Nodes as unhealthy. + + Furthermore, if checks.nodeStartupTimeoutSeconds is not set it + is defaulted to 10 minutes and evaluated accordingly. + minProperties: 1 + properties: + nodeStartupTimeoutSeconds: + description: |- + nodeStartupTimeoutSeconds allows to set the maximum time for MachineHealthCheck + to consider a Machine unhealthy if a corresponding Node isn't associated + through a `Spec.ProviderID` field. + + The duration set in this field is compared to the greatest of: + - Cluster's infrastructure ready condition timestamp (if and when available) + - Control Plane's initialized condition timestamp (if and when available) + - Machine's infrastructure ready condition timestamp (if and when available) + - Machine's metadata creation timestamp + + Defaults to 10 minutes. + If you wish to disable this feature, set the value explicitly to 0. + format: int32 + minimum: 0 + type: integer + unhealthyNodeConditions: + description: |- + unhealthyNodeConditions contains a list of conditions that determine + whether a node is considered unhealthy. The conditions are combined in a + logical OR, i.e. if any of the conditions is met, the node is unhealthy. + items: + description: |- + UnhealthyNodeCondition represents a Node condition type and value with a timeout + specified as a duration. When the named condition has been in the given + status for at least the timeout value, a node is considered unhealthy. + properties: + status: + description: status of the condition, one + of True, False, Unknown. + minLength: 1 + type: string + timeoutSeconds: + description: |- + timeoutSeconds is the duration that a node must be in a given status for, + after which the node is considered unhealthy. + For example, with a value of "1h", the node must match the status + for at least 1 hour before being considered unhealthy. + format: int32 + minimum: 0 + type: integer + type: + description: type of Node condition + minLength: 1 + type: string + required: + - status + - timeoutSeconds + - type + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + remediation: + description: |- + remediation configures if and how remediations are triggered if a Machine is unhealthy. + + If remediation or remediation.triggerIf is not set, + remediation will always be triggered for unhealthy Machines. + + If remediation or remediation.templateRef is not set, + the OwnerRemediated condition will be set on unhealthy Machines to trigger remediation via + the owner of the Machines, for example a MachineSet or a KubeadmControlPlane. + minProperties: 1 + properties: + maxInFlight: + anyOf: + - type: integer + - type: string + description: |- + maxInFlight determines how many in flight remediations should happen at the same time. + + Remediation only happens on the MachineSet with the most current revision, while + older MachineSets (usually present during rollout operations) aren't allowed to remediate. + + Note: In general (independent of remediations), unhealthy machines are always + prioritized during scale down operations over healthy ones. + + MaxInFlight can be set to a fixed number or a percentage. + Example: when this is set to 20%, the MachineSet controller deletes at most 20% of + the desired replicas. + + If not set, remediation is limited to all machines (bounded by replicas) + under the active MachineSet's management. + x-kubernetes-int-or-string: true + templateRef: + description: |- + templateRef is a reference to a remediation template + provided by an infrastructure provider. + + This field is completely optional, when filled, the MachineHealthCheck controller + creates a new object from the template referenced and hands off remediation of the machine to + a controller that lives outside of Cluster API. + properties: + apiVersion: + description: |- + apiVersion of the remediation template. + apiVersion must be fully qualified domain name followed by / and a version. + NOTE: This field must be kept in sync with the APIVersion of the remediation template. + maxLength: 317 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[a-z]([-a-z0-9]*[a-z0-9])?$ + type: string + kind: + description: |- + kind of the remediation template. + kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: |- + name of the remediation template. + name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - apiVersion + - kind + - name + type: object + triggerIf: + description: |- + triggerIf configures if remediations are triggered. + If this field is not set, remediations are always triggered. + minProperties: 1 + properties: + unhealthyInRange: + description: |- + unhealthyInRange specifies that remediations are only triggered if the number of + unhealthy Machines is in the configured range. + Takes precedence over unhealthyLessThanOrEqualTo. + Eg. "[3-5]" - This means that remediation will be allowed only when: + (a) there are at least 3 unhealthy Machines (and) + (b) there are at most 5 unhealthy Machines + maxLength: 32 + minLength: 1 + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + unhealthyLessThanOrEqualTo: + anyOf: + - type: integer + - type: string + description: |- + unhealthyLessThanOrEqualTo specifies that remediations are only triggered if the number of + unhealthy Machines is less than or equal to the configured value. + unhealthyInRange takes precedence if set. + x-kubernetes-int-or-string: true + type: object + type: object + type: object + infrastructure: + description: |- + infrastructure contains the infrastructure template reference to be used + for the creation of worker Machines. + properties: + templateRef: + description: templateRef is a required reference to + the InfrastructureTemplate for a MachineDeployment. + properties: + apiVersion: + description: |- + apiVersion of the template. + apiVersion must be fully qualified domain name followed by / and a version. + maxLength: 317 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[a-z]([-a-z0-9]*[a-z0-9])?$ + type: string + kind: + description: |- + kind of the template. + kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: |- + name of the template. + name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - apiVersion + - kind + - name + type: object + required: + - templateRef + type: object + metadata: + description: |- + metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment. + At runtime this metadata is merged with the corresponding metadata from the topology. + minProperties: 1 + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + minReadySeconds: + description: |- + minReadySeconds is the minimum number of seconds for which a newly created machine should + be ready. + Defaults to 0 (machine will be considered available as soon as it + is ready) + NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. + format: int32 + minimum: 0 + type: integer + naming: + description: naming allows changing the naming pattern used + when creating the MachineDeployment. + minProperties: 1 + properties: + template: + description: |- + template defines the template to use for generating the name of the MachineDeployment object. + If not defined, it will fallback to `{{ .cluster.name }}-{{ .machineDeployment.topologyName }}-{{ .random }}`. + If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will + get concatenated with a random suffix of length 5. + The templating mechanism provides the following arguments: + * `.cluster.name`: The name of the cluster object. + * `.random`: A random alphanumeric string, without vowels, of length 5. + * `.machineDeployment.topologyName`: The name of the MachineDeployment topology (Cluster.spec.topology.workers.machineDeployments[].name). + maxLength: 1024 + minLength: 1 + type: string + type: object + readinessGates: + description: |- + readinessGates specifies additional conditions to include when evaluating Machine Ready condition. + + This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready + computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine. + + NOTE: If a Cluster defines a custom list of readinessGates for a MachineDeployment using this MachineDeploymentClass, + such list overrides readinessGates defined in this field. + items: + description: MachineReadinessGate contains the type of + a Machine condition to be used as a readiness gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Machine's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this readinessGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map + rollout: + description: |- + rollout allows you to configure the behaviour of rolling updates to the MachineDeployment Machines. + It allows you to define the strategy used during rolling replacements. + minProperties: 1 + properties: + strategy: + description: strategy specifies how to roll out control + plane Machines. + minProperties: 1 + properties: + rollingUpdate: + description: |- + rollingUpdate is the rolling update config params. Present only if + type = RollingUpdate. + minProperties: 1 + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + maxSurge is the maximum number of machines that can be scheduled above the + desired number of machines. + Value can be an absolute number (ex: 5) or a percentage of + desired machines (ex: 10%). + This can not be 0 if MaxUnavailable is 0. + Absolute number is calculated from percentage by rounding up. + Defaults to 1. + Example: when this is set to 30%, the new MachineSet can be scaled + up immediately when the rolling update starts, such that the total + number of old and new machines do not exceed 130% of desired + machines. Once old machines have been killed, new MachineSet can + be scaled up further, ensuring that total number of machines running + at any time during the update is at most 130% of desired machines. + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + maxUnavailable is the maximum number of machines that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of desired + machines (ex: 10%). + Absolute number is calculated from percentage by rounding down. + This can not be 0 if MaxSurge is 0. + Defaults to 0. + Example: when this is set to 30%, the old MachineSet can be scaled + down to 70% of desired machines immediately when the rolling update + starts. Once new machines are ready, old MachineSet can be scaled + down further, followed by scaling up the new MachineSet, ensuring + that the total number of machines available at all times + during the update is at least 70% of desired machines. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + type of rollout. Allowed values are RollingUpdate and OnDelete. + Default is RollingUpdate. + enum: + - RollingUpdate + - OnDelete + type: string + required: + - type + type: object + type: object + required: + - bootstrap + - class + - infrastructure + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - class + x-kubernetes-list-type: map + machinePools: + description: |- + machinePools is a list of machine pool classes that can be used to create + a set of worker nodes. + items: + description: |- + MachinePoolClass serves as a template to define a pool of worker nodes of the cluster + provisioned using `ClusterClass`. + properties: + bootstrap: + description: |- + bootstrap contains the bootstrap template reference to be used + for the creation of the Machines in the MachinePool. + properties: + templateRef: + description: templateRef is a required reference to + the BootstrapTemplate for a MachinePool. + properties: + apiVersion: + description: |- + apiVersion of the template. + apiVersion must be fully qualified domain name followed by / and a version. + maxLength: 317 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[a-z]([-a-z0-9]*[a-z0-9])?$ + type: string + kind: + description: |- + kind of the template. + kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: |- + name of the template. + name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - apiVersion + - kind + - name + type: object + required: + - templateRef + type: object + class: + description: |- + class denotes a type of machine pool present in the cluster, + this name MUST be unique within a ClusterClass and can be referenced + in the Cluster to create a managed MachinePool. + maxLength: 256 + minLength: 1 + type: string + deletion: + description: deletion contains configuration options for + Machine deletion. + minProperties: 1 + properties: + nodeDeletionTimeoutSeconds: + description: |- + nodeDeletionTimeoutSeconds defines how long the controller will attempt to delete the Node that the Machine + hosts after the Machine Pool is marked for deletion. A duration of 0 will retry deletion indefinitely. + Defaults to 10 seconds. + NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. + format: int32 + minimum: 0 + type: integer + nodeDrainTimeoutSeconds: + description: |- + nodeDrainTimeoutSeconds is the total amount of time that the controller will spend on draining a node. + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: nodeDrainTimeoutSeconds is different from `kubectl drain --timeout` + NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. + format: int32 + minimum: 0 + type: integer + nodeVolumeDetachTimeoutSeconds: + description: |- + nodeVolumeDetachTimeoutSeconds is the total amount of time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. + format: int32 + minimum: 0 + type: integer + type: object + failureDomains: + description: |- + failureDomains is the list of failure domains the MachinePool should be attached to. + Must match a key in the FailureDomains map stored on the cluster object. + NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + type: array + x-kubernetes-list-type: atomic + infrastructure: + description: |- + infrastructure contains the infrastructure template reference to be used + for the creation of the MachinePool. + properties: + templateRef: + description: templateRef is a required reference to + the InfrastructureTemplate for a MachinePool. + properties: + apiVersion: + description: |- + apiVersion of the template. + apiVersion must be fully qualified domain name followed by / and a version. + maxLength: 317 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[a-z]([-a-z0-9]*[a-z0-9])?$ + type: string + kind: + description: |- + kind of the template. + kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: |- + name of the template. + name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - apiVersion + - kind + - name + type: object + required: + - templateRef + type: object + metadata: + description: |- + metadata is the metadata applied to the MachinePool. + At runtime this metadata is merged with the corresponding metadata from the topology. + minProperties: 1 + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + minReadySeconds: + description: |- + minReadySeconds is the minimum number of seconds for which a newly created machine pool should + be ready. + Defaults to 0 (machine will be considered available as soon as it + is ready) + NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. + format: int32 + minimum: 0 + type: integer + naming: + description: naming allows changing the naming pattern used + when creating the MachinePool. + minProperties: 1 + properties: + template: + description: |- + template defines the template to use for generating the name of the MachinePool object. + If not defined, it will fallback to `{{ .cluster.name }}-{{ .machinePool.topologyName }}-{{ .random }}`. + If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will + get concatenated with a random suffix of length 5. + The templating mechanism provides the following arguments: + * `.cluster.name`: The name of the cluster object. + * `.random`: A random alphanumeric string, without vowels, of length 5. + * `.machinePool.topologyName`: The name of the MachinePool topology (Cluster.spec.topology.workers.machinePools[].name). + maxLength: 1024 + minLength: 1 + type: string + type: object + required: + - bootstrap + - class + - infrastructure + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - class + x-kubernetes-list-type: map + type: object + required: + - controlPlane + - infrastructure + type: object + status: + description: status is the observed state of ClusterClass. + minProperties: 1 + properties: + conditions: + description: |- + conditions represents the observations of a ClusterClass's current state. + Known condition types are VariablesReady, RefVersionsUpToDate, Paused. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + deprecated: + description: deprecated groups all the status fields that are deprecated + and will be removed when all the nested field are removed. + properties: + v1beta1: + description: v1beta1 groups all the status fields that are deprecated + and will be removed when support for v1beta1 will be dropped. + properties: + conditions: + description: |- + conditions defines current observed state of the ClusterClass. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + items: + description: Condition defines an observation of a Cluster + API resource operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, + Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + type: object + type: object + observedGeneration: + description: observedGeneration is the latest generation observed + by the controller. + format: int64 + minimum: 1 + type: integer + variables: + description: variables is a list of ClusterClassStatusVariable that + are defined for the ClusterClass. + items: + description: ClusterClassStatusVariable defines a variable which + appears in the status of a ClusterClass. + properties: + definitions: + description: definitions is a list of definitions for a variable. + items: + description: ClusterClassStatusVariableDefinition defines + a variable which appears in the status of a ClusterClass. + properties: + deprecatedV1Beta1Metadata: + description: |- + deprecatedV1Beta1Metadata is the metadata of a variable. + It can be used to add additional data for higher level tools to + a ClusterClassVariable. + + Deprecated: This field is deprecated and will be removed when support for v1beta1 will be dropped. Please use XMetadata in JSONSchemaProps instead. + minProperties: 1 + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map that can be used to store and + retrieve arbitrary metadata. + They are not queryable. + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) variables. + type: object + type: object + from: + description: |- + from specifies the origin of the variable definition. + This will be `inline` for variables defined in the ClusterClass or the name of a patch defined in the ClusterClass + for variables discovered from a DiscoverVariables runtime extensions. + maxLength: 256 + minLength: 1 + type: string + required: + description: |- + required specifies if the variable is required. + Note: this applies to the variable as a whole and thus the + top-level object defined in the schema. If nested fields are + required, this will be specified inside the schema. + type: boolean + schema: + description: schema defines the schema of the variable. + properties: + openAPIV3Schema: + description: |- + openAPIV3Schema defines the schema of a variable via OpenAPI v3 + schema. The schema is a subset of the schema used in + Kubernetes CRDs. + minProperties: 1 + properties: + additionalProperties: + description: |- + additionalProperties specifies the schema of values in a map (keys are always strings). + NOTE: Can only be set if type is object. + NOTE: AdditionalProperties is mutually exclusive with Properties. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + allOf: + description: |- + allOf specifies that the variable must validate against all of the subschemas in the array. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + anyOf: + description: |- + anyOf specifies that the variable must validate against one or more of the subschemas in the array. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + default: + description: |- + default is the default value of the variable. + NOTE: Can be set for all types. + x-kubernetes-preserve-unknown-fields: true + description: + description: description is a human-readable description + of this variable. + maxLength: 4096 + minLength: 1 + type: string + enum: + description: |- + enum is the list of valid values of the variable. + NOTE: Can be set for all types. + items: + x-kubernetes-preserve-unknown-fields: true + maxItems: 100 + type: array + x-kubernetes-list-type: atomic + example: + description: example is an example for this variable. + x-kubernetes-preserve-unknown-fields: true + exclusiveMaximum: + description: |- + exclusiveMaximum specifies if the Maximum is exclusive. + NOTE: Can only be set if type is integer or number. + type: boolean + exclusiveMinimum: + description: |- + exclusiveMinimum specifies if the Minimum is exclusive. + NOTE: Can only be set if type is integer or number. + type: boolean + format: + description: |- + format is an OpenAPI v3 format string. Unknown formats are ignored. + For a list of supported formats please see: (of the k8s.io/apiextensions-apiserver version we're currently using) + https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go + NOTE: Can only be set if type is string. + maxLength: 32 + minLength: 1 + type: string + items: + description: |- + items specifies fields of an array. + NOTE: Can only be set if type is array. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + maxItems: + description: |- + maxItems is the max length of an array variable. + NOTE: Can only be set if type is array. + format: int64 + type: integer + maxLength: + description: |- + maxLength is the max length of a string variable. + NOTE: Can only be set if type is string. + format: int64 + type: integer + maxProperties: + description: |- + maxProperties is the maximum amount of entries in a map or properties in an object. + NOTE: Can only be set if type is object. + format: int64 + type: integer + maximum: + description: |- + maximum is the maximum of an integer or number variable. + If ExclusiveMaximum is false, the variable is valid if it is lower than, or equal to, the value of Maximum. + If ExclusiveMaximum is true, the variable is valid if it is strictly lower than the value of Maximum. + NOTE: Can only be set if type is integer or number. + format: int64 + type: integer + minItems: + description: |- + minItems is the min length of an array variable. + NOTE: Can only be set if type is array. + format: int64 + type: integer + minLength: + description: |- + minLength is the min length of a string variable. + NOTE: Can only be set if type is string. + format: int64 + type: integer + minProperties: + description: |- + minProperties is the minimum amount of entries in a map or properties in an object. + NOTE: Can only be set if type is object. + format: int64 + type: integer + minimum: + description: |- + minimum is the minimum of an integer or number variable. + If ExclusiveMinimum is false, the variable is valid if it is greater than, or equal to, the value of Minimum. + If ExclusiveMinimum is true, the variable is valid if it is strictly greater than the value of Minimum. + NOTE: Can only be set if type is integer or number. + format: int64 + type: integer + not: + description: |- + not specifies that the variable must not validate against the subschema. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + oneOf: + description: |- + oneOf specifies that the variable must validate against exactly one of the subschemas in the array. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + pattern: + description: |- + pattern is the regex which a string variable must match. + NOTE: Can only be set if type is string. + maxLength: 512 + minLength: 1 + type: string + properties: + description: |- + properties specifies fields of an object. + NOTE: Can only be set if type is object. + NOTE: Properties is mutually exclusive with AdditionalProperties. + NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible. + x-kubernetes-preserve-unknown-fields: true + required: + description: |- + required specifies which fields of an object are required. + NOTE: Can only be set if type is object. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 1000 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: + description: |- + type is the type of the variable. + Valid values are: object, array, string, integer, number or boolean. + enum: + - object + - array + - string + - integer + - number + - boolean + type: string + uniqueItems: + description: |- + uniqueItems specifies if items in an array must be unique. + NOTE: Can only be set if type is array. + type: boolean + x-kubernetes-int-or-string: + description: |- + x-kubernetes-int-or-string specifies that this value is + either an integer or a string. If this is true, an empty + type is allowed and type as child of anyOf is permitted + if following one of the following patterns: + + 1) anyOf: + - type: integer + - type: string + 2) allOf: + - anyOf: + - type: integer + - type: string + - ... zero or more + type: boolean + x-kubernetes-preserve-unknown-fields: + description: |- + x-kubernetes-preserve-unknown-fields allows setting fields in a variable object + which are not defined in the variable schema. This affects fields recursively, + except if nested properties or additionalProperties are specified in the schema. + type: boolean + x-kubernetes-validations: + description: x-kubernetes-validations describes + a list of validation rules written in the CEL + expression language. + items: + description: ValidationRule describes a validation + rule written in the CEL expression language. + properties: + fieldPath: + description: |- + fieldPath represents the field path returned when the validation fails. + It must be a relative JSON path (i.e. with array notation) scoped to the location of this x-kubernetes-validations extension in the schema and refer to an existing field. + e.g. when validation checks if a specific attribute `foo` under a map `testMap`, the fieldPath could be set to `.testMap.foo` + If the validation checks two lists must have unique attributes, the fieldPath could be set to either of the list: e.g. `.testList` + It does not support list numeric index. + It supports child operation to refer to an existing field currently. Refer to [JSONPath support in Kubernetes](https://kubernetes.io/docs/reference/kubectl/jsonpath/) for more info. + Numeric index of array is not supported. + For field name which contains special characters, use `['specialName']` to refer the field name. + e.g. for attribute `foo.34$` appears in a list `testList`, the fieldPath could be set to `.testList['foo.34$']` + maxLength: 512 + minLength: 1 + type: string + message: + description: |- + message represents the message displayed when validation fails. The message is required if the Rule contains + line breaks. The message must not contain line breaks. + If unset, the message is "failed rule: {Rule}". + e.g. "must be a URL with the host matching spec.host" + maxLength: 512 + minLength: 1 + type: string + messageExpression: + description: |- + messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. + Since messageExpression is used as a failure message, it must evaluate to a string. + If both message and messageExpression are present on a rule, then messageExpression will be used if validation + fails. If messageExpression results in a runtime error, the validation failure message is produced + as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string + that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset. + messageExpression has access to all the same variables as the rule; the only difference is the return type. + Example: + "x must be less than max ("+string(self.max)+")" + maxLength: 1024 + minLength: 1 + type: string + reason: + default: FieldValueInvalid + description: |- + reason provides a machine-readable validation failure reason that is returned to the caller when a request fails this validation rule. + The currently supported reasons are: "FieldValueInvalid", "FieldValueForbidden", "FieldValueRequired", "FieldValueDuplicate". + If not set, default to use "FieldValueInvalid". + All future added reasons must be accepted by clients when reading this value and unknown reasons should be treated as FieldValueInvalid. + enum: + - FieldValueInvalid + - FieldValueForbidden + - FieldValueRequired + - FieldValueDuplicate + type: string + rule: + description: "rule represents the expression + which will be evaluated by CEL.\nref: + https://github.com/google/cel-spec\nThe + Rule is scoped to the location of the + x-kubernetes-validations extension in + the schema.\nThe `self` variable in the + CEL expression is bound to the scoped + value.\nIf the Rule is scoped to an object + with properties, the accessible properties + of the object are field selectable\nvia + `self.field` and field presence can be + checked via `has(self.field)`.\nIf the + Rule is scoped to an object with additionalProperties + (i.e. a map) the value of the map\nare + accessible via `self[mapKey]`, map containment + can be checked via `mapKey in self` and + all entries of the map\nare accessible + via CEL macros and functions such as `self.all(...)`.\nIf + the Rule is scoped to an array, the elements + of the array are accessible via `self[i]` + and also by macros and\nfunctions.\nIf + the Rule is scoped to a scalar, `self` + is bound to the scalar value.\nExamples:\n- + Rule scoped to a map of objects: {\"rule\": + \"self.components['Widget'].priority < + 10\"}\n- Rule scoped to a list of integers: + {\"rule\": \"self.values.all(value, value + >= 0 && value < 100)\"}\n- Rule scoped + to a string value: {\"rule\": \"self.startsWith('kube')\"}\n\nUnknown + data preserved in custom resources via + x-kubernetes-preserve-unknown-fields is + not accessible in CEL\nexpressions. This + includes:\n- Unknown field values that + are preserved by object schemas with x-kubernetes-preserve-unknown-fields.\n- + Object properties where the property schema + is of an \"unknown type\". An \"unknown + type\" is recursively defined as:\n - + A schema with no type and x-kubernetes-preserve-unknown-fields + set to true\n - An array where the items + schema is of an \"unknown type\"\n - + An object where the additionalProperties + schema is of an \"unknown type\"\n\nOnly + property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` + are accessible.\nAccessible property names + are escaped according to the following + rules when accessed in the expression:\n- + '__' escapes to '__underscores__'\n- '.' + escapes to '__dot__'\n- '-' escapes to + '__dash__'\n- '/' escapes to '__slash__'\n- + Property names that exactly match a CEL + RESERVED keyword escape to '__{keyword}__'. + The keywords are:\n\t \"true\", \"false\", + \"null\", \"in\", \"as\", \"break\", \"const\", + \"continue\", \"else\", \"for\", \"function\", + \"if\",\n\t \"import\", \"let\", \"loop\", + \"package\", \"namespace\", \"return\".\nExamples:\n + \ - Rule accessing a property named \"namespace\": + {\"rule\": \"self.__namespace__ > 0\"}\n + \ - Rule accessing a property named \"x-prop\": + {\"rule\": \"self.x__dash__prop > 0\"}\n + \ - Rule accessing a property named \"redact__d\": + {\"rule\": \"self.redact__underscores__d + > 0\"}\n\nIf `rule` makes use of the `oldSelf` + variable it is implicitly a\n`transition + rule`.\n\nBy default, the `oldSelf` variable + is the same type as `self`.\n\nTransition + rules by default are applied only on UPDATE + requests and are\nskipped if an old value + could not be found." + maxLength: 4096 + minLength: 1 + type: string + required: + - rule + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - rule + x-kubernetes-list-type: map + x-metadata: + description: |- + x-metadata is the metadata of a variable or a nested field within a variable. + It can be used to add additional data for higher level tools. + minProperties: 1 + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map that can be used to store and + retrieve arbitrary metadata. + They are not queryable. + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) variables. + type: object + type: object + type: object + required: + - openAPIV3Schema + type: object + required: + - from + - required + - schema + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + definitionsConflict: + description: definitionsConflict specifies whether or not there + are conflicting definitions for a single variable name. + type: boolean + name: + description: name is the name of the variable. + maxLength: 256 + minLength: 1 + type: string + required: + - definitions + - name + type: object + maxItems: 1000 + type: array + x-kubernetes-list-type: atomic + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.18.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: clusterresourcesetbindings.addons.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: addons.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: ClusterResourceSetBinding + listKind: ClusterResourceSetBindingList + plural: clusterresourcesetbindings + singular: clusterresourcesetbinding + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of ClusterResourceSetBinding + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1beta1 + schema: + openAPIV3Schema: + description: ClusterResourceSetBinding lists all matching ClusterResourceSets + with the cluster it belongs to. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the desired state of ClusterResourceSetBinding. + properties: + bindings: + description: bindings is a list of ClusterResourceSets and their resources. + items: + description: ResourceSetBinding keeps info on all of the resources + in a ClusterResourceSet. + properties: + clusterResourceSetName: + description: clusterResourceSetName is the name of the ClusterResourceSet + that is applied to the owner cluster of the binding. + maxLength: 253 + minLength: 1 + type: string + resources: + description: resources is a list of resources that the ClusterResourceSet + has. + items: + description: ResourceBinding shows the status of a resource + that belongs to a ClusterResourceSet matched by the owner + cluster of the ClusterResourceSetBinding object. + properties: + applied: + description: applied is to track if a resource is applied + to the cluster or not. + type: boolean + hash: + description: |- + hash is the hash of a resource's data. This can be used to decide if a resource is changed. + For "ApplyOnce" ClusterResourceSet.spec.strategy, this is no-op as that strategy does not act on change. + maxLength: 256 + minLength: 1 + type: string + kind: + description: 'kind of the resource. Supported kinds are: + Secrets and ConfigMaps.' + enum: + - Secret + - ConfigMap + type: string + lastAppliedTime: + description: lastAppliedTime identifies when this resource + was last applied to the cluster. + format: date-time + type: string + name: + description: name of the resource that is in the same + namespace with ClusterResourceSet object. + maxLength: 253 + minLength: 1 + type: string + required: + - applied + - kind + - name + type: object + maxItems: 100 + type: array + required: + - clusterResourceSetName + type: object + maxItems: 100 + type: array + clusterName: + description: |- + clusterName is the name of the Cluster this binding applies to. + Note: this field mandatory in v1beta2. + maxLength: 63 + minLength: 1 + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Time duration since creation of ClusterResourceSetBinding + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: ClusterResourceSetBinding lists all matching ClusterResourceSets + with the cluster it belongs to. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the desired state of ClusterResourceSetBinding. + properties: + bindings: + description: bindings is a list of ClusterResourceSets and their resources. + items: + description: ResourceSetBinding keeps info on all of the resources + in a ClusterResourceSet. + properties: + clusterResourceSetName: + description: clusterResourceSetName is the name of the ClusterResourceSet + that is applied to the owner cluster of the binding. + maxLength: 253 + minLength: 1 + type: string + resources: + description: resources is a list of resources that the ClusterResourceSet + has. + items: + description: ResourceBinding shows the status of a resource + that belongs to a ClusterResourceSet matched by the owner + cluster of the ClusterResourceSetBinding object. + properties: + applied: + description: applied is to track if a resource is applied + to the cluster or not. + type: boolean + hash: + description: |- + hash is the hash of a resource's data. This can be used to decide if a resource is changed. + For "ApplyOnce" ClusterResourceSet.spec.strategy, this is no-op as that strategy does not act on change. + maxLength: 256 + minLength: 1 + type: string + kind: + description: 'kind of the resource. Supported kinds are: + Secrets and ConfigMaps.' + enum: + - Secret + - ConfigMap + type: string + lastAppliedTime: + description: lastAppliedTime identifies when this resource + was last applied to the cluster. + format: date-time + type: string + name: + description: name of the resource that is in the same + namespace with ClusterResourceSet object. + maxLength: 253 + minLength: 1 + type: string + required: + - applied + - kind + - name + type: object + maxItems: 100 + type: array + x-kubernetes-list-type: atomic + required: + - clusterResourceSetName + type: object + maxItems: 100 + type: array + x-kubernetes-list-type: atomic + clusterName: + description: clusterName is the name of the Cluster this binding applies + to. + maxLength: 63 + minLength: 1 + type: string + required: + - clusterName + type: object + required: + - spec + type: object + served: true + storage: true + subresources: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.18.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: clusterresourcesets.addons.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: addons.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: ClusterResourceSet + listKind: ClusterResourceSetList + plural: clusterresourcesets + singular: clusterresourceset + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of ClusterResourceSet + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1beta1 + schema: + openAPIV3Schema: + description: |- + ClusterResourceSet is the Schema for the clusterresourcesets API. + For advanced use cases an add-on provider should be used instead. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the desired state of ClusterResourceSet. + properties: + clusterSelector: + description: |- + clusterSelector is the label selector for Clusters. The Clusters that are + selected by this will be the ones affected by this ClusterResourceSet. + It must match the Cluster labels. This field is immutable. + Label selector cannot be empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + resources: + description: resources is a list of Secrets/ConfigMaps where each + contains 1 or more resources to be applied to remote clusters. + items: + description: ResourceRef specifies a resource. + properties: + kind: + description: 'kind of the resource. Supported kinds are: Secrets + and ConfigMaps.' + enum: + - Secret + - ConfigMap + type: string + name: + description: name of the resource that is in the same namespace + with ClusterResourceSet object. + maxLength: 253 + minLength: 1 + type: string + required: + - kind + - name + type: object + maxItems: 100 + type: array + strategy: + description: strategy is the strategy to be used during applying resources. + Defaults to ApplyOnce. This field is immutable. + enum: + - ApplyOnce + - Reconcile + type: string + required: + - clusterSelector + type: object + status: + description: status is the observed state of ClusterResourceSet. + properties: + conditions: + description: conditions defines current state of the ClusterResourceSet. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + observedGeneration: + description: observedGeneration reflects the generation of the most + recently observed ClusterResourceSet. + format: int64 + type: integer + v1beta2: + description: v1beta2 groups all the fields that will be added or modified + in ClusterResourceSet's status with the V1Beta2 version. + properties: + conditions: + description: |- + conditions represents the observations of a ClusterResourceSet's current state. + Known condition types are ResourceSetApplied, Deleting. + items: + description: Condition contains details for one aspect of the + current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Resource applied + jsonPath: .status.conditions[?(@.type=="ResourcesApplied")].status + name: Applied + type: string + - description: Reconciliation paused + jsonPath: .status.conditions[?(@.type=="Paused")].status + name: Paused + priority: 10 + type: string + - description: Time duration since creation of ClusterResourceSet + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: |- + ClusterResourceSet is the Schema for the clusterresourcesets API. + For advanced use cases an add-on provider should be used instead. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the desired state of ClusterResourceSet. + properties: + clusterSelector: + description: |- + clusterSelector is the label selector for Clusters. The Clusters that are + selected by this will be the ones affected by this ClusterResourceSet. + It must match the Cluster labels. This field is immutable. + Label selector cannot be empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + resources: + description: resources is a list of Secrets/ConfigMaps where each + contains 1 or more resources to be applied to remote clusters. + items: + description: ResourceRef specifies a resource. + properties: + kind: + description: 'kind of the resource. Supported kinds are: Secrets + and ConfigMaps.' + enum: + - Secret + - ConfigMap + type: string + name: + description: name of the resource that is in the same namespace + with ClusterResourceSet object. + maxLength: 253 + minLength: 1 + type: string + required: + - kind + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + strategy: + description: strategy is the strategy to be used during applying resources. + Defaults to ApplyOnce. This field is immutable. + enum: + - ApplyOnce + - Reconcile + type: string + required: + - clusterSelector + - resources + type: object + status: + description: status is the observed state of ClusterResourceSet. + minProperties: 1 + properties: + conditions: + description: |- + conditions represents the observations of a ClusterResourceSet's current state. + Known condition types are ResourcesApplied. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + deprecated: + description: deprecated groups all the status fields that are deprecated + and will be removed when all the nested field are removed. + properties: + v1beta1: + description: v1beta1 groups all the status fields that are deprecated + and will be removed when support for v1beta1 will be dropped. + properties: + conditions: + description: |- + conditions defines current state of the ClusterResourceSet. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + items: + description: Condition defines an observation of a Cluster + API resource operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, + Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + type: object + type: object + observedGeneration: + description: observedGeneration reflects the generation of the most + recently observed ClusterResourceSet. + format: int64 + minimum: 1 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.18.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: ipaddressclaims.ipam.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: ipam.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: IPAddressClaim + listKind: IPAddressClaimList + plural: ipaddressclaims + singular: ipaddressclaim + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Name of the pool to allocate an address from + jsonPath: .spec.poolRef.name + name: Pool Name + type: string + - description: Kind of the pool to allocate an address from + jsonPath: .spec.poolRef.kind + name: Pool Kind + type: string + - description: Time duration since creation of IPAdressClaim + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1beta1 + schema: + openAPIV3Schema: + description: IPAddressClaim is the Schema for the ipaddressclaim API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the desired state of IPAddressClaim. + properties: + clusterName: + description: clusterName is the name of the Cluster this object belongs + to. + maxLength: 63 + minLength: 1 + type: string + poolRef: + description: poolRef is a reference to the pool from which an IP address + should be created. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + required: + - poolRef + type: object + status: + description: status is the observed state of IPAddressClaim. + properties: + addressRef: + description: addressRef is a reference to the address that was created + for this claim. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + conditions: + description: conditions summarises the current state of the IPAddressClaim + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + v1beta2: + description: v1beta2 groups all the fields that will be added or modified + in IPAddressClaim's status with the V1Beta2 version. + properties: + conditions: + description: conditions represents the observations of a IPAddressClaim's + current state. + items: + description: Condition contains details for one aspect of the + current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Name of the pool to allocate an address from + jsonPath: .spec.poolRef.name + name: Pool Name + type: string + - description: Kind of the pool to allocate an address from + jsonPath: .spec.poolRef.kind + name: Pool Kind + type: string + - description: Time duration since creation of IPAdressClaim + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: IPAddressClaim is the Schema for the ipaddressclaim API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the desired state of IPAddressClaim. + properties: + clusterName: + description: clusterName is the name of the Cluster this object belongs + to. + maxLength: 63 + minLength: 1 + type: string + poolRef: + description: poolRef is a reference to the pool from which an IP address + should be created. + properties: + apiGroup: + description: |- + apiGroup of the IPPool. + apiGroup must be fully qualified domain name. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: |- + kind of the IPPool. + kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: |- + name of the IPPool. + name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - apiGroup + - kind + - name + type: object + required: + - poolRef + type: object + status: + description: status is the observed state of IPAddressClaim. + minProperties: 1 + properties: + addressRef: + description: addressRef is a reference to the address that was created + for this claim. + properties: + name: + description: |- + name of the IPAddress. + name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - name + type: object + conditions: + description: |- + conditions represents the observations of a IPAddressClaim's current state. + Known condition types are Ready. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + deprecated: + description: deprecated groups all the status fields that are deprecated + and will be removed when all the nested field are removed. + properties: + v1beta1: + description: v1beta1 groups all the status fields that are deprecated + and will be removed when support for v1beta1 will be dropped. + properties: + conditions: + description: |- + conditions summarises the current state of the IPAddressClaim + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + items: + description: Condition defines an observation of a Cluster + API resource operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, + Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + type: object + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.18.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: clusters.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Cluster + listKind: ClusterList + plural: clusters + shortNames: + - cl + singular: cluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: ClusterClass of this Cluster, empty if the Cluster is not using + a ClusterClass + jsonPath: .spec.topology.class + name: ClusterClass + type: string + - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed + jsonPath: .status.phase + name: Phase + type: string + - description: Time duration since creation of Cluster + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this Cluster + jsonPath: .spec.topology.version + name: Version + type: string + deprecated: true + name: v1beta1 + schema: + openAPIV3Schema: + description: Cluster is the Schema for the clusters API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the desired state of Cluster. + properties: + availabilityGates: + description: |- + availabilityGates specifies additional conditions to include when evaluating Cluster Available condition. + + If this field is not defined and the Cluster implements a managed topology, availabilityGates + from the corresponding ClusterClass will be used, if any. + + NOTE: this field is considered only for computing v1beta2 conditions. + items: + description: ClusterAvailabilityGate contains the type of a Cluster + condition to be used as availability gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Cluster's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as availability gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this availabilityGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map + clusterNetwork: + description: clusterNetwork represents the cluster network configuration. + properties: + apiServerPort: + description: |- + apiServerPort specifies the port the API Server should bind to. + Defaults to 6443. + format: int32 + type: integer + pods: + description: pods is the network ranges from which Pod networks + are allocated. + properties: + cidrBlocks: + description: cidrBlocks is a list of CIDR blocks. + items: + maxLength: 43 + minLength: 1 + type: string + maxItems: 100 + type: array + required: + - cidrBlocks + type: object + serviceDomain: + description: serviceDomain is the domain name for services. + maxLength: 253 + minLength: 1 + type: string + services: + description: services is the network ranges from which service + VIPs are allocated. + properties: + cidrBlocks: + description: cidrBlocks is a list of CIDR blocks. + items: + maxLength: 43 + minLength: 1 + type: string + maxItems: 100 + type: array + required: + - cidrBlocks + type: object + type: object + controlPlaneEndpoint: + description: controlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: host is the hostname on which the API server is serving. + maxLength: 512 + type: string + port: + description: port is the port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + controlPlaneRef: + description: |- + controlPlaneRef is an optional reference to a provider-specific resource that holds + the details for provisioning the Control Plane for a Cluster. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + infrastructureRef: + description: |- + infrastructureRef is a reference to a provider-specific resource that holds the details + for provisioning infrastructure for a cluster in said provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + paused: + description: paused can be used to prevent controllers from processing + the Cluster and all its associated objects. + type: boolean + topology: + description: |- + topology encapsulates the topology for the cluster. + NOTE: It is required to enable the ClusterTopology + feature gate flag to activate managed topologies support; + this feature is highly experimental, and parts of it might still be not implemented. + properties: + class: + description: class is the name of the ClusterClass object to create + the topology. + maxLength: 253 + minLength: 1 + type: string + classNamespace: + description: |- + classNamespace is the namespace of the ClusterClass that should be used for the topology. + If classNamespace is empty or not set, it is defaulted to the namespace of the Cluster object. + classNamespace must be a valid namespace name and because of that be at most 63 characters in length + and it must consist only of lower case alphanumeric characters or hyphens (-), and must start + and end with an alphanumeric character. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + controlPlane: + description: controlPlane describes the cluster control plane. + properties: + machineHealthCheck: + description: |- + machineHealthCheck allows to enable, disable and override + the MachineHealthCheck configuration in the ClusterClass for this control plane. + properties: + enable: + description: |- + enable controls if a MachineHealthCheck should be created for the target machines. + + If false: No MachineHealthCheck will be created. + + If not set(default): A MachineHealthCheck will be created if it is defined here or + in the associated ClusterClass. If no MachineHealthCheck is defined then none will be created. + + If true: A MachineHealthCheck is guaranteed to be created. Cluster validation will + block if `enable` is true and no MachineHealthCheck definition is available. + type: boolean + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: |- + maxUnhealthy specifies the maximum number of unhealthy machines allowed. + Any further remediation is only allowed if at most "maxUnhealthy" machines selected by + "selector" are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: |- + nodeStartupTimeout allows to set the maximum time for MachineHealthCheck + to consider a Machine unhealthy if a corresponding Node isn't associated + through a `Spec.ProviderID` field. + + The duration set in this field is compared to the greatest of: + - Cluster's infrastructure ready condition timestamp (if and when available) + - Control Plane's initialized condition timestamp (if and when available) + - Machine's infrastructure ready condition timestamp (if and when available) + - Machine's metadata creation timestamp + + Defaults to 10 minutes. + If you wish to disable this feature, set the value explicitly to 0. + type: string + remediationTemplate: + description: |- + remediationTemplate is a reference to a remediation template + provided by an infrastructure provider. + + This field is completely optional, when filled, the MachineHealthCheck controller + creates a new object from the template referenced and hands off remediation of the machine to + a controller that lives outside of Cluster API. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: |- + unhealthyConditions contains a list of the conditions that determine + whether a node is considered unhealthy. The conditions are combined in a + logical OR, i.e. if any of the conditions is met, the node is unhealthy. + items: + description: |- + UnhealthyCondition represents a Node condition type and value with a timeout + specified as a duration. When the named condition has been in the given + status for at least the timeout value, a node is considered unhealthy. + properties: + status: + description: status of the condition, one of True, + False, Unknown. + minLength: 1 + type: string + timeout: + description: |- + timeout is the duration that a node must be in a given status for, + after which the node is considered unhealthy. + For example, with a value of "1h", the node must match the status + for at least 1 hour before being considered unhealthy. + type: string + type: + description: type of Node condition + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + maxItems: 100 + type: array + unhealthyRange: + description: |- + unhealthyRange specifies the range of unhealthy machines allowed. + Any further remediation is only allowed if the number of machines selected by "selector" as not healthy + is within the range of "unhealthyRange". Takes precedence over maxUnhealthy. + Eg. "[3-5]" - This means that remediation will be allowed only when: + (a) there are at least 3 unhealthy machines (and) + (b) there are at most 5 unhealthy machines + maxLength: 32 + minLength: 1 + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + type: object + metadata: + description: |- + metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane + if the ControlPlaneTemplate referenced by the ClusterClass is machine based. If not, it + is applied only to the ControlPlane. + At runtime this metadata is merged with the corresponding metadata from the ClusterClass. + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + nodeDeletionTimeout: + description: |- + nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine + hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. + Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: |- + nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + type: string + nodeVolumeDetachTimeout: + description: |- + nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + type: string + readinessGates: + description: |- + readinessGates specifies additional conditions to include when evaluating Machine Ready condition. + + This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready + computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine. + + If this field is not defined, readinessGates from the corresponding ControlPlaneClass will be used, if any. + + NOTE: This field is considered only for computing v1beta2 conditions. + NOTE: Specific control plane provider implementations might automatically extend the list of readinessGates; + e.g. the kubeadm control provider adds ReadinessGates for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc. + items: + description: MachineReadinessGate contains the type of a + Machine condition to be used as a readiness gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Machine's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this readinessGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map + replicas: + description: |- + replicas is the number of control plane nodes. + If the value is nil, the ControlPlane object is created without the number of Replicas + and it's assumed that the control plane controller does not implement support for this field. + When specified against a control plane provider that lacks support for this field, this value will be ignored. + format: int32 + type: integer + variables: + description: variables can be used to customize the ControlPlane + through patches. + properties: + overrides: + description: overrides can be used to override Cluster + level variables. + items: + description: |- + ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a + Variable definition in the ClusterClass `status` variables. + properties: + definitionFrom: + description: |- + definitionFrom specifies where the definition of this Variable is from. + + Deprecated: This field is deprecated, must not be set anymore and is going to be removed in the next apiVersion. + maxLength: 256 + type: string + name: + description: name of the variable. + maxLength: 256 + minLength: 1 + type: string + value: + description: |- + value of the variable. + Note: the value will be validated against the schema of the corresponding ClusterClassVariable + from the ClusterClass. + Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a + hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools, + i.e. it is not possible to have no type field. + Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 + x-kubernetes-preserve-unknown-fields: true + required: + - name + - value + type: object + maxItems: 1000 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: object + rolloutAfter: + description: |- + rolloutAfter performs a rollout of the entire cluster one component at a time, + control plane first and then machine deployments. + + Deprecated: This field has no function and is going to be removed in the next apiVersion. + format: date-time + type: string + variables: + description: |- + variables can be used to customize the Cluster through + patches. They must comply to the corresponding + VariableClasses defined in the ClusterClass. + items: + description: |- + ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a + Variable definition in the ClusterClass `status` variables. + properties: + definitionFrom: + description: |- + definitionFrom specifies where the definition of this Variable is from. + + Deprecated: This field is deprecated, must not be set anymore and is going to be removed in the next apiVersion. + maxLength: 256 + type: string + name: + description: name of the variable. + maxLength: 256 + minLength: 1 + type: string + value: + description: |- + value of the variable. + Note: the value will be validated against the schema of the corresponding ClusterClassVariable + from the ClusterClass. + Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a + hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools, + i.e. it is not possible to have no type field. + Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 + x-kubernetes-preserve-unknown-fields: true + required: + - name + - value + type: object + maxItems: 1000 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + version: + description: version is the Kubernetes version of the cluster. + maxLength: 256 + minLength: 1 + type: string + workers: + description: |- + workers encapsulates the different constructs that form the worker nodes + for the cluster. + properties: + machineDeployments: + description: machineDeployments is a list of machine deployments + in the cluster. + items: + description: |- + MachineDeploymentTopology specifies the different parameters for a set of worker nodes in the topology. + This set of nodes is managed by a MachineDeployment object whose lifecycle is managed by the Cluster controller. + properties: + class: + description: |- + class is the name of the MachineDeploymentClass used to create the set of worker nodes. + This should match one of the deployment classes defined in the ClusterClass object + mentioned in the `Cluster.Spec.Class` field. + maxLength: 256 + minLength: 1 + type: string + failureDomain: + description: |- + failureDomain is the failure domain the machines will be created in. + Must match a key in the FailureDomains map stored on the cluster object. + maxLength: 256 + minLength: 1 + type: string + machineHealthCheck: + description: |- + machineHealthCheck allows to enable, disable and override + the MachineHealthCheck configuration in the ClusterClass for this MachineDeployment. + properties: + enable: + description: |- + enable controls if a MachineHealthCheck should be created for the target machines. + + If false: No MachineHealthCheck will be created. + + If not set(default): A MachineHealthCheck will be created if it is defined here or + in the associated ClusterClass. If no MachineHealthCheck is defined then none will be created. + + If true: A MachineHealthCheck is guaranteed to be created. Cluster validation will + block if `enable` is true and no MachineHealthCheck definition is available. + type: boolean + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: |- + maxUnhealthy specifies the maximum number of unhealthy machines allowed. + Any further remediation is only allowed if at most "maxUnhealthy" machines selected by + "selector" are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: |- + nodeStartupTimeout allows to set the maximum time for MachineHealthCheck + to consider a Machine unhealthy if a corresponding Node isn't associated + through a `Spec.ProviderID` field. + + The duration set in this field is compared to the greatest of: + - Cluster's infrastructure ready condition timestamp (if and when available) + - Control Plane's initialized condition timestamp (if and when available) + - Machine's infrastructure ready condition timestamp (if and when available) + - Machine's metadata creation timestamp + + Defaults to 10 minutes. + If you wish to disable this feature, set the value explicitly to 0. + type: string + remediationTemplate: + description: |- + remediationTemplate is a reference to a remediation template + provided by an infrastructure provider. + + This field is completely optional, when filled, the MachineHealthCheck controller + creates a new object from the template referenced and hands off remediation of the machine to + a controller that lives outside of Cluster API. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: |- + unhealthyConditions contains a list of the conditions that determine + whether a node is considered unhealthy. The conditions are combined in a + logical OR, i.e. if any of the conditions is met, the node is unhealthy. + items: + description: |- + UnhealthyCondition represents a Node condition type and value with a timeout + specified as a duration. When the named condition has been in the given + status for at least the timeout value, a node is considered unhealthy. + properties: + status: + description: status of the condition, one + of True, False, Unknown. + minLength: 1 + type: string + timeout: + description: |- + timeout is the duration that a node must be in a given status for, + after which the node is considered unhealthy. + For example, with a value of "1h", the node must match the status + for at least 1 hour before being considered unhealthy. + type: string + type: + description: type of Node condition + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + maxItems: 100 + type: array + unhealthyRange: + description: |- + unhealthyRange specifies the range of unhealthy machines allowed. + Any further remediation is only allowed if the number of machines selected by "selector" as not healthy + is within the range of "unhealthyRange". Takes precedence over maxUnhealthy. + Eg. "[3-5]" - This means that remediation will be allowed only when: + (a) there are at least 3 unhealthy machines (and) + (b) there are at most 5 unhealthy machines + maxLength: 32 + minLength: 1 + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + type: object + metadata: + description: |- + metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment. + At runtime this metadata is merged with the corresponding metadata from the ClusterClass. + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + minReadySeconds: + description: |- + minReadySeconds is the minimum number of seconds for which a newly created machine should + be ready. + Defaults to 0 (machine will be considered available as soon as it + is ready) + format: int32 + type: integer + name: + description: |- + name is the unique identifier for this MachineDeploymentTopology. + The value is used with other unique identifiers to create a MachineDeployment's Name + (e.g. cluster's name, etc). In case the name is greater than the allowed maximum length, + the values are hashed together. + maxLength: 63 + minLength: 1 + type: string + nodeDeletionTimeout: + description: |- + nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine + hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. + Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: |- + nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + type: string + nodeVolumeDetachTimeout: + description: |- + nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + type: string + readinessGates: + description: |- + readinessGates specifies additional conditions to include when evaluating Machine Ready condition. + + This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready + computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine. + + If this field is not defined, readinessGates from the corresponding MachineDeploymentClass will be used, if any. + + NOTE: This field is considered only for computing v1beta2 conditions. + items: + description: MachineReadinessGate contains the type + of a Machine condition to be used as a readiness + gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Machine's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this readinessGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map + replicas: + description: |- + replicas is the number of worker nodes belonging to this set. + If the value is nil, the MachineDeployment is created without the number of Replicas (defaulting to 1) + and it's assumed that an external entity (like cluster autoscaler) is responsible for the management + of this value. + format: int32 + type: integer + strategy: + description: |- + strategy is the deployment strategy to use to replace existing machines with + new ones. + properties: + remediation: + description: |- + remediation controls the strategy of remediating unhealthy machines + and how remediating operations should occur during the lifecycle of the dependant MachineSets. + properties: + maxInFlight: + anyOf: + - type: integer + - type: string + description: |- + maxInFlight determines how many in flight remediations should happen at the same time. + + Remediation only happens on the MachineSet with the most current revision, while + older MachineSets (usually present during rollout operations) aren't allowed to remediate. + + Note: In general (independent of remediations), unhealthy machines are always + prioritized during scale down operations over healthy ones. + + MaxInFlight can be set to a fixed number or a percentage. + Example: when this is set to 20%, the MachineSet controller deletes at most 20% of + the desired replicas. + + If not set, remediation is limited to all machines (bounded by replicas) + under the active MachineSet's management. + x-kubernetes-int-or-string: true + type: object + rollingUpdate: + description: |- + rollingUpdate is the rolling update config params. Present only if + MachineDeploymentStrategyType = RollingUpdate. + properties: + deletePolicy: + description: |- + deletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling. + Valid values are "Random, "Newest", "Oldest" + When no value is supplied, the default DeletePolicy of MachineSet is used + enum: + - Random + - Newest + - Oldest + type: string + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + maxSurge is the maximum number of machines that can be scheduled above the + desired number of machines. + Value can be an absolute number (ex: 5) or a percentage of + desired machines (ex: 10%). + This can not be 0 if MaxUnavailable is 0. + Absolute number is calculated from percentage by rounding up. + Defaults to 1. + Example: when this is set to 30%, the new MachineSet can be scaled + up immediately when the rolling update starts, such that the total + number of old and new machines do not exceed 130% of desired + machines. Once old machines have been killed, new MachineSet can + be scaled up further, ensuring that total number of machines running + at any time during the update is at most 130% of desired machines. + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + maxUnavailable is the maximum number of machines that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of desired + machines (ex: 10%). + Absolute number is calculated from percentage by rounding down. + This can not be 0 if MaxSurge is 0. + Defaults to 0. + Example: when this is set to 30%, the old MachineSet can be scaled + down to 70% of desired machines immediately when the rolling update + starts. Once new machines are ready, old MachineSet can be scaled + down further, followed by scaling up the new MachineSet, ensuring + that the total number of machines available at all times + during the update is at least 70% of desired machines. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + type of deployment. Allowed values are RollingUpdate and OnDelete. + The default is RollingUpdate. + enum: + - RollingUpdate + - OnDelete + type: string + type: object + variables: + description: variables can be used to customize the + MachineDeployment through patches. + properties: + overrides: + description: overrides can be used to override Cluster + level variables. + items: + description: |- + ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a + Variable definition in the ClusterClass `status` variables. + properties: + definitionFrom: + description: |- + definitionFrom specifies where the definition of this Variable is from. + + Deprecated: This field is deprecated, must not be set anymore and is going to be removed in the next apiVersion. + maxLength: 256 + type: string + name: + description: name of the variable. + maxLength: 256 + minLength: 1 + type: string + value: + description: |- + value of the variable. + Note: the value will be validated against the schema of the corresponding ClusterClassVariable + from the ClusterClass. + Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a + hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools, + i.e. it is not possible to have no type field. + Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 + x-kubernetes-preserve-unknown-fields: true + required: + - name + - value + type: object + maxItems: 1000 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + required: + - class + - name + type: object + maxItems: 2000 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + machinePools: + description: machinePools is a list of machine pools in the + cluster. + items: + description: |- + MachinePoolTopology specifies the different parameters for a pool of worker nodes in the topology. + This pool of nodes is managed by a MachinePool object whose lifecycle is managed by the Cluster controller. + properties: + class: + description: |- + class is the name of the MachinePoolClass used to create the pool of worker nodes. + This should match one of the deployment classes defined in the ClusterClass object + mentioned in the `Cluster.Spec.Class` field. + maxLength: 256 + minLength: 1 + type: string + failureDomains: + description: |- + failureDomains is the list of failure domains the machine pool will be created in. + Must match a key in the FailureDomains map stored on the cluster object. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + type: array + metadata: + description: |- + metadata is the metadata applied to the MachinePool. + At runtime this metadata is merged with the corresponding metadata from the ClusterClass. + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + minReadySeconds: + description: |- + minReadySeconds is the minimum number of seconds for which a newly created machine pool should + be ready. + Defaults to 0 (machine will be considered available as soon as it + is ready) + format: int32 + type: integer + name: + description: |- + name is the unique identifier for this MachinePoolTopology. + The value is used with other unique identifiers to create a MachinePool's Name + (e.g. cluster's name, etc). In case the name is greater than the allowed maximum length, + the values are hashed together. + maxLength: 63 + minLength: 1 + type: string + nodeDeletionTimeout: + description: |- + nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the MachinePool + hosts after the MachinePool is marked for deletion. A duration of 0 will retry deletion indefinitely. + Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: |- + nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + type: string + nodeVolumeDetachTimeout: + description: |- + nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + type: string + replicas: + description: |- + replicas is the number of nodes belonging to this pool. + If the value is nil, the MachinePool is created without the number of Replicas (defaulting to 1) + and it's assumed that an external entity (like cluster autoscaler) is responsible for the management + of this value. + format: int32 + type: integer + variables: + description: variables can be used to customize the + MachinePool through patches. + properties: + overrides: + description: overrides can be used to override Cluster + level variables. + items: + description: |- + ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a + Variable definition in the ClusterClass `status` variables. + properties: + definitionFrom: + description: |- + definitionFrom specifies where the definition of this Variable is from. + + Deprecated: This field is deprecated, must not be set anymore and is going to be removed in the next apiVersion. + maxLength: 256 + type: string + name: + description: name of the variable. + maxLength: 256 + minLength: 1 + type: string + value: + description: |- + value of the variable. + Note: the value will be validated against the schema of the corresponding ClusterClassVariable + from the ClusterClass. + Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a + hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools, + i.e. it is not possible to have no type field. + Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 + x-kubernetes-preserve-unknown-fields: true + required: + - name + - value + type: object + maxItems: 1000 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + required: + - class + - name + type: object + maxItems: 2000 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + required: + - class + - version + type: object + type: object + status: + description: status is the observed state of Cluster. + properties: + conditions: + description: conditions defines current service state of the cluster. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + controlPlaneReady: + description: |- + controlPlaneReady denotes if the control plane became ready during initial provisioning + to receive requests. + NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning. + The value of this field is never updated after provisioning is completed. Please use conditions + to check the operational state of the control plane. + type: boolean + failureDomains: + additionalProperties: + description: |- + FailureDomainSpec is the Schema for Cluster API failure domains. + It allows controllers to understand how many failure domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: controlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: failureDomains is a slice of failure domain objects synced + from the infrastructure provider. + type: object + failureMessage: + description: |- + failureMessage indicates that there is a fatal problem reconciling the + state, and will be set to a descriptive error message. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + maxLength: 10240 + minLength: 1 + type: string + failureReason: + description: |- + failureReason indicates that there is a fatal problem reconciling the + state, and will be set to a token value suitable for + programmatic interpretation. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + type: string + infrastructureReady: + description: infrastructureReady is the state of the infrastructure + provider. + type: boolean + observedGeneration: + description: observedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: phase represents the current phase of cluster actuation. + enum: + - Pending + - Provisioning + - Provisioned + - Deleting + - Failed + - Unknown + type: string + v1beta2: + description: v1beta2 groups all the fields that will be added or modified + in Cluster's status with the V1Beta2 version. + properties: + conditions: + description: |- + conditions represents the observations of a Cluster's current state. + Known condition types are Available, InfrastructureReady, ControlPlaneInitialized, ControlPlaneAvailable, WorkersAvailable, MachinesReady + MachinesUpToDate, RemoteConnectionProbe, ScalingUp, ScalingDown, Remediating, Deleting, Paused. + Additionally, a TopologyReconciled condition will be added in case the Cluster is referencing a ClusterClass / defining a managed Topology. + items: + description: Condition contains details for one aspect of the + current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + controlPlane: + description: controlPlane groups all the observations about Cluster's + ControlPlane current state. + properties: + availableReplicas: + description: availableReplicas is the total number of available + control plane machines in this cluster. A machine is considered + available when Machine's Available condition is true. + format: int32 + type: integer + desiredReplicas: + description: desiredReplicas is the total number of desired + control plane machines in this cluster. + format: int32 + type: integer + readyReplicas: + description: readyReplicas is the total number of ready control + plane machines in this cluster. A machine is considered + ready when Machine's Ready condition is true. + format: int32 + type: integer + replicas: + description: |- + replicas is the total number of control plane machines in this cluster. + NOTE: replicas also includes machines still being provisioned or being deleted. + format: int32 + type: integer + upToDateReplicas: + description: upToDateReplicas is the number of up-to-date + control plane machines in this cluster. A machine is considered + up-to-date when Machine's UpToDate condition is true. + format: int32 + type: integer + type: object + workers: + description: workers groups all the observations about Cluster's + Workers current state. + properties: + availableReplicas: + description: availableReplicas is the total number of available + worker machines in this cluster. A machine is considered + available when Machine's Available condition is true. + format: int32 + type: integer + desiredReplicas: + description: desiredReplicas is the total number of desired + worker machines in this cluster. + format: int32 + type: integer + readyReplicas: + description: readyReplicas is the total number of ready worker + machines in this cluster. A machine is considered ready + when Machine's Ready condition is true. + format: int32 + type: integer + replicas: + description: |- + replicas is the total number of worker machines in this cluster. + NOTE: replicas also includes machines still being provisioned or being deleted. + format: int32 + type: integer + upToDateReplicas: + description: upToDateReplicas is the number of up-to-date + worker machines in this cluster. A machine is considered + up-to-date when Machine's UpToDate condition is true. + format: int32 + type: integer + type: object + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: ClusterClass of this Cluster, empty if the Cluster is not using + a ClusterClass + jsonPath: .spec.topology.classRef.name + name: ClusterClass + type: string + - description: Cluster pass all availability checks + jsonPath: .status.conditions[?(@.type=="Available")].status + name: Available + type: string + - description: The desired number of control plane machines + jsonPath: .status.controlPlane.desiredReplicas + name: CP Desired + type: integer + - description: The number of control plane machines + jsonPath: .status.controlPlane.replicas + name: CP Current + priority: 10 + type: integer + - description: The number of control plane machines with Ready condition true + jsonPath: .status.controlPlane.readyReplicas + name: CP Ready + priority: 10 + type: integer + - description: The number of control plane machines with Available condition true + jsonPath: .status.controlPlane.availableReplicas + name: CP Available + type: integer + - description: The number of control plane machines with UpToDate condition true + jsonPath: .status.controlPlane.upToDateReplicas + name: CP Up-to-date + type: integer + - description: The desired number of worker machines + jsonPath: .status.workers.desiredReplicas + name: W Desired + type: integer + - description: The number of worker machines + jsonPath: .status.workers.replicas + name: W Current + priority: 10 + type: integer + - description: The number of worker machines with Ready condition true + jsonPath: .status.workers.readyReplicas + name: W Ready + priority: 10 + type: integer + - description: The number of worker machines with Available condition true + jsonPath: .status.workers.availableReplicas + name: W Available + type: integer + - description: The number of worker machines with UpToDate condition true + jsonPath: .status.workers.upToDateReplicas + name: W Up-to-date + type: integer + - description: Reconciliation paused + jsonPath: .status.conditions[?(@.type=="Paused")].status + name: Paused + priority: 10 + type: string + - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed + jsonPath: .status.phase + name: Phase + type: string + - description: Time duration since creation of Cluster + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this Cluster + jsonPath: .spec.topology.version + name: Version + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: Cluster is the Schema for the clusters API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the desired state of Cluster. + minProperties: 1 + properties: + availabilityGates: + description: |- + availabilityGates specifies additional conditions to include when evaluating Cluster Available condition. + + If this field is not defined and the Cluster implements a managed topology, availabilityGates + from the corresponding ClusterClass will be used, if any. + items: + description: ClusterAvailabilityGate contains the type of a Cluster + condition to be used as availability gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Cluster's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as availability gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this availabilityGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map + clusterNetwork: + description: clusterNetwork represents the cluster network configuration. + minProperties: 1 + properties: + apiServerPort: + description: |- + apiServerPort specifies the port the API Server should bind to. + Defaults to 6443. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + pods: + description: pods is the network ranges from which Pod networks + are allocated. + properties: + cidrBlocks: + description: cidrBlocks is a list of CIDR blocks. + items: + maxLength: 43 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + required: + - cidrBlocks + type: object + serviceDomain: + description: serviceDomain is the domain name for services. + maxLength: 253 + minLength: 1 + type: string + services: + description: services is the network ranges from which service + VIPs are allocated. + properties: + cidrBlocks: + description: cidrBlocks is a list of CIDR blocks. + items: + maxLength: 43 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + required: + - cidrBlocks + type: object + type: object + controlPlaneEndpoint: + description: controlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + minProperties: 1 + properties: + host: + description: host is the hostname on which the API server is serving. + maxLength: 512 + minLength: 1 + type: string + port: + description: port is the port on which the API server is serving. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + type: object + controlPlaneRef: + description: |- + controlPlaneRef is an optional reference to a provider-specific resource that holds + the details for provisioning the Control Plane for a Cluster. + properties: + apiGroup: + description: |- + apiGroup is the group of the resource being referenced. + apiGroup must be fully qualified domain name. + The corresponding version for this reference will be looked up from the contract + labels of the corresponding CRD of the resource being referenced. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: |- + kind of the resource being referenced. + kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: |- + name of the resource being referenced. + name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - apiGroup + - kind + - name + type: object + infrastructureRef: + description: |- + infrastructureRef is a reference to a provider-specific resource that holds the details + for provisioning infrastructure for a cluster in said provider. + properties: + apiGroup: + description: |- + apiGroup is the group of the resource being referenced. + apiGroup must be fully qualified domain name. + The corresponding version for this reference will be looked up from the contract + labels of the corresponding CRD of the resource being referenced. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: |- + kind of the resource being referenced. + kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: |- + name of the resource being referenced. + name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - apiGroup + - kind + - name + type: object + paused: + description: paused can be used to prevent controllers from processing + the Cluster and all its associated objects. + type: boolean + topology: + description: |- + topology encapsulates the topology for the cluster. + NOTE: It is required to enable the ClusterTopology + feature gate flag to activate managed topologies support; + this feature is highly experimental, and parts of it might still be not implemented. + properties: + classRef: + description: classRef is the ref to the ClusterClass that should + be used for the topology. + properties: + name: + description: |- + name is the name of the ClusterClass that should be used for the topology. + name must be a valid ClusterClass name and because of that be at most 253 characters in length + and it must consist only of lower case alphanumeric characters, hyphens (-) and periods (.), and must start + and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + namespace is the namespace of the ClusterClass that should be used for the topology. + If namespace is empty or not set, it is defaulted to the namespace of the Cluster object. + namespace must be a valid namespace name and because of that be at most 63 characters in length + and it must consist only of lower case alphanumeric characters or hyphens (-), and must start + and end with an alphanumeric character. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + controlPlane: + description: controlPlane describes the cluster control plane. + minProperties: 1 + properties: + deletion: + description: deletion contains configuration options for Machine + deletion. + minProperties: 1 + properties: + nodeDeletionTimeoutSeconds: + description: |- + nodeDeletionTimeoutSeconds defines how long the controller will attempt to delete the Node that the Machine + hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. + Defaults to 10 seconds. + format: int32 + minimum: 0 + type: integer + nodeDrainTimeoutSeconds: + description: |- + nodeDrainTimeoutSeconds is the total amount of time that the controller will spend on draining a node. + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: nodeDrainTimeoutSeconds is different from `kubectl drain --timeout` + format: int32 + minimum: 0 + type: integer + nodeVolumeDetachTimeoutSeconds: + description: |- + nodeVolumeDetachTimeoutSeconds is the total amount of time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + format: int32 + minimum: 0 + type: integer + type: object + healthCheck: + description: |- + healthCheck allows to enable, disable and override control plane health check + configuration from the ClusterClass for this control plane. + minProperties: 1 + properties: + checks: + description: |- + checks are the checks that are used to evaluate if a Machine is healthy. + + If one of checks and remediation fields are set, the system assumes that an healthCheck override is defined, + and as a consequence the checks and remediation fields from Cluster will be used instead of the + corresponding fields in ClusterClass. + + Independent of this configuration the MachineHealthCheck controller will always + flag Machines with `cluster.x-k8s.io/remediate-machine` annotation and + Machines with deleted Nodes as unhealthy. + + Furthermore, if checks.nodeStartupTimeoutSeconds is not set it + is defaulted to 10 minutes and evaluated accordingly. + minProperties: 1 + properties: + nodeStartupTimeoutSeconds: + description: |- + nodeStartupTimeoutSeconds allows to set the maximum time for MachineHealthCheck + to consider a Machine unhealthy if a corresponding Node isn't associated + through a `Spec.ProviderID` field. + + The duration set in this field is compared to the greatest of: + - Cluster's infrastructure ready condition timestamp (if and when available) + - Control Plane's initialized condition timestamp (if and when available) + - Machine's infrastructure ready condition timestamp (if and when available) + - Machine's metadata creation timestamp + + Defaults to 10 minutes. + If you wish to disable this feature, set the value explicitly to 0. + format: int32 + minimum: 0 + type: integer + unhealthyNodeConditions: + description: |- + unhealthyNodeConditions contains a list of conditions that determine + whether a node is considered unhealthy. The conditions are combined in a + logical OR, i.e. if any of the conditions is met, the node is unhealthy. + items: + description: |- + UnhealthyNodeCondition represents a Node condition type and value with a timeout + specified as a duration. When the named condition has been in the given + status for at least the timeout value, a node is considered unhealthy. + properties: + status: + description: status of the condition, one of + True, False, Unknown. + minLength: 1 + type: string + timeoutSeconds: + description: |- + timeoutSeconds is the duration that a node must be in a given status for, + after which the node is considered unhealthy. + For example, with a value of "1h", the node must match the status + for at least 1 hour before being considered unhealthy. + format: int32 + minimum: 0 + type: integer + type: + description: type of Node condition + minLength: 1 + type: string + required: + - status + - timeoutSeconds + - type + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + enabled: + description: |- + enabled controls if a MachineHealthCheck should be created for the target machines. + + If false: No MachineHealthCheck will be created. + + If not set(default): A MachineHealthCheck will be created if it is defined here or + in the associated ClusterClass. If no MachineHealthCheck is defined then none will be created. + + If true: A MachineHealthCheck is guaranteed to be created. Cluster validation will + block if `enable` is true and no MachineHealthCheck definition is available. + type: boolean + remediation: + description: |- + remediation configures if and how remediations are triggered if a Machine is unhealthy. + + If one of checks and remediation fields are set, the system assumes that an healthCheck override is defined, + and as a consequence the checks and remediation fields from cluster will be used instead of the + corresponding fields in ClusterClass. + + If an health check override is defined and remediation or remediation.triggerIf is not set, + remediation will always be triggered for unhealthy Machines. + + If an health check override is defined and remediation or remediation.templateRef is not set, + the OwnerRemediated condition will be set on unhealthy Machines to trigger remediation via + the owner of the Machines, for example a MachineSet or a KubeadmControlPlane. + minProperties: 1 + properties: + templateRef: + description: |- + templateRef is a reference to a remediation template + provided by an infrastructure provider. + + This field is completely optional, when filled, the MachineHealthCheck controller + creates a new object from the template referenced and hands off remediation of the machine to + a controller that lives outside of Cluster API. + properties: + apiVersion: + description: |- + apiVersion of the remediation template. + apiVersion must be fully qualified domain name followed by / and a version. + NOTE: This field must be kept in sync with the APIVersion of the remediation template. + maxLength: 317 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[a-z]([-a-z0-9]*[a-z0-9])?$ + type: string + kind: + description: |- + kind of the remediation template. + kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: |- + name of the remediation template. + name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - apiVersion + - kind + - name + type: object + triggerIf: + description: |- + triggerIf configures if remediations are triggered. + If this field is not set, remediations are always triggered. + minProperties: 1 + properties: + unhealthyInRange: + description: |- + unhealthyInRange specifies that remediations are only triggered if the number of + unhealthy Machines is in the configured range. + Takes precedence over unhealthyLessThanOrEqualTo. + Eg. "[3-5]" - This means that remediation will be allowed only when: + (a) there are at least 3 unhealthy Machines (and) + (b) there are at most 5 unhealthy Machines + maxLength: 32 + minLength: 1 + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + unhealthyLessThanOrEqualTo: + anyOf: + - type: integer + - type: string + description: |- + unhealthyLessThanOrEqualTo specifies that remediations are only triggered if the number of + unhealthy Machines is less than or equal to the configured value. + unhealthyInRange takes precedence if set. + x-kubernetes-int-or-string: true + type: object + type: object + type: object + metadata: + description: |- + metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane + if the ControlPlaneTemplate referenced by the ClusterClass is machine based. If not, it + is applied only to the ControlPlane. + At runtime this metadata is merged with the corresponding metadata from the ClusterClass. + minProperties: 1 + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + readinessGates: + description: |- + readinessGates specifies additional conditions to include when evaluating Machine Ready condition. + + This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready + computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine. + + If this field is not defined, readinessGates from the corresponding ControlPlaneClass will be used, if any. + + NOTE: Specific control plane provider implementations might automatically extend the list of readinessGates; + e.g. the kubeadm control provider adds ReadinessGates for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc. + items: + description: MachineReadinessGate contains the type of a + Machine condition to be used as a readiness gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Machine's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this readinessGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map + replicas: + description: |- + replicas is the number of control plane nodes. + If the value is not set, the ControlPlane object is created without the number of Replicas + and it's assumed that the control plane controller does not implement support for this field. + When specified against a control plane provider that lacks support for this field, this value will be ignored. + format: int32 + type: integer + variables: + description: variables can be used to customize the ControlPlane + through patches. + minProperties: 1 + properties: + overrides: + description: overrides can be used to override Cluster + level variables. + items: + description: |- + ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a + Variable definition in the ClusterClass `status` variables. + properties: + name: + description: name of the variable. + maxLength: 256 + minLength: 1 + type: string + value: + description: |- + value of the variable. + Note: the value will be validated against the schema of the corresponding ClusterClassVariable + from the ClusterClass. + Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a + hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools, + i.e. it is not possible to have no type field. + Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 + x-kubernetes-preserve-unknown-fields: true + required: + - name + - value + type: object + maxItems: 1000 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: object + variables: + description: |- + variables can be used to customize the Cluster through + patches. They must comply to the corresponding + VariableClasses defined in the ClusterClass. + items: + description: |- + ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a + Variable definition in the ClusterClass `status` variables. + properties: + name: + description: name of the variable. + maxLength: 256 + minLength: 1 + type: string + value: + description: |- + value of the variable. + Note: the value will be validated against the schema of the corresponding ClusterClassVariable + from the ClusterClass. + Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a + hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools, + i.e. it is not possible to have no type field. + Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 + x-kubernetes-preserve-unknown-fields: true + required: + - name + - value + type: object + maxItems: 1000 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + version: + description: version is the Kubernetes version of the cluster. + maxLength: 256 + minLength: 1 + type: string + workers: + description: |- + workers encapsulates the different constructs that form the worker nodes + for the cluster. + minProperties: 1 + properties: + machineDeployments: + description: machineDeployments is a list of machine deployments + in the cluster. + items: + description: |- + MachineDeploymentTopology specifies the different parameters for a set of worker nodes in the topology. + This set of nodes is managed by a MachineDeployment object whose lifecycle is managed by the Cluster controller. + properties: + class: + description: |- + class is the name of the MachineDeploymentClass used to create the set of worker nodes. + This should match one of the deployment classes defined in the ClusterClass object + mentioned in the `Cluster.Spec.Class` field. + maxLength: 256 + minLength: 1 + type: string + deletion: + description: deletion contains configuration options + for Machine deletion. + minProperties: 1 + properties: + nodeDeletionTimeoutSeconds: + description: |- + nodeDeletionTimeoutSeconds defines how long the controller will attempt to delete the Node that the Machine + hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. + Defaults to 10 seconds. + format: int32 + minimum: 0 + type: integer + nodeDrainTimeoutSeconds: + description: |- + nodeDrainTimeoutSeconds is the total amount of time that the controller will spend on draining a node. + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: nodeDrainTimeoutSeconds is different from `kubectl drain --timeout` + format: int32 + minimum: 0 + type: integer + nodeVolumeDetachTimeoutSeconds: + description: |- + nodeVolumeDetachTimeoutSeconds is the total amount of time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + format: int32 + minimum: 0 + type: integer + order: + description: |- + order defines the order in which Machines are deleted when downscaling. + Defaults to "Random". Valid values are "Random, "Newest", "Oldest" + enum: + - Random + - Newest + - Oldest + type: string + type: object + failureDomain: + description: |- + failureDomain is the failure domain the machines will be created in. + Must match a key in the FailureDomains map stored on the cluster object. + maxLength: 256 + minLength: 1 + type: string + healthCheck: + description: |- + healthCheck allows to enable, disable and override MachineDeployment health check + configuration from the ClusterClass for this MachineDeployment. + minProperties: 1 + properties: + checks: + description: |- + checks are the checks that are used to evaluate if a Machine is healthy. + + If one of checks and remediation fields are set, the system assumes that an healthCheck override is defined, + and as a consequence the checks and remediation fields from Cluster will be used instead of the + corresponding fields in ClusterClass. + + Independent of this configuration the MachineHealthCheck controller will always + flag Machines with `cluster.x-k8s.io/remediate-machine` annotation and + Machines with deleted Nodes as unhealthy. + + Furthermore, if checks.nodeStartupTimeoutSeconds is not set it + is defaulted to 10 minutes and evaluated accordingly. + minProperties: 1 + properties: + nodeStartupTimeoutSeconds: + description: |- + nodeStartupTimeoutSeconds allows to set the maximum time for MachineHealthCheck + to consider a Machine unhealthy if a corresponding Node isn't associated + through a `Spec.ProviderID` field. + + The duration set in this field is compared to the greatest of: + - Cluster's infrastructure ready condition timestamp (if and when available) + - Control Plane's initialized condition timestamp (if and when available) + - Machine's infrastructure ready condition timestamp (if and when available) + - Machine's metadata creation timestamp + + Defaults to 10 minutes. + If you wish to disable this feature, set the value explicitly to 0. + format: int32 + minimum: 0 + type: integer + unhealthyNodeConditions: + description: |- + unhealthyNodeConditions contains a list of conditions that determine + whether a node is considered unhealthy. The conditions are combined in a + logical OR, i.e. if any of the conditions is met, the node is unhealthy. + items: + description: |- + UnhealthyNodeCondition represents a Node condition type and value with a timeout + specified as a duration. When the named condition has been in the given + status for at least the timeout value, a node is considered unhealthy. + properties: + status: + description: status of the condition, + one of True, False, Unknown. + minLength: 1 + type: string + timeoutSeconds: + description: |- + timeoutSeconds is the duration that a node must be in a given status for, + after which the node is considered unhealthy. + For example, with a value of "1h", the node must match the status + for at least 1 hour before being considered unhealthy. + format: int32 + minimum: 0 + type: integer + type: + description: type of Node condition + minLength: 1 + type: string + required: + - status + - timeoutSeconds + - type + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + enabled: + description: |- + enabled controls if a MachineHealthCheck should be created for the target machines. + + If false: No MachineHealthCheck will be created. + + If not set(default): A MachineHealthCheck will be created if it is defined here or + in the associated ClusterClass. If no MachineHealthCheck is defined then none will be created. + + If true: A MachineHealthCheck is guaranteed to be created. Cluster validation will + block if `enable` is true and no MachineHealthCheck definition is available. + type: boolean + remediation: + description: |- + remediation configures if and how remediations are triggered if a Machine is unhealthy. + + If one of checks and remediation fields are set, the system assumes that an healthCheck override is defined, + and as a consequence the checks and remediation fields from cluster will be used instead of the + corresponding fields in ClusterClass. + + If an health check override is defined and remediation or remediation.triggerIf is not set, + remediation will always be triggered for unhealthy Machines. + + If an health check override is defined and remediation or remediation.templateRef is not set, + the OwnerRemediated condition will be set on unhealthy Machines to trigger remediation via + the owner of the Machines, for example a MachineSet or a KubeadmControlPlane. + minProperties: 1 + properties: + maxInFlight: + anyOf: + - type: integer + - type: string + description: |- + maxInFlight determines how many in flight remediations should happen at the same time. + + Remediation only happens on the MachineSet with the most current revision, while + older MachineSets (usually present during rollout operations) aren't allowed to remediate. + + Note: In general (independent of remediations), unhealthy machines are always + prioritized during scale down operations over healthy ones. + + MaxInFlight can be set to a fixed number or a percentage. + Example: when this is set to 20%, the MachineSet controller deletes at most 20% of + the desired replicas. + + If not set, remediation is limited to all machines (bounded by replicas) + under the active MachineSet's management. + x-kubernetes-int-or-string: true + templateRef: + description: |- + templateRef is a reference to a remediation template + provided by an infrastructure provider. + + This field is completely optional, when filled, the MachineHealthCheck controller + creates a new object from the template referenced and hands off remediation of the machine to + a controller that lives outside of Cluster API. + properties: + apiVersion: + description: |- + apiVersion of the remediation template. + apiVersion must be fully qualified domain name followed by / and a version. + NOTE: This field must be kept in sync with the APIVersion of the remediation template. + maxLength: 317 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[a-z]([-a-z0-9]*[a-z0-9])?$ + type: string + kind: + description: |- + kind of the remediation template. + kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: |- + name of the remediation template. + name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - apiVersion + - kind + - name + type: object + triggerIf: + description: |- + triggerIf configures if remediations are triggered. + If this field is not set, remediations are always triggered. + minProperties: 1 + properties: + unhealthyInRange: + description: |- + unhealthyInRange specifies that remediations are only triggered if the number of + unhealthy Machines is in the configured range. + Takes precedence over unhealthyLessThanOrEqualTo. + Eg. "[3-5]" - This means that remediation will be allowed only when: + (a) there are at least 3 unhealthy Machines (and) + (b) there are at most 5 unhealthy Machines + maxLength: 32 + minLength: 1 + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + unhealthyLessThanOrEqualTo: + anyOf: + - type: integer + - type: string + description: |- + unhealthyLessThanOrEqualTo specifies that remediations are only triggered if the number of + unhealthy Machines is less than or equal to the configured value. + unhealthyInRange takes precedence if set. + x-kubernetes-int-or-string: true + type: object + type: object + type: object + metadata: + description: |- + metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment. + At runtime this metadata is merged with the corresponding metadata from the ClusterClass. + minProperties: 1 + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + minReadySeconds: + description: |- + minReadySeconds is the minimum number of seconds for which a newly created machine should + be ready. + Defaults to 0 (machine will be considered available as soon as it + is ready) + format: int32 + minimum: 0 + type: integer + name: + description: |- + name is the unique identifier for this MachineDeploymentTopology. + The value is used with other unique identifiers to create a MachineDeployment's Name + (e.g. cluster's name, etc). In case the name is greater than the allowed maximum length, + the values are hashed together. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + readinessGates: + description: |- + readinessGates specifies additional conditions to include when evaluating Machine Ready condition. + + This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready + computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine. + + If this field is not defined, readinessGates from the corresponding MachineDeploymentClass will be used, if any. + items: + description: MachineReadinessGate contains the type + of a Machine condition to be used as a readiness + gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Machine's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this readinessGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map + replicas: + description: |- + replicas is the number of worker nodes belonging to this set. + If the value is nil, the MachineDeployment is created without the number of Replicas (defaulting to 1) + and it's assumed that an external entity (like cluster autoscaler) is responsible for the management + of this value. + format: int32 + type: integer + rollout: + description: |- + rollout allows you to configure the behaviour of rolling updates to the MachineDeployment Machines. + It allows you to define the strategy used during rolling replacements. + minProperties: 1 + properties: + strategy: + description: strategy specifies how to roll out + control plane Machines. + minProperties: 1 + properties: + rollingUpdate: + description: |- + rollingUpdate is the rolling update config params. Present only if + type = RollingUpdate. + minProperties: 1 + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + maxSurge is the maximum number of machines that can be scheduled above the + desired number of machines. + Value can be an absolute number (ex: 5) or a percentage of + desired machines (ex: 10%). + This can not be 0 if MaxUnavailable is 0. + Absolute number is calculated from percentage by rounding up. + Defaults to 1. + Example: when this is set to 30%, the new MachineSet can be scaled + up immediately when the rolling update starts, such that the total + number of old and new machines do not exceed 130% of desired + machines. Once old machines have been killed, new MachineSet can + be scaled up further, ensuring that total number of machines running + at any time during the update is at most 130% of desired machines. + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + maxUnavailable is the maximum number of machines that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of desired + machines (ex: 10%). + Absolute number is calculated from percentage by rounding down. + This can not be 0 if MaxSurge is 0. + Defaults to 0. + Example: when this is set to 30%, the old MachineSet can be scaled + down to 70% of desired machines immediately when the rolling update + starts. Once new machines are ready, old MachineSet can be scaled + down further, followed by scaling up the new MachineSet, ensuring + that the total number of machines available at all times + during the update is at least 70% of desired machines. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + type of rollout. Allowed values are RollingUpdate and OnDelete. + Default is RollingUpdate. + enum: + - RollingUpdate + - OnDelete + type: string + required: + - type + type: object + type: object + variables: + description: variables can be used to customize the + MachineDeployment through patches. + minProperties: 1 + properties: + overrides: + description: overrides can be used to override Cluster + level variables. + items: + description: |- + ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a + Variable definition in the ClusterClass `status` variables. + properties: + name: + description: name of the variable. + maxLength: 256 + minLength: 1 + type: string + value: + description: |- + value of the variable. + Note: the value will be validated against the schema of the corresponding ClusterClassVariable + from the ClusterClass. + Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a + hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools, + i.e. it is not possible to have no type field. + Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 + x-kubernetes-preserve-unknown-fields: true + required: + - name + - value + type: object + maxItems: 1000 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + required: + - class + - name + type: object + maxItems: 2000 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + machinePools: + description: machinePools is a list of machine pools in the + cluster. + items: + description: |- + MachinePoolTopology specifies the different parameters for a pool of worker nodes in the topology. + This pool of nodes is managed by a MachinePool object whose lifecycle is managed by the Cluster controller. + properties: + class: + description: |- + class is the name of the MachinePoolClass used to create the pool of worker nodes. + This should match one of the deployment classes defined in the ClusterClass object + mentioned in the `Cluster.Spec.Class` field. + maxLength: 256 + minLength: 1 + type: string + deletion: + description: deletion contains configuration options + for Machine deletion. + minProperties: 1 + properties: + nodeDeletionTimeoutSeconds: + description: |- + nodeDeletionTimeoutSeconds defines how long the controller will attempt to delete the Node that the MachinePool + hosts after the MachinePool is marked for deletion. A duration of 0 will retry deletion indefinitely. + Defaults to 10 seconds. + format: int32 + minimum: 0 + type: integer + nodeDrainTimeoutSeconds: + description: |- + nodeDrainTimeoutSeconds is the total amount of time that the controller will spend on draining a node. + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: nodeDrainTimeoutSeconds is different from `kubectl drain --timeout` + format: int32 + minimum: 0 + type: integer + nodeVolumeDetachTimeoutSeconds: + description: |- + nodeVolumeDetachTimeoutSeconds is the total amount of time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + format: int32 + minimum: 0 + type: integer + type: object + failureDomains: + description: |- + failureDomains is the list of failure domains the machine pool will be created in. + Must match a key in the FailureDomains map stored on the cluster object. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + metadata: + description: |- + metadata is the metadata applied to the MachinePool. + At runtime this metadata is merged with the corresponding metadata from the ClusterClass. + minProperties: 1 + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + minReadySeconds: + description: |- + minReadySeconds is the minimum number of seconds for which a newly created machine pool should + be ready. + Defaults to 0 (machine will be considered available as soon as it + is ready) + format: int32 + minimum: 0 + type: integer + name: + description: |- + name is the unique identifier for this MachinePoolTopology. + The value is used with other unique identifiers to create a MachinePool's Name + (e.g. cluster's name, etc). In case the name is greater than the allowed maximum length, + the values are hashed together. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + replicas: + description: |- + replicas is the number of nodes belonging to this pool. + If the value is nil, the MachinePool is created without the number of Replicas (defaulting to 1) + and it's assumed that an external entity (like cluster autoscaler) is responsible for the management + of this value. + format: int32 + type: integer + variables: + description: variables can be used to customize the + MachinePool through patches. + minProperties: 1 + properties: + overrides: + description: overrides can be used to override Cluster + level variables. + items: + description: |- + ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a + Variable definition in the ClusterClass `status` variables. + properties: + name: + description: name of the variable. + maxLength: 256 + minLength: 1 + type: string + value: + description: |- + value of the variable. + Note: the value will be validated against the schema of the corresponding ClusterClassVariable + from the ClusterClass. + Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a + hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools, + i.e. it is not possible to have no type field. + Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 + x-kubernetes-preserve-unknown-fields: true + required: + - name + - value + type: object + maxItems: 1000 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + required: + - class + - name + type: object + maxItems: 2000 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + required: + - classRef + - version + type: object + type: object + status: + description: status is the observed state of Cluster. + minProperties: 1 + properties: + conditions: + description: |- + conditions represents the observations of a Cluster's current state. + Known condition types are Available, InfrastructureReady, ControlPlaneInitialized, ControlPlaneAvailable, WorkersAvailable, MachinesReady + MachinesUpToDate, RemoteConnectionProbe, ScalingUp, ScalingDown, Remediating, Deleting, Paused. + Additionally, a TopologyReconciled condition will be added in case the Cluster is referencing a ClusterClass / defining a managed Topology. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + controlPlane: + description: controlPlane groups all the observations about Cluster's + ControlPlane current state. + properties: + availableReplicas: + description: availableReplicas is the total number of available + control plane machines in this cluster. A machine is considered + available when Machine's Available condition is true. + format: int32 + type: integer + desiredReplicas: + description: desiredReplicas is the total number of desired control + plane machines in this cluster. + format: int32 + type: integer + readyReplicas: + description: readyReplicas is the total number of ready control + plane machines in this cluster. A machine is considered ready + when Machine's Ready condition is true. + format: int32 + type: integer + replicas: + description: |- + replicas is the total number of control plane machines in this cluster. + NOTE: replicas also includes machines still being provisioned or being deleted. + format: int32 + type: integer + upToDateReplicas: + description: upToDateReplicas is the number of up-to-date control + plane machines in this cluster. A machine is considered up-to-date + when Machine's UpToDate condition is true. + format: int32 + type: integer + type: object + deprecated: + description: deprecated groups all the status fields that are deprecated + and will be removed when all the nested field are removed. + properties: + v1beta1: + description: v1beta1 groups all the status fields that are deprecated + and will be removed when support for v1beta1 will be dropped. + properties: + conditions: + description: |- + conditions defines current service state of the cluster. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + items: + description: Condition defines an observation of a Cluster + API resource operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, + Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: |- + failureMessage indicates that there is a fatal problem reconciling the + state, and will be set to a descriptive error message. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + maxLength: 10240 + minLength: 1 + type: string + failureReason: + description: |- + failureReason indicates that there is a fatal problem reconciling the + state, and will be set to a token value suitable for + programmatic interpretation. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + type: string + type: object + type: object + failureDomains: + description: failureDomains is a slice of failure domain objects synced + from the infrastructure provider. + items: + description: |- + FailureDomain is the Schema for Cluster API failure domains. + It allows controllers to understand how many failure domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: controlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + name: + description: name is the name of the failure domain. + maxLength: 256 + minLength: 1 + type: string + required: + - name + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + initialization: + description: |- + initialization provides observations of the Cluster initialization process. + NOTE: Fields in this struct are part of the Cluster API contract and are used to orchestrate initial Cluster provisioning. + minProperties: 1 + properties: + controlPlaneInitialized: + description: |- + controlPlaneInitialized denotes when the control plane is functional enough to accept requests. + This information is usually used as a signal for starting all the provisioning operations that depends on + a functional API server, but do not require a full HA control plane to exists, like e.g. join worker Machines, + install core addons like CNI, CPI, CSI etc. + NOTE: this field is part of the Cluster API contract, and it is used to orchestrate provisioning. + The value of this field is never updated after initialization is completed. + type: boolean + infrastructureProvisioned: + description: |- + infrastructureProvisioned is true when the infrastructure provider reports that Cluster's infrastructure is fully provisioned. + NOTE: this field is part of the Cluster API contract, and it is used to orchestrate provisioning. + The value of this field is never updated after provisioning is completed. + type: boolean + type: object + observedGeneration: + description: observedGeneration is the latest generation observed + by the controller. + format: int64 + minimum: 1 + type: integer + phase: + description: phase represents the current phase of cluster actuation. + enum: + - Pending + - Provisioning + - Provisioned + - Deleting + - Failed + - Unknown + type: string + workers: + description: workers groups all the observations about Cluster's Workers + current state. + properties: + availableReplicas: + description: availableReplicas is the total number of available + worker machines in this cluster. A machine is considered available + when Machine's Available condition is true. + format: int32 + type: integer + desiredReplicas: + description: desiredReplicas is the total number of desired worker + machines in this cluster. + format: int32 + type: integer + readyReplicas: + description: readyReplicas is the total number of ready worker + machines in this cluster. A machine is considered ready when + Machine's Ready condition is true. + format: int32 + type: integer + replicas: + description: |- + replicas is the total number of worker machines in this cluster. + NOTE: replicas also includes machines still being provisioned or being deleted. + format: int32 + type: integer + upToDateReplicas: + description: upToDateReplicas is the number of up-to-date worker + machines in this cluster. A machine is considered up-to-date + when Machine's UpToDate condition is true. + format: int32 + type: integer + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.18.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: extensionconfigs.runtime.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: runtime.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: ExtensionConfig + listKind: ExtensionConfigList + plural: extensionconfigs + shortNames: + - ext + singular: extensionconfig + scope: Cluster + versions: + - additionalPrinterColumns: + - description: Time duration since creation of ExtensionConfig + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha1 + schema: + openAPIV3Schema: + description: ExtensionConfig is the Schema for the ExtensionConfig API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the desired state of the ExtensionConfig. + properties: + clientConfig: + description: clientConfig defines how to communicate with the Extension + server. + properties: + caBundle: + description: caBundle is a PEM encoded CA bundle which will be + used to validate the Extension server's server certificate. + format: byte + maxLength: 51200 + minLength: 1 + type: string + service: + description: |- + service is a reference to the Kubernetes service for the Extension server. + Note: Exactly one of `url` or `service` must be specified. + + If the Extension server is running within a cluster, then you should use `service`. + properties: + name: + description: name is the name of the service. + maxLength: 63 + minLength: 1 + type: string + namespace: + description: namespace is the namespace of the service. + maxLength: 63 + minLength: 1 + type: string + path: + description: |- + path is an optional URL path and if present may be any string permissible in + a URL. If a path is set it will be used as prefix to the hook-specific path. + maxLength: 512 + minLength: 1 + type: string + port: + description: |- + port is the port on the service that's hosting the Extension server. + Defaults to 443. + Port should be a valid port number (1-65535, inclusive). + format: int32 + type: integer + required: + - name + - namespace + type: object + url: + description: |- + url gives the location of the Extension server, in standard URL form + (`scheme://host:port/path`). + Note: Exactly one of `url` or `service` must be specified. + + The scheme must be "https". + + The `host` should not refer to a service running in the cluster; use + the `service` field instead. + + A path is optional, and if present may be any string permissible in + a URL. If a path is set it will be used as prefix to the hook-specific path. + + Attempting to use a user or basic auth e.g. "user:password@" is not + allowed. Fragments ("#...") and query parameters ("?...") are not + allowed either. + maxLength: 512 + minLength: 1 + type: string + type: object + namespaceSelector: + description: |- + namespaceSelector decides whether to call the hook for an object based + on whether the namespace for that object matches the selector. + Defaults to the empty LabelSelector, which matches all objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + settings: + additionalProperties: + type: string + description: |- + settings defines key value pairs to be passed to all calls + to all supported RuntimeExtensions. + Note: Settings can be overridden on the ClusterClass. + type: object + required: + - clientConfig + type: object + status: + description: status is the current state of the ExtensionConfig + properties: + conditions: + description: conditions define the current service state of the ExtensionConfig. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + handlers: + description: handlers defines the current ExtensionHandlers supported + by an Extension. + items: + description: ExtensionHandler specifies the details of a handler + for a particular runtime hook registered by an Extension server. + properties: + failurePolicy: + description: |- + failurePolicy defines how failures in calls to the ExtensionHandler should be handled by a client. + Defaults to Fail if not set. + enum: + - Ignore + - Fail + type: string + name: + description: name is the unique name of the ExtensionHandler. + maxLength: 512 + minLength: 1 + type: string + requestHook: + description: requestHook defines the versioned runtime hook + which this ExtensionHandler serves. + properties: + apiVersion: + description: apiVersion is the group and version of the + Hook. + maxLength: 512 + minLength: 1 + type: string + hook: + description: hook is the name of the hook. + maxLength: 256 + minLength: 1 + type: string + required: + - apiVersion + - hook + type: object + timeoutSeconds: + description: |- + timeoutSeconds defines the timeout duration for client calls to the ExtensionHandler. + Defaults to 10 is not set. + format: int32 + type: integer + required: + - name + - requestHook + type: object + maxItems: 512 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + v1beta2: + description: v1beta2 groups all the fields that will be added or modified + in ExtensionConfig's status with the V1Beta2 version. + properties: + conditions: + description: |- + conditions represents the observations of a ExtensionConfig's current state. + Known condition types are Discovered, Paused. + items: + description: Condition contains details for one aspect of the + current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Reconciliation paused + jsonPath: .status.conditions[?(@.type=="Paused")].status + name: Paused + priority: 10 + type: string + - description: ExtensionConfig discovered + jsonPath: .status.conditions[?(@.type=="Discovered")].status + name: Discovered + type: string + - description: Time duration since creation of ExtensionConfig + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: |- + ExtensionConfig is the Schema for the ExtensionConfig API. + NOTE: This CRD can only be used if the RuntimeSDK feature gate is enabled. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the desired state of the ExtensionConfig. + properties: + clientConfig: + description: clientConfig defines how to communicate with the Extension + server. + minProperties: 1 + properties: + caBundle: + description: caBundle is a PEM encoded CA bundle which will be + used to validate the Extension server's server certificate. + format: byte + maxLength: 51200 + minLength: 1 + type: string + service: + description: |- + service is a reference to the Kubernetes service for the Extension server. + Note: Exactly one of `url` or `service` must be specified. + + If the Extension server is running within a cluster, then you should use `service`. + properties: + name: + description: name is the name of the service. + maxLength: 63 + minLength: 1 + type: string + namespace: + description: namespace is the namespace of the service. + maxLength: 63 + minLength: 1 + type: string + path: + description: |- + path is an optional URL path and if present may be any string permissible in + a URL. If a path is set it will be used as prefix to the hook-specific path. + maxLength: 512 + minLength: 1 + type: string + port: + description: |- + port is the port on the service that's hosting the Extension server. + Defaults to 443. + Port should be a valid port number (1-65535, inclusive). + format: int32 + type: integer + required: + - name + - namespace + type: object + url: + description: |- + url gives the location of the Extension server, in standard URL form + (`scheme://host:port/path`). + Note: Exactly one of `url` or `service` must be specified. + + The scheme must be "https". + + The `host` should not refer to a service running in the cluster; use + the `service` field instead. + + A path is optional, and if present may be any string permissible in + a URL. If a path is set it will be used as prefix to the hook-specific path. + + Attempting to use a user or basic auth e.g. "user:password@" is not + allowed. Fragments ("#...") and query parameters ("?...") are not + allowed either. + maxLength: 512 + minLength: 1 + type: string + type: object + namespaceSelector: + description: |- + namespaceSelector decides whether to call the hook for an object based + on whether the namespace for that object matches the selector. + Defaults to the empty LabelSelector, which matches all objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + settings: + additionalProperties: + type: string + description: |- + settings defines key value pairs to be passed to all calls + to all supported RuntimeExtensions. + Note: Settings can be overridden on the ClusterClass. + type: object + required: + - clientConfig + type: object + status: + description: status is the current state of the ExtensionConfig + minProperties: 1 + properties: + conditions: + description: |- + conditions represents the observations of a ExtensionConfig's current state. + Known condition types are Discovered, Paused. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + deprecated: + description: deprecated groups all the status fields that are deprecated + and will be removed when all the nested field are removed. + properties: + v1beta1: + description: |- + v1beta1 groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + properties: + conditions: + description: |- + conditions defines current service state of the ExtensionConfig. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + items: + description: Condition defines an observation of a Cluster + API resource operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, + Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + type: object + type: object + handlers: + description: handlers defines the current ExtensionHandlers supported + by an Extension. + items: + description: ExtensionHandler specifies the details of a handler + for a particular runtime hook registered by an Extension server. + properties: + failurePolicy: + description: |- + failurePolicy defines how failures in calls to the ExtensionHandler should be handled by a client. + Defaults to Fail if not set. + enum: + - Ignore + - Fail + type: string + name: + description: name is the unique name of the ExtensionHandler. + maxLength: 512 + minLength: 1 + type: string + requestHook: + description: requestHook defines the versioned runtime hook + which this ExtensionHandler serves. + properties: + apiVersion: + description: apiVersion is the group and version of the + Hook. + maxLength: 512 + minLength: 1 + type: string + hook: + description: hook is the name of the hook. + maxLength: 256 + minLength: 1 + type: string + required: + - apiVersion + - hook + type: object + timeoutSeconds: + description: |- + timeoutSeconds defines the timeout duration for client calls to the ExtensionHandler. + Defaults to 10 if not set. + format: int32 + minimum: 1 + type: integer + required: + - name + - requestHook + type: object + maxItems: 512 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.18.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: machinedeployments.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: MachineDeployment + listKind: MachineDeploymentList + plural: machinedeployments + shortNames: + - md + singular: machinedeployment + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Total number of machines desired by this MachineDeployment + jsonPath: .spec.replicas + name: Desired + priority: 10 + type: integer + - description: Total number of non-terminated machines targeted by this MachineDeployment + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of ready machines targeted by this MachineDeployment + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Total number of non-terminated machines targeted by this deployment + that have the desired template spec + jsonPath: .status.updatedReplicas + name: Updated + type: integer + - description: Total number of unavailable machines targeted by this MachineDeployment + jsonPath: .status.unavailableReplicas + name: Unavailable + type: integer + - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown + jsonPath: .status.phase + name: Phase + type: string + - description: Time duration since creation of MachineDeployment + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this MachineDeployment + jsonPath: .spec.template.spec.version + name: Version + type: string + deprecated: true + name: v1beta1 + schema: + openAPIV3Schema: + description: MachineDeployment is the Schema for the machinedeployments API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the desired state of MachineDeployment. + properties: + clusterName: + description: clusterName is the name of the Cluster this object belongs + to. + maxLength: 63 + minLength: 1 + type: string + machineNamingStrategy: + description: |- + machineNamingStrategy allows changing the naming pattern used when creating Machines. + Note: InfraMachines & BootstrapConfigs will use the same name as the corresponding Machines. + properties: + template: + description: |- + template defines the template to use for generating the names of the + Machine objects. + If not defined, it will fallback to `{{ .machineSet.name }}-{{ .random }}`. + If the generated name string exceeds 63 characters, it will be trimmed to + 58 characters and will + get concatenated with a random suffix of length 5. + Length of the template string must not exceed 256 characters. + The template allows the following variables `.cluster.name`, + `.machineSet.name` and `.random`. + The variable `.cluster.name` retrieves the name of the cluster object + that owns the Machines being created. + The variable `.machineSet.name` retrieves the name of the MachineSet + object that owns the Machines being created. + The variable `.random` is substituted with random alphanumeric string, + without vowels, of length 5. This variable is required part of the + template. If not provided, validation will fail. + maxLength: 256 + minLength: 1 + type: string + type: object + minReadySeconds: + description: |- + minReadySeconds is the minimum number of seconds for which a Node for a newly created machine should be ready before considering the replica available. + Defaults to 0 (machine will be considered available as soon as the Node is ready) + format: int32 + type: integer + paused: + description: paused indicates that the deployment is paused. + type: boolean + progressDeadlineSeconds: + description: |- + progressDeadlineSeconds is the maximum time in seconds for a deployment to make progress before it + is considered to be failed. The deployment controller will continue to + process failed deployments and a condition with a ProgressDeadlineExceeded + reason will be surfaced in the deployment status. Note that progress will + not be estimated during the time a deployment is paused. Defaults to 600s. + + Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/11470 for more details. + format: int32 + type: integer + replicas: + description: |- + replicas is the number of desired machines. + This is a pointer to distinguish between explicit zero and not specified. + + Defaults to: + * if the Kubernetes autoscaler min size and max size annotations are set: + - if it's a new MachineDeployment, use min size + - if the replicas field of the old MachineDeployment is < min size, use min size + - if the replicas field of the old MachineDeployment is > max size, use max size + - if the replicas field of the old MachineDeployment is in the (min size, max size) range, keep the value from the oldMD + * otherwise use 1 + Note: Defaulting will be run whenever the replicas field is not set: + * A new MachineDeployment is created with replicas not set. + * On an existing MachineDeployment the replicas field was first set and is now unset. + Those cases are especially relevant for the following Kubernetes autoscaler use cases: + * A new MachineDeployment is created and replicas should be managed by the autoscaler + * An existing MachineDeployment which initially wasn't controlled by the autoscaler + should be later controlled by the autoscaler + format: int32 + type: integer + revisionHistoryLimit: + description: |- + revisionHistoryLimit is the number of old MachineSets to retain to allow rollback. + This is a pointer to distinguish between explicit zero and not specified. + Defaults to 1. + + Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/10479 for more details. + format: int32 + type: integer + rolloutAfter: + description: |- + rolloutAfter is a field to indicate a rollout should be performed + after the specified time even if no changes have been made to the + MachineDeployment. + Example: In the YAML the time can be specified in the RFC3339 format. + To specify the rolloutAfter target as March 9, 2023, at 9 am UTC + use "2023-03-09T09:00:00Z". + format: date-time + type: string + selector: + description: |- + selector is the label selector for machines. Existing MachineSets whose machines are + selected by this will be the ones affected by this deployment. + It must match the machine template's labels. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + strategy: + description: |- + strategy is the deployment strategy to use to replace existing machines with + new ones. + properties: + remediation: + description: |- + remediation controls the strategy of remediating unhealthy machines + and how remediating operations should occur during the lifecycle of the dependant MachineSets. + properties: + maxInFlight: + anyOf: + - type: integer + - type: string + description: |- + maxInFlight determines how many in flight remediations should happen at the same time. + + Remediation only happens on the MachineSet with the most current revision, while + older MachineSets (usually present during rollout operations) aren't allowed to remediate. + + Note: In general (independent of remediations), unhealthy machines are always + prioritized during scale down operations over healthy ones. + + MaxInFlight can be set to a fixed number or a percentage. + Example: when this is set to 20%, the MachineSet controller deletes at most 20% of + the desired replicas. + + If not set, remediation is limited to all machines (bounded by replicas) + under the active MachineSet's management. + x-kubernetes-int-or-string: true + type: object + rollingUpdate: + description: |- + rollingUpdate is the rolling update config params. Present only if + MachineDeploymentStrategyType = RollingUpdate. + properties: + deletePolicy: + description: |- + deletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling. + Valid values are "Random, "Newest", "Oldest" + When no value is supplied, the default DeletePolicy of MachineSet is used + enum: + - Random + - Newest + - Oldest + type: string + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + maxSurge is the maximum number of machines that can be scheduled above the + desired number of machines. + Value can be an absolute number (ex: 5) or a percentage of + desired machines (ex: 10%). + This can not be 0 if MaxUnavailable is 0. + Absolute number is calculated from percentage by rounding up. + Defaults to 1. + Example: when this is set to 30%, the new MachineSet can be scaled + up immediately when the rolling update starts, such that the total + number of old and new machines do not exceed 130% of desired + machines. Once old machines have been killed, new MachineSet can + be scaled up further, ensuring that total number of machines running + at any time during the update is at most 130% of desired machines. + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + maxUnavailable is the maximum number of machines that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of desired + machines (ex: 10%). + Absolute number is calculated from percentage by rounding down. + This can not be 0 if MaxSurge is 0. + Defaults to 0. + Example: when this is set to 30%, the old MachineSet can be scaled + down to 70% of desired machines immediately when the rolling update + starts. Once new machines are ready, old MachineSet can be scaled + down further, followed by scaling up the new MachineSet, ensuring + that the total number of machines available at all times + during the update is at least 70% of desired machines. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + type of deployment. Allowed values are RollingUpdate and OnDelete. + The default is RollingUpdate. + enum: + - RollingUpdate + - OnDelete + type: string + type: object + template: + description: template describes the machines that will be created. + properties: + metadata: + description: |- + metadata is the standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + spec is the specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + bootstrap: + description: |- + bootstrap is a reference to a local struct which encapsulates + fields to configure the Machine’s bootstrapping mechanism. + properties: + configRef: + description: |- + configRef is a reference to a bootstrap provider-specific resource + that holds configuration details. The reference is optional to + allow users/operators to specify Bootstrap.DataSecretName without + the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: |- + dataSecretName is the name of the secret that stores the bootstrap data script. + If nil, the Machine should remain in the Pending state. + maxLength: 253 + minLength: 0 + type: string + type: object + clusterName: + description: clusterName is the name of the Cluster this object + belongs to. + maxLength: 63 + minLength: 1 + type: string + failureDomain: + description: |- + failureDomain is the failure domain the machine will be created in. + Must match a key in the FailureDomains map stored on the cluster object. + maxLength: 256 + minLength: 1 + type: string + infrastructureRef: + description: |- + infrastructureRef is a required reference to a custom resource + offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + nodeDeletionTimeout: + description: |- + nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine + hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. + Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: |- + nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + type: string + nodeVolumeDetachTimeout: + description: |- + nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + type: string + providerID: + description: |- + providerID is the identification ID of the machine provided by the provider. + This field must match the provider ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler + with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out + machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a + generic out-of-tree provider for autoscaler, this field is required by autoscaler to be + able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver + and then a comparison is done to find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by higher level entities like autoscaler that will + be interfacing with cluster-api as generic provider. + maxLength: 512 + minLength: 1 + type: string + readinessGates: + description: |- + readinessGates specifies additional conditions to include when evaluating Machine Ready condition. + + This field can be used e.g. by Cluster API control plane providers to extend the semantic of the + Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates + for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc. + + Another example are external controllers, e.g. responsible to install special software/hardware on the Machines; + they can include the status of those components with a new condition and add this condition to ReadinessGates. + + NOTE: This field is considered only for computing v1beta2 conditions. + NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those + readiness gates condition are reporting the same message, when computing the Machine's Ready condition those + readinessGates will be replaced by a single entry reporting "Control plane components: " + message. + This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster). + items: + description: MachineReadinessGate contains the type of a + Machine condition to be used as a readiness gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Machine's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this readinessGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map + version: + description: |- + version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + maxLength: 256 + minLength: 1 + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - selector + - template + type: object + status: + description: status is the observed state of MachineDeployment. + properties: + availableReplicas: + description: |- + availableReplicas is the total number of available machines (ready for at least minReadySeconds) + targeted by this deployment. + format: int32 + type: integer + conditions: + description: conditions defines current service state of the MachineDeployment. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + observedGeneration: + description: observedGeneration is the generation observed by the + deployment controller. + format: int64 + type: integer + phase: + description: phase represents the current phase of a MachineDeployment + (ScalingUp, ScalingDown, Running, Failed, or Unknown). + enum: + - ScalingUp + - ScalingDown + - Running + - Failed + - Unknown + type: string + readyReplicas: + description: readyReplicas is the total number of ready machines targeted + by this deployment. + format: int32 + type: integer + replicas: + description: |- + replicas is the total number of non-terminated machines targeted by this deployment + (their labels match the selector). + format: int32 + type: integer + selector: + description: |- + selector is the same as the label selector but in the string format to avoid introspection + by clients. The string will be in the same format as the query-param syntax. + More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors + maxLength: 4096 + minLength: 1 + type: string + unavailableReplicas: + description: |- + unavailableReplicas is the total number of unavailable machines targeted by this deployment. + This is the total number of machines that are still required for + the deployment to have 100% available capacity. They may either + be machines that are running but not yet available or machines + that still have not been created. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + format: int32 + type: integer + updatedReplicas: + description: |- + updatedReplicas is the total number of non-terminated machines targeted by this deployment + that have the desired template spec. + format: int32 + type: integer + v1beta2: + description: v1beta2 groups all the fields that will be added or modified + in MachineDeployment's status with the V1Beta2 version. + properties: + availableReplicas: + description: availableReplicas is the number of available replicas + for this MachineDeployment. A machine is considered available + when Machine's Available condition is true. + format: int32 + type: integer + conditions: + description: |- + conditions represents the observations of a MachineDeployment's current state. + Known condition types are Available, MachinesReady, MachinesUpToDate, ScalingUp, ScalingDown, Remediating, Deleting, Paused. + items: + description: Condition contains details for one aspect of the + current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + readyReplicas: + description: readyReplicas is the number of ready replicas for + this MachineDeployment. A machine is considered ready when Machine's + Ready condition is true. + format: int32 + type: integer + upToDateReplicas: + description: upToDateReplicas is the number of up-to-date replicas + targeted by this deployment. A machine is considered up-to-date + when Machine's UpToDate condition is true. + format: int32 + type: integer + type: object + type: object + type: object + served: true + storage: false + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Cluster pass all availability checks + jsonPath: .status.conditions[?(@.type=="Available")].status + name: Available + type: string + - description: The desired number of machines + jsonPath: .spec.replicas + name: Desired + type: integer + - description: The number of machines + jsonPath: .status.replicas + name: Current + type: integer + - description: The number of machines with Ready condition true + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: The number of machines with Available condition true + jsonPath: .status.availableReplicas + name: Available + type: integer + - description: The number of machines with UpToDate condition true + jsonPath: .status.upToDateReplicas + name: Up-to-date + type: integer + - description: Reconciliation paused + jsonPath: .status.conditions[?(@.type=="Paused")].status + name: Paused + priority: 10 + type: string + - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown + jsonPath: .status.phase + name: Phase + type: string + - description: Time duration since creation of MachineDeployment + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this MachineDeployment + jsonPath: .spec.template.spec.version + name: Version + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: MachineDeployment is the Schema for the machinedeployments API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the desired state of MachineDeployment. + properties: + clusterName: + description: clusterName is the name of the Cluster this object belongs + to. + maxLength: 63 + minLength: 1 + type: string + deletion: + description: deletion contains configuration options for MachineDeployment + deletion. + minProperties: 1 + properties: + order: + description: |- + order defines the order in which Machines are deleted when downscaling. + Defaults to "Random". Valid values are "Random, "Newest", "Oldest" + enum: + - Random + - Newest + - Oldest + type: string + type: object + machineNaming: + description: |- + machineNaming allows changing the naming pattern used when creating Machines. + Note: InfraMachines & BootstrapConfigs will use the same name as the corresponding Machines. + minProperties: 1 + properties: + template: + description: |- + template defines the template to use for generating the names of the + Machine objects. + If not defined, it will fallback to `{{ .machineSet.name }}-{{ .random }}`. + If the generated name string exceeds 63 characters, it will be trimmed to + 58 characters and will + get concatenated with a random suffix of length 5. + Length of the template string must not exceed 256 characters. + The template allows the following variables `.cluster.name`, + `.machineSet.name` and `.random`. + The variable `.cluster.name` retrieves the name of the cluster object + that owns the Machines being created. + The variable `.machineSet.name` retrieves the name of the MachineSet + object that owns the Machines being created. + The variable `.random` is substituted with random alphanumeric string, + without vowels, of length 5. This variable is required part of the + template. If not provided, validation will fail. + maxLength: 256 + minLength: 1 + type: string + type: object + paused: + description: paused indicates that the deployment is paused. + type: boolean + remediation: + description: remediation controls how unhealthy Machines are remediated. + minProperties: 1 + properties: + maxInFlight: + anyOf: + - type: integer + - type: string + description: |- + maxInFlight determines how many in flight remediations should happen at the same time. + + Remediation only happens on the MachineSet with the most current revision, while + older MachineSets (usually present during rollout operations) aren't allowed to remediate. + + Note: In general (independent of remediations), unhealthy machines are always + prioritized during scale down operations over healthy ones. + + MaxInFlight can be set to a fixed number or a percentage. + Example: when this is set to 20%, the MachineSet controller deletes at most 20% of + the desired replicas. + + If not set, remediation is limited to all machines (bounded by replicas) + under the active MachineSet's management. + x-kubernetes-int-or-string: true + type: object + replicas: + description: |- + replicas is the number of desired machines. + This is a pointer to distinguish between explicit zero and not specified. + + Defaults to: + * if the Kubernetes autoscaler min size and max size annotations are set: + - if it's a new MachineDeployment, use min size + - if the replicas field of the old MachineDeployment is < min size, use min size + - if the replicas field of the old MachineDeployment is > max size, use max size + - if the replicas field of the old MachineDeployment is in the (min size, max size) range, keep the value from the oldMD + * otherwise use 1 + Note: Defaulting will be run whenever the replicas field is not set: + * A new MachineDeployment is created with replicas not set. + * On an existing MachineDeployment the replicas field was first set and is now unset. + Those cases are especially relevant for the following Kubernetes autoscaler use cases: + * A new MachineDeployment is created and replicas should be managed by the autoscaler + * An existing MachineDeployment which initially wasn't controlled by the autoscaler + should be later controlled by the autoscaler + format: int32 + type: integer + rollout: + description: |- + rollout allows you to configure the behaviour of rolling updates to the MachineDeployment Machines. + It allows you to require that all Machines are replaced after a certain time, + and allows you to define the strategy used during rolling replacements. + minProperties: 1 + properties: + after: + description: |- + after is a field to indicate a rollout should be performed + after the specified time even if no changes have been made to the + MachineDeployment. + Example: In the YAML the time can be specified in the RFC3339 format. + To specify the rolloutAfter target as March 9, 2023, at 9 am UTC + use "2023-03-09T09:00:00Z". + format: date-time + type: string + strategy: + description: strategy specifies how to roll out control plane + Machines. + minProperties: 1 + properties: + rollingUpdate: + description: |- + rollingUpdate is the rolling update config params. Present only if + type = RollingUpdate. + minProperties: 1 + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + maxSurge is the maximum number of machines that can be scheduled above the + desired number of machines. + Value can be an absolute number (ex: 5) or a percentage of + desired machines (ex: 10%). + This can not be 0 if MaxUnavailable is 0. + Absolute number is calculated from percentage by rounding up. + Defaults to 1. + Example: when this is set to 30%, the new MachineSet can be scaled + up immediately when the rolling update starts, such that the total + number of old and new machines do not exceed 130% of desired + machines. Once old machines have been killed, new MachineSet can + be scaled up further, ensuring that total number of machines running + at any time during the update is at most 130% of desired machines. + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + maxUnavailable is the maximum number of machines that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of desired + machines (ex: 10%). + Absolute number is calculated from percentage by rounding down. + This can not be 0 if MaxSurge is 0. + Defaults to 0. + Example: when this is set to 30%, the old MachineSet can be scaled + down to 70% of desired machines immediately when the rolling update + starts. Once new machines are ready, old MachineSet can be scaled + down further, followed by scaling up the new MachineSet, ensuring + that the total number of machines available at all times + during the update is at least 70% of desired machines. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + type of rollout. Allowed values are RollingUpdate and OnDelete. + Default is RollingUpdate. + enum: + - RollingUpdate + - OnDelete + type: string + required: + - type + type: object + type: object + selector: + description: |- + selector is the label selector for machines. Existing MachineSets whose machines are + selected by this will be the ones affected by this deployment. + It must match the machine template's labels. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + template: + description: template describes the machines that will be created. + properties: + metadata: + description: |- + metadata is the standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + minProperties: 1 + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + spec is the specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + bootstrap: + description: |- + bootstrap is a reference to a local struct which encapsulates + fields to configure the Machine’s bootstrapping mechanism. + properties: + configRef: + description: |- + configRef is a reference to a bootstrap provider-specific resource + that holds configuration details. The reference is optional to + allow users/operators to specify Bootstrap.DataSecretName without + the need of a controller. + properties: + apiGroup: + description: |- + apiGroup is the group of the resource being referenced. + apiGroup must be fully qualified domain name. + The corresponding version for this reference will be looked up from the contract + labels of the corresponding CRD of the resource being referenced. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: |- + kind of the resource being referenced. + kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: |- + name of the resource being referenced. + name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - apiGroup + - kind + - name + type: object + dataSecretName: + description: |- + dataSecretName is the name of the secret that stores the bootstrap data script. + If nil, the Machine should remain in the Pending state. + maxLength: 253 + minLength: 0 + type: string + type: object + clusterName: + description: clusterName is the name of the Cluster this object + belongs to. + maxLength: 63 + minLength: 1 + type: string + deletion: + description: deletion contains configuration options for Machine + deletion. + minProperties: 1 + properties: + nodeDeletionTimeoutSeconds: + description: |- + nodeDeletionTimeoutSeconds defines how long the controller will attempt to delete the Node that the Machine + hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. + Defaults to 10 seconds. + format: int32 + minimum: 0 + type: integer + nodeDrainTimeoutSeconds: + description: |- + nodeDrainTimeoutSeconds is the total amount of time that the controller will spend on draining a node. + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: nodeDrainTimeoutSeconds is different from `kubectl drain --timeout` + format: int32 + minimum: 0 + type: integer + nodeVolumeDetachTimeoutSeconds: + description: |- + nodeVolumeDetachTimeoutSeconds is the total amount of time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + format: int32 + minimum: 0 + type: integer + type: object + failureDomain: + description: |- + failureDomain is the failure domain the machine will be created in. + Must match the name of a FailureDomain from the Cluster status. + maxLength: 256 + minLength: 1 + type: string + infrastructureRef: + description: |- + infrastructureRef is a required reference to a custom resource + offered by an infrastructure provider. + properties: + apiGroup: + description: |- + apiGroup is the group of the resource being referenced. + apiGroup must be fully qualified domain name. + The corresponding version for this reference will be looked up from the contract + labels of the corresponding CRD of the resource being referenced. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: |- + kind of the resource being referenced. + kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: |- + name of the resource being referenced. + name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - apiGroup + - kind + - name + type: object + minReadySeconds: + description: |- + minReadySeconds is the minimum number of seconds for which a Machine should be ready before considering it available. + Defaults to 0 (Machine will be considered available as soon as the Machine is ready) + format: int32 + minimum: 0 + type: integer + providerID: + description: |- + providerID is the identification ID of the machine provided by the provider. + This field must match the provider ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler + with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out + machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a + generic out-of-tree provider for autoscaler, this field is required by autoscaler to be + able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver + and then a comparison is done to find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by higher level entities like autoscaler that will + be interfacing with cluster-api as generic provider. + maxLength: 512 + minLength: 1 + type: string + readinessGates: + description: |- + readinessGates specifies additional conditions to include when evaluating Machine Ready condition. + + This field can be used e.g. by Cluster API control plane providers to extend the semantic of the + Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates + for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc. + + Another example are external controllers, e.g. responsible to install special software/hardware on the Machines; + they can include the status of those components with a new condition and add this condition to ReadinessGates. + + NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those + readiness gates condition are reporting the same message, when computing the Machine's Ready condition those + readinessGates will be replaced by a single entry reporting "Control plane components: " + message. + This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster). + items: + description: MachineReadinessGate contains the type of a + Machine condition to be used as a readiness gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Machine's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this readinessGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map + version: + description: |- + version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + maxLength: 256 + minLength: 1 + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + required: + - spec + type: object + required: + - clusterName + - selector + - template + type: object + status: + description: status is the observed state of MachineDeployment. + minProperties: 1 + properties: + availableReplicas: + description: availableReplicas is the number of available replicas + for this MachineDeployment. A machine is considered available when + Machine's Available condition is true. + format: int32 + type: integer + conditions: + description: |- + conditions represents the observations of a MachineDeployment's current state. + Known condition types are Available, MachinesReady, MachinesUpToDate, ScalingUp, ScalingDown, Remediating, Deleting, Paused. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + deprecated: + description: deprecated groups all the status fields that are deprecated + and will be removed when all the nested field are removed. + properties: + v1beta1: + description: v1beta1 groups all the status fields that are deprecated + and will be removed when support for v1beta1 will be dropped. + properties: + availableReplicas: + description: |- + availableReplicas is the total number of available machines (ready for at least minReadySeconds) + targeted by this deployment. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + format: int32 + type: integer + conditions: + description: |- + conditions defines current service state of the MachineDeployment. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + items: + description: Condition defines an observation of a Cluster + API resource operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, + Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + readyReplicas: + description: |- + readyReplicas is the total number of ready machines targeted by this deployment. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + format: int32 + type: integer + unavailableReplicas: + description: |- + unavailableReplicas is the total number of unavailable machines targeted by this deployment. + This is the total number of machines that are still required for + the deployment to have 100% available capacity. They may either + be machines that are running but not yet available or machines + that still have not been created. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + format: int32 + type: integer + updatedReplicas: + description: |- + updatedReplicas is the total number of non-terminated machines targeted by this deployment + that have the desired template spec. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + format: int32 + type: integer + type: object + type: object + observedGeneration: + description: observedGeneration is the generation observed by the + deployment controller. + format: int64 + minimum: 1 + type: integer + phase: + description: phase represents the current phase of a MachineDeployment + (ScalingUp, ScalingDown, Running, Failed, or Unknown). + enum: + - ScalingUp + - ScalingDown + - Running + - Failed + - Unknown + type: string + readyReplicas: + description: readyReplicas is the number of ready replicas for this + MachineDeployment. A machine is considered ready when Machine's + Ready condition is true. + format: int32 + type: integer + replicas: + description: |- + replicas is the total number of non-terminated machines targeted by this deployment + (their labels match the selector). + format: int32 + type: integer + selector: + description: |- + selector is the same as the label selector but in the string format to avoid introspection + by clients. The string will be in the same format as the query-param syntax. + More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors + maxLength: 4096 + minLength: 1 + type: string + upToDateReplicas: + description: upToDateReplicas is the number of up-to-date replicas + targeted by this deployment. A machine is considered up-to-date + when Machine's UpToDate condition is true. + format: int32 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.18.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: machinedrainrules.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: MachineDrainRule + listKind: MachineDrainRuleList + plural: machinedrainrules + singular: machinedrainrule + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Drain behavior + jsonPath: .spec.drain.behavior + name: Behavior + type: string + - description: Drain order + jsonPath: .spec.drain.order + name: Order + type: string + - description: Time duration since creation of the MachineDrainRule + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1beta1 + schema: + openAPIV3Schema: + description: MachineDrainRule is the Schema for the MachineDrainRule API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec defines the spec of a MachineDrainRule. + properties: + drain: + description: drain configures if and how Pods are drained. + properties: + behavior: + description: |- + behavior defines the drain behavior. + Can be either "Drain", "Skip", or "WaitCompleted". + "Drain" means that the Pods to which this MachineDrainRule applies will be drained. + If behavior is set to "Drain" the order in which Pods are drained can be configured + with the order field. When draining Pods of a Node the Pods will be grouped by order + and one group after another will be drained (by increasing order). Cluster API will + wait until all Pods of a group are terminated / removed from the Node before starting + with the next group. + "Skip" means that the Pods to which this MachineDrainRule applies will be skipped during drain. + "WaitCompleted" means that the pods to which this MachineDrainRule applies will never be evicted + and we wait for them to be completed, it is enforced that pods marked with this behavior always have Order=0. + enum: + - Drain + - Skip + - WaitCompleted + type: string + order: + description: |- + order defines the order in which Pods are drained. + Pods with higher order are drained after Pods with lower order. + order can only be set if behavior is set to "Drain". + If order is not set, 0 will be used. + Valid values for order are from -2147483648 to 2147483647 (inclusive). + format: int32 + type: integer + required: + - behavior + type: object + machines: + description: |- + machines defines to which Machines this MachineDrainRule should be applied. + + If machines is not set, the MachineDrainRule applies to all Machines in the Namespace. + If machines contains multiple selectors, the results are ORed. + Within a single Machine selector the results of selector and clusterSelector are ANDed. + Machines will be selected from all Clusters in the Namespace unless otherwise + restricted with the clusterSelector. + + Example: Selects control plane Machines in all Clusters or + Machines with label "os" == "linux" in Clusters with label + "stage" == "production". + + - selector: + matchExpressions: + - key: cluster.x-k8s.io/control-plane + operator: Exists + - selector: + matchLabels: + os: linux + clusterSelector: + matchExpressions: + - key: stage + operator: In + values: + - production + items: + description: MachineDrainRuleMachineSelector defines to which Machines + this MachineDrainRule should be applied. + minProperties: 1 + properties: + clusterSelector: + description: |- + clusterSelector is a label selector which selects Machines by the labels of + their Clusters. + This field follows standard label selector semantics; if not present or + empty, it selects Machines of all Clusters. + + If selector is also set, then the selector as a whole selects + Machines matching selector belonging to Clusters selected by clusterSelector. + If selector is not set, it selects all Machines belonging to Clusters + selected by clusterSelector. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + selector: + description: |- + selector is a label selector which selects Machines by their labels. + This field follows standard label selector semantics; if not present or + empty, it selects all Machines. + + If clusterSelector is also set, then the selector as a whole selects + Machines matching selector belonging to Clusters selected by clusterSelector. + If clusterSelector is not set, it selects all Machines matching selector in + all Clusters. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: entries in machines must be unique + rule: self.all(x, self.exists_one(y, x == y)) + pods: + description: |- + pods defines to which Pods this MachineDrainRule should be applied. + + If pods is not set, the MachineDrainRule applies to all Pods in all Namespaces. + If pods contains multiple selectors, the results are ORed. + Within a single Pod selector the results of selector and namespaceSelector are ANDed. + Pods will be selected from all Namespaces unless otherwise + restricted with the namespaceSelector. + + Example: Selects Pods with label "app" == "logging" in all Namespaces or + Pods with label "app" == "prometheus" in the "monitoring" + Namespace. + + - selector: + matchExpressions: + - key: app + operator: In + values: + - logging + - selector: + matchLabels: + app: prometheus + namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: monitoring + items: + description: MachineDrainRulePodSelector defines to which Pods this + MachineDrainRule should be applied. + minProperties: 1 + properties: + namespaceSelector: + description: |- + namespaceSelector is a label selector which selects Pods by the labels of + their Namespaces. + This field follows standard label selector semantics; if not present or + empty, it selects Pods of all Namespaces. + + If selector is also set, then the selector as a whole selects + Pods matching selector in Namespaces selected by namespaceSelector. + If selector is not set, it selects all Pods in Namespaces selected by + namespaceSelector. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + selector: + description: |- + selector is a label selector which selects Pods by their labels. + This field follows standard label selector semantics; if not present or + empty, it selects all Pods. + + If namespaceSelector is also set, then the selector as a whole selects + Pods matching selector in Namespaces selected by namespaceSelector. + If namespaceSelector is not set, it selects all Pods matching selector in + all Namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: entries in pods must be unique + rule: self.all(x, self.exists_one(y, x == y)) + required: + - drain + type: object + required: + - metadata + - spec + type: object + served: true + storage: false + subresources: {} + - additionalPrinterColumns: + - description: Drain behavior + jsonPath: .spec.drain.behavior + name: Behavior + type: string + - description: Drain order + jsonPath: .spec.drain.order + name: Order + type: string + - description: Time duration since creation of the MachineDrainRule + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: MachineDrainRule is the Schema for the MachineDrainRule API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec defines the spec of a MachineDrainRule. + properties: + drain: + description: drain configures if and how Pods are drained. + properties: + behavior: + description: |- + behavior defines the drain behavior. + Can be either "Drain", "Skip", or "WaitCompleted". + "Drain" means that the Pods to which this MachineDrainRule applies will be drained. + If behavior is set to "Drain" the order in which Pods are drained can be configured + with the order field. When draining Pods of a Node the Pods will be grouped by order + and one group after another will be drained (by increasing order). Cluster API will + wait until all Pods of a group are terminated / removed from the Node before starting + with the next group. + "Skip" means that the Pods to which this MachineDrainRule applies will be skipped during drain. + "WaitCompleted" means that the pods to which this MachineDrainRule applies will never be evicted + and we wait for them to be completed, it is enforced that pods marked with this behavior always have Order=0. + enum: + - Drain + - Skip + - WaitCompleted + type: string + order: + description: |- + order defines the order in which Pods are drained. + Pods with higher order are drained after Pods with lower order. + order can only be set if behavior is set to "Drain". + If order is not set, 0 will be used. + Valid values for order are from -2147483648 to 2147483647 (inclusive). + format: int32 + type: integer + required: + - behavior + type: object + machines: + description: |- + machines defines to which Machines this MachineDrainRule should be applied. + + If machines is not set, the MachineDrainRule applies to all Machines in the Namespace. + If machines contains multiple selectors, the results are ORed. + Within a single Machine selector the results of selector and clusterSelector are ANDed. + Machines will be selected from all Clusters in the Namespace unless otherwise + restricted with the clusterSelector. + + Example: Selects control plane Machines in all Clusters or + Machines with label "os" == "linux" in Clusters with label + "stage" == "production". + + - selector: + matchExpressions: + - key: cluster.x-k8s.io/control-plane + operator: Exists + - selector: + matchLabels: + os: linux + clusterSelector: + matchExpressions: + - key: stage + operator: In + values: + - production + items: + description: MachineDrainRuleMachineSelector defines to which Machines + this MachineDrainRule should be applied. + minProperties: 1 + properties: + clusterSelector: + description: |- + clusterSelector is a label selector which selects Machines by the labels of + their Clusters. + This field follows standard label selector semantics; if not present or + empty, it selects Machines of all Clusters. + + If selector is also set, then the selector as a whole selects + Machines matching selector belonging to Clusters selected by clusterSelector. + If selector is not set, it selects all Machines belonging to Clusters + selected by clusterSelector. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + selector: + description: |- + selector is a label selector which selects Machines by their labels. + This field follows standard label selector semantics; if not present or + empty, it selects all Machines. + + If clusterSelector is also set, then the selector as a whole selects + Machines matching selector belonging to Clusters selected by clusterSelector. + If clusterSelector is not set, it selects all Machines matching selector in + all Clusters. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: entries in machines must be unique + rule: self.all(x, self.exists_one(y, x == y)) + pods: + description: |- + pods defines to which Pods this MachineDrainRule should be applied. + + If pods is not set, the MachineDrainRule applies to all Pods in all Namespaces. + If pods contains multiple selectors, the results are ORed. + Within a single Pod selector the results of selector and namespaceSelector are ANDed. + Pods will be selected from all Namespaces unless otherwise + restricted with the namespaceSelector. + + Example: Selects Pods with label "app" == "logging" in all Namespaces or + Pods with label "app" == "prometheus" in the "monitoring" + Namespace. + + - selector: + matchExpressions: + - key: app + operator: In + values: + - logging + - selector: + matchLabels: + app: prometheus + namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: monitoring + items: + description: MachineDrainRulePodSelector defines to which Pods this + MachineDrainRule should be applied. + minProperties: 1 + properties: + namespaceSelector: + description: |- + namespaceSelector is a label selector which selects Pods by the labels of + their Namespaces. + This field follows standard label selector semantics; if not present or + empty, it selects Pods of all Namespaces. + + If selector is also set, then the selector as a whole selects + Pods matching selector in Namespaces selected by namespaceSelector. + If selector is not set, it selects all Pods in Namespaces selected by + namespaceSelector. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + selector: + description: |- + selector is a label selector which selects Pods by their labels. + This field follows standard label selector semantics; if not present or + empty, it selects all Pods. + + If namespaceSelector is also set, then the selector as a whole selects + Pods matching selector in Namespaces selected by namespaceSelector. + If namespaceSelector is not set, it selects all Pods matching selector in + all Namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: entries in pods must be unique + rule: self.all(x, self.exists_one(y, x == y)) + required: + - drain + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.18.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: machinehealthchecks.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: MachineHealthCheck + listKind: MachineHealthCheckList + plural: machinehealthchecks + shortNames: + - mhc + - mhcs + singular: machinehealthcheck + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Number of machines currently monitored + jsonPath: .status.expectedMachines + name: ExpectedMachines + type: integer + - description: Maximum number of unhealthy machines allowed + jsonPath: .spec.maxUnhealthy + name: MaxUnhealthy + type: string + - description: Current observed healthy machines + jsonPath: .status.currentHealthy + name: CurrentHealthy + type: integer + - description: Time duration since creation of MachineHealthCheck + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1beta1 + schema: + openAPIV3Schema: + description: MachineHealthCheck is the Schema for the machinehealthchecks + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of machine health check policy + properties: + clusterName: + description: clusterName is the name of the Cluster this object belongs + to. + maxLength: 63 + minLength: 1 + type: string + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: |- + maxUnhealthy specifies the maximum number of unhealthy machines allowed. + Any further remediation is only allowed if at most "maxUnhealthy" machines selected by + "selector" are not healthy. + + Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/10722 for more details. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: |- + nodeStartupTimeout allows to set the maximum time for MachineHealthCheck + to consider a Machine unhealthy if a corresponding Node isn't associated + through a `Spec.ProviderID` field. + + The duration set in this field is compared to the greatest of: + - Cluster's infrastructure ready condition timestamp (if and when available) + - Control Plane's initialized condition timestamp (if and when available) + - Machine's infrastructure ready condition timestamp (if and when available) + - Machine's metadata creation timestamp + + Defaults to 10 minutes. + If you wish to disable this feature, set the value explicitly to 0. + type: string + remediationTemplate: + description: |- + remediationTemplate is a reference to a remediation template + provided by an infrastructure provider. + + This field is completely optional, when filled, the MachineHealthCheck controller + creates a new object from the template referenced and hands off remediation of the machine to + a controller that lives outside of Cluster API. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + selector: + description: selector is a label selector to match machines whose + health will be exercised + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: |- + unhealthyConditions contains a list of the conditions that determine + whether a node is considered unhealthy. The conditions are combined in a + logical OR, i.e. if any of the conditions is met, the node is unhealthy. + items: + description: |- + UnhealthyCondition represents a Node condition type and value with a timeout + specified as a duration. When the named condition has been in the given + status for at least the timeout value, a node is considered unhealthy. + properties: + status: + description: status of the condition, one of True, False, Unknown. + minLength: 1 + type: string + timeout: + description: |- + timeout is the duration that a node must be in a given status for, + after which the node is considered unhealthy. + For example, with a value of "1h", the node must match the status + for at least 1 hour before being considered unhealthy. + type: string + type: + description: type of Node condition + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + maxItems: 100 + type: array + unhealthyRange: + description: |- + unhealthyRange specifies the range of unhealthy machines allowed. + Any further remediation is only allowed if the number of machines selected by "selector" as not healthy + is within the range of "unhealthyRange". Takes precedence over maxUnhealthy. + Eg. "[3-5]" - This means that remediation will be allowed only when: + (a) there are at least 3 unhealthy machines (and) + (b) there are at most 5 unhealthy machines + + Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/10722 for more details. + maxLength: 32 + minLength: 1 + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + required: + - clusterName + - selector + type: object + status: + description: status is the most recently observed status of MachineHealthCheck + resource + properties: + conditions: + description: conditions defines current service state of the MachineHealthCheck. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + currentHealthy: + description: currentHealthy is the total number of healthy machines + counted by this machine health check + format: int32 + minimum: 0 + type: integer + expectedMachines: + description: expectedMachines is the total number of machines counted + by this machine health check + format: int32 + minimum: 0 + type: integer + observedGeneration: + description: observedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + remediationsAllowed: + description: |- + remediationsAllowed is the number of further remediations allowed by this machine health check before + maxUnhealthy short circuiting will be applied + format: int32 + minimum: 0 + type: integer + targets: + description: targets shows the current list of machines the machine + health check is watching + items: + maxLength: 253 + minLength: 1 + type: string + maxItems: 10000 + type: array + v1beta2: + description: v1beta2 groups all the fields that will be added or modified + in MachineHealthCheck's status with the V1Beta2 version. + properties: + conditions: + description: |- + conditions represents the observations of a MachineHealthCheck's current state. + Known condition types are RemediationAllowed, Paused. + items: + description: Condition contains details for one aspect of the + current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Number of machines currently monitored + jsonPath: .status.expectedMachines + name: Replicas + type: integer + - description: Current observed healthy machines + jsonPath: .status.currentHealthy + name: Healthy + type: integer + - description: Reconciliation paused + jsonPath: .status.conditions[?(@.type=="Paused")].status + name: Paused + priority: 10 + type: string + - description: Time duration since creation of MachineHealthCheck + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: MachineHealthCheck is the Schema for the machinehealthchecks + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of machine health check policy + properties: + checks: + description: |- + checks are the checks that are used to evaluate if a Machine is healthy. + + Independent of this configuration the MachineHealthCheck controller will always + flag Machines with `cluster.x-k8s.io/remediate-machine` annotation and + Machines with deleted Nodes as unhealthy. + + Furthermore, if checks.nodeStartupTimeoutSeconds is not set it + is defaulted to 10 minutes and evaluated accordingly. + minProperties: 1 + properties: + nodeStartupTimeoutSeconds: + description: |- + nodeStartupTimeoutSeconds allows to set the maximum time for MachineHealthCheck + to consider a Machine unhealthy if a corresponding Node isn't associated + through a `Spec.ProviderID` field. + + The duration set in this field is compared to the greatest of: + - Cluster's infrastructure ready condition timestamp (if and when available) + - Control Plane's initialized condition timestamp (if and when available) + - Machine's infrastructure ready condition timestamp (if and when available) + - Machine's metadata creation timestamp + + Defaults to 10 minutes. + If you wish to disable this feature, set the value explicitly to 0. + format: int32 + minimum: 0 + type: integer + unhealthyNodeConditions: + description: |- + unhealthyNodeConditions contains a list of conditions that determine + whether a node is considered unhealthy. The conditions are combined in a + logical OR, i.e. if any of the conditions is met, the node is unhealthy. + items: + description: |- + UnhealthyNodeCondition represents a Node condition type and value with a timeout + specified as a duration. When the named condition has been in the given + status for at least the timeout value, a node is considered unhealthy. + properties: + status: + description: status of the condition, one of True, False, + Unknown. + minLength: 1 + type: string + timeoutSeconds: + description: |- + timeoutSeconds is the duration that a node must be in a given status for, + after which the node is considered unhealthy. + For example, with a value of "1h", the node must match the status + for at least 1 hour before being considered unhealthy. + format: int32 + minimum: 0 + type: integer + type: + description: type of Node condition + minLength: 1 + type: string + required: + - status + - timeoutSeconds + - type + type: object + maxItems: 100 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + clusterName: + description: clusterName is the name of the Cluster this object belongs + to. + maxLength: 63 + minLength: 1 + type: string + remediation: + description: |- + remediation configures if and how remediations are triggered if a Machine is unhealthy. + + If remediation or remediation.triggerIf is not set, + remediation will always be triggered for unhealthy Machines. + + If remediation or remediation.templateRef is not set, + the OwnerRemediated condition will be set on unhealthy Machines to trigger remediation via + the owner of the Machines, for example a MachineSet or a KubeadmControlPlane. + minProperties: 1 + properties: + templateRef: + description: |- + templateRef is a reference to a remediation template + provided by an infrastructure provider. + + This field is completely optional, when filled, the MachineHealthCheck controller + creates a new object from the template referenced and hands off remediation of the machine to + a controller that lives outside of Cluster API. + properties: + apiVersion: + description: |- + apiVersion of the remediation template. + apiVersion must be fully qualified domain name followed by / and a version. + NOTE: This field must be kept in sync with the APIVersion of the remediation template. + maxLength: 317 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[a-z]([-a-z0-9]*[a-z0-9])?$ + type: string + kind: + description: |- + kind of the remediation template. + kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: |- + name of the remediation template. + name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - apiVersion + - kind + - name + type: object + triggerIf: + description: |- + triggerIf configures if remediations are triggered. + If this field is not set, remediations are always triggered. + minProperties: 1 + properties: + unhealthyInRange: + description: |- + unhealthyInRange specifies that remediations are only triggered if the number of + unhealthy Machines is in the configured range. + Takes precedence over unhealthyLessThanOrEqualTo. + Eg. "[3-5]" - This means that remediation will be allowed only when: + (a) there are at least 3 unhealthy Machines (and) + (b) there are at most 5 unhealthy Machines + maxLength: 32 + minLength: 1 + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + unhealthyLessThanOrEqualTo: + anyOf: + - type: integer + - type: string + description: |- + unhealthyLessThanOrEqualTo specifies that remediations are only triggered if the number of + unhealthy Machines is less than or equal to the configured value. + unhealthyInRange takes precedence if set. + x-kubernetes-int-or-string: true + type: object + type: object + selector: + description: selector is a label selector to match machines whose + health will be exercised + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - clusterName + - selector + type: object + status: + description: status is the most recently observed status of MachineHealthCheck + resource + minProperties: 1 + properties: + conditions: + description: |- + conditions represents the observations of a MachineHealthCheck's current state. + Known condition types are RemediationAllowed, Paused. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentHealthy: + description: currentHealthy is the total number of healthy machines + counted by this machine health check + format: int32 + minimum: 0 + type: integer + deprecated: + description: deprecated groups all the status fields that are deprecated + and will be removed when all the nested field are removed. + properties: + v1beta1: + description: v1beta1 groups all the status fields that are deprecated + and will be removed when support for v1beta1 will be dropped. + properties: + conditions: + description: |- + conditions defines current service state of the MachineHealthCheck. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + items: + description: Condition defines an observation of a Cluster + API resource operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, + Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + type: object + type: object + expectedMachines: + description: expectedMachines is the total number of machines counted + by this machine health check + format: int32 + minimum: 0 + type: integer + observedGeneration: + description: observedGeneration is the latest generation observed + by the controller. + format: int64 + minimum: 1 + type: integer + remediationsAllowed: + description: |- + remediationsAllowed is the number of further remediations allowed by this machine health check before + maxUnhealthy short circuiting will be applied + format: int32 + minimum: 0 + type: integer + targets: + description: targets shows the current list of machines the machine + health check is watching + items: + maxLength: 253 + minLength: 1 + type: string + maxItems: 10000 + type: array + x-kubernetes-list-type: atomic + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.18.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: machinepools.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: MachinePool + listKind: MachinePoolList + plural: machinepools + shortNames: + - mp + singular: machinepool + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Total number of machines desired by this MachinePool + jsonPath: .spec.replicas + name: Desired + priority: 10 + type: integer + - description: MachinePool replicas count + jsonPath: .status.replicas + name: Replicas + type: string + - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed + etc + jsonPath: .status.phase + name: Phase + type: string + - description: Time duration since creation of MachinePool + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this MachinePool + jsonPath: .spec.template.spec.version + name: Version + type: string + deprecated: true + name: v1beta1 + schema: + openAPIV3Schema: + description: MachinePool is the Schema for the machinepools API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the desired state of MachinePool. + properties: + clusterName: + description: clusterName is the name of the Cluster this object belongs + to. + maxLength: 63 + minLength: 1 + type: string + failureDomains: + description: failureDomains is the list of failure domains this MachinePool + should be attached to. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + type: array + minReadySeconds: + description: |- + minReadySeconds is the minimum number of seconds for which a newly created machine instances should + be ready. + Defaults to 0 (machine instance will be considered available as soon as it + is ready) + format: int32 + type: integer + providerIDList: + description: |- + providerIDList are the identification IDs of machine instances provided by the provider. + This field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 10000 + type: array + replicas: + description: |- + replicas is the number of desired machines. Defaults to 1. + This is a pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + template: + description: template describes the machines that will be created. + properties: + metadata: + description: |- + metadata is the standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + spec is the specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + bootstrap: + description: |- + bootstrap is a reference to a local struct which encapsulates + fields to configure the Machine’s bootstrapping mechanism. + properties: + configRef: + description: |- + configRef is a reference to a bootstrap provider-specific resource + that holds configuration details. The reference is optional to + allow users/operators to specify Bootstrap.DataSecretName without + the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: |- + dataSecretName is the name of the secret that stores the bootstrap data script. + If nil, the Machine should remain in the Pending state. + maxLength: 253 + minLength: 0 + type: string + type: object + clusterName: + description: clusterName is the name of the Cluster this object + belongs to. + maxLength: 63 + minLength: 1 + type: string + failureDomain: + description: |- + failureDomain is the failure domain the machine will be created in. + Must match a key in the FailureDomains map stored on the cluster object. + maxLength: 256 + minLength: 1 + type: string + infrastructureRef: + description: |- + infrastructureRef is a required reference to a custom resource + offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + nodeDeletionTimeout: + description: |- + nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine + hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. + Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: |- + nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + type: string + nodeVolumeDetachTimeout: + description: |- + nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + type: string + providerID: + description: |- + providerID is the identification ID of the machine provided by the provider. + This field must match the provider ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler + with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out + machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a + generic out-of-tree provider for autoscaler, this field is required by autoscaler to be + able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver + and then a comparison is done to find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by higher level entities like autoscaler that will + be interfacing with cluster-api as generic provider. + maxLength: 512 + minLength: 1 + type: string + readinessGates: + description: |- + readinessGates specifies additional conditions to include when evaluating Machine Ready condition. + + This field can be used e.g. by Cluster API control plane providers to extend the semantic of the + Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates + for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc. + + Another example are external controllers, e.g. responsible to install special software/hardware on the Machines; + they can include the status of those components with a new condition and add this condition to ReadinessGates. + + NOTE: This field is considered only for computing v1beta2 conditions. + NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those + readiness gates condition are reporting the same message, when computing the Machine's Ready condition those + readinessGates will be replaced by a single entry reporting "Control plane components: " + message. + This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster). + items: + description: MachineReadinessGate contains the type of a + Machine condition to be used as a readiness gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Machine's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this readinessGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map + version: + description: |- + version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + maxLength: 256 + minLength: 1 + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - template + type: object + status: + description: status is the observed state of MachinePool. + properties: + availableReplicas: + description: availableReplicas is the number of available replicas + (ready for at least minReadySeconds) for this MachinePool. + format: int32 + type: integer + bootstrapReady: + description: bootstrapReady is the state of the bootstrap provider. + type: boolean + conditions: + description: conditions define the current service state of the MachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: |- + failureMessage indicates that there is a problem reconciling the state, + and will be set to a descriptive error message. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + maxLength: 10240 + minLength: 1 + type: string + failureReason: + description: |- + failureReason indicates that there is a problem reconciling the state, and + will be set to a token value suitable for programmatic interpretation. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + type: string + infrastructureReady: + description: infrastructureReady is the state of the infrastructure + provider. + type: boolean + nodeRefs: + description: nodeRefs will point to the corresponding Nodes if it + they exist. + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + maxItems: 10000 + type: array + observedGeneration: + description: observedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: phase represents the current phase of cluster actuation. + enum: + - Pending + - Provisioning + - Provisioned + - Running + - ScalingUp + - ScalingDown + - Scaling + - Deleting + - Failed + - Unknown + type: string + readyReplicas: + description: readyReplicas is the number of ready replicas for this + MachinePool. A machine is considered ready when the node has been + created and is "Ready". + format: int32 + type: integer + replicas: + description: replicas is the most recently observed number of replicas. + format: int32 + type: integer + unavailableReplicas: + description: |- + unavailableReplicas is the total number of unavailable machine instances targeted by this machine pool. + This is the total number of machine instances that are still required for + the machine pool to have 100% available capacity. They may either + be machine instances that are running but not yet available or machine instances + that still have not been created. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + format: int32 + type: integer + v1beta2: + description: v1beta2 groups all the fields that will be added or modified + in MachinePool's status with the V1Beta2 version. + properties: + availableReplicas: + description: availableReplicas is the number of available replicas + for this MachinePool. A machine is considered available when + Machine's Available condition is true. + format: int32 + type: integer + conditions: + description: |- + conditions represents the observations of a MachinePool's current state. + Known condition types are Available, BootstrapConfigReady, InfrastructureReady, MachinesReady, MachinesUpToDate, + ScalingUp, ScalingDown, Remediating, Deleting, Paused. + items: + description: Condition contains details for one aspect of the + current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + readyReplicas: + description: readyReplicas is the number of ready replicas for + this MachinePool. A machine is considered ready when Machine's + Ready condition is true. + format: int32 + type: integer + upToDateReplicas: + description: upToDateReplicas is the number of up-to-date replicas + targeted by this MachinePool. A machine is considered up-to-date + when Machine's UpToDate condition is true. + format: int32 + type: integer + type: object + type: object + type: object + served: true + storage: false + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: The desired number of machines + jsonPath: .spec.replicas + name: Desired + type: integer + - description: The number of machines + jsonPath: .status.replicas + name: Current + type: integer + - description: The number of machines with Ready condition true + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: The number of machines with Available condition true + jsonPath: .status.availableReplicas + name: Available + type: integer + - description: The number of machines with UpToDate condition true + jsonPath: .status.upToDateReplicas + name: Up-to-date + type: integer + - description: Reconciliation paused + jsonPath: .status.conditions[?(@.type=="Paused")].status + name: Paused + priority: 10 + type: string + - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed + etc + jsonPath: .status.phase + name: Phase + type: string + - description: Time duration since creation of MachinePool + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this MachinePool + jsonPath: .spec.template.spec.version + name: Version + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: |- + MachinePool is the Schema for the machinepools API. + NOTE: This CRD can only be used if the MachinePool feature gate is enabled. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the desired state of MachinePool. + properties: + clusterName: + description: clusterName is the name of the Cluster this object belongs + to. + maxLength: 63 + minLength: 1 + type: string + failureDomains: + description: failureDomains is the list of failure domains this MachinePool + should be attached to. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 100 + type: array + x-kubernetes-list-type: atomic + providerIDList: + description: |- + providerIDList are the identification IDs of machine instances provided by the provider. + This field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances. + items: + maxLength: 512 + minLength: 1 + type: string + maxItems: 10000 + type: array + x-kubernetes-list-type: atomic + replicas: + description: |- + replicas is the number of desired machines. Defaults to 1. + This is a pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + template: + description: template describes the machines that will be created. + properties: + metadata: + description: |- + metadata is the standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + minProperties: 1 + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + spec is the specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + bootstrap: + description: |- + bootstrap is a reference to a local struct which encapsulates + fields to configure the Machine’s bootstrapping mechanism. + properties: + configRef: + description: |- + configRef is a reference to a bootstrap provider-specific resource + that holds configuration details. The reference is optional to + allow users/operators to specify Bootstrap.DataSecretName without + the need of a controller. + properties: + apiGroup: + description: |- + apiGroup is the group of the resource being referenced. + apiGroup must be fully qualified domain name. + The corresponding version for this reference will be looked up from the contract + labels of the corresponding CRD of the resource being referenced. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: |- + kind of the resource being referenced. + kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: |- + name of the resource being referenced. + name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - apiGroup + - kind + - name + type: object + dataSecretName: + description: |- + dataSecretName is the name of the secret that stores the bootstrap data script. + If nil, the Machine should remain in the Pending state. + maxLength: 253 + minLength: 0 + type: string + type: object + clusterName: + description: clusterName is the name of the Cluster this object + belongs to. + maxLength: 63 + minLength: 1 + type: string + deletion: + description: deletion contains configuration options for Machine + deletion. + minProperties: 1 + properties: + nodeDeletionTimeoutSeconds: + description: |- + nodeDeletionTimeoutSeconds defines how long the controller will attempt to delete the Node that the Machine + hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. + Defaults to 10 seconds. + format: int32 + minimum: 0 + type: integer + nodeDrainTimeoutSeconds: + description: |- + nodeDrainTimeoutSeconds is the total amount of time that the controller will spend on draining a node. + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: nodeDrainTimeoutSeconds is different from `kubectl drain --timeout` + format: int32 + minimum: 0 + type: integer + nodeVolumeDetachTimeoutSeconds: + description: |- + nodeVolumeDetachTimeoutSeconds is the total amount of time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + format: int32 + minimum: 0 + type: integer + type: object + failureDomain: + description: |- + failureDomain is the failure domain the machine will be created in. + Must match the name of a FailureDomain from the Cluster status. + maxLength: 256 + minLength: 1 + type: string + infrastructureRef: + description: |- + infrastructureRef is a required reference to a custom resource + offered by an infrastructure provider. + properties: + apiGroup: + description: |- + apiGroup is the group of the resource being referenced. + apiGroup must be fully qualified domain name. + The corresponding version for this reference will be looked up from the contract + labels of the corresponding CRD of the resource being referenced. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: |- + kind of the resource being referenced. + kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: |- + name of the resource being referenced. + name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - apiGroup + - kind + - name + type: object + minReadySeconds: + description: |- + minReadySeconds is the minimum number of seconds for which a Machine should be ready before considering it available. + Defaults to 0 (Machine will be considered available as soon as the Machine is ready) + format: int32 + minimum: 0 + type: integer + providerID: + description: |- + providerID is the identification ID of the machine provided by the provider. + This field must match the provider ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler + with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out + machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a + generic out-of-tree provider for autoscaler, this field is required by autoscaler to be + able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver + and then a comparison is done to find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by higher level entities like autoscaler that will + be interfacing with cluster-api as generic provider. + maxLength: 512 + minLength: 1 + type: string + readinessGates: + description: |- + readinessGates specifies additional conditions to include when evaluating Machine Ready condition. + + This field can be used e.g. by Cluster API control plane providers to extend the semantic of the + Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates + for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc. + + Another example are external controllers, e.g. responsible to install special software/hardware on the Machines; + they can include the status of those components with a new condition and add this condition to ReadinessGates. + + NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those + readiness gates condition are reporting the same message, when computing the Machine's Ready condition those + readinessGates will be replaced by a single entry reporting "Control plane components: " + message. + This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster). + items: + description: MachineReadinessGate contains the type of a + Machine condition to be used as a readiness gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Machine's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this readinessGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map + version: + description: |- + version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + maxLength: 256 + minLength: 1 + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + required: + - spec + type: object + required: + - clusterName + - template + type: object + status: + description: status is the observed state of MachinePool. + minProperties: 1 + properties: + availableReplicas: + description: availableReplicas is the number of available replicas + for this MachinePool. A machine is considered available when Machine's + Available condition is true. + format: int32 + type: integer + conditions: + description: |- + conditions represents the observations of a MachinePool's current state. + Known condition types are Available, BootstrapConfigReady, InfrastructureReady, MachinesReady, MachinesUpToDate, + ScalingUp, ScalingDown, Remediating, Deleting, Paused. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + deprecated: + description: deprecated groups all the status fields that are deprecated + and will be removed when all the nested field are removed. + properties: + v1beta1: + description: v1beta1 groups all the status fields that are deprecated + and will be removed when support for v1beta1 will be dropped. + properties: + availableReplicas: + description: |- + availableReplicas is the number of available replicas (ready for at least minReadySeconds) for this MachinePool. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + format: int32 + type: integer + conditions: + description: |- + conditions define the current service state of the MachinePool. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + items: + description: Condition defines an observation of a Cluster + API resource operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, + Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: |- + failureMessage indicates that there is a problem reconciling the state, + and will be set to a descriptive error message. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + maxLength: 10240 + minLength: 1 + type: string + failureReason: + description: |- + failureReason indicates that there is a problem reconciling the state, and + will be set to a token value suitable for programmatic interpretation. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + type: string + readyReplicas: + description: |- + readyReplicas is the number of ready replicas for this MachinePool. A machine is considered ready when the node has been created and is "Ready". + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + format: int32 + type: integer + unavailableReplicas: + description: |- + unavailableReplicas is the total number of unavailable machine instances targeted by this machine pool. + This is the total number of machine instances that are still required for + the machine pool to have 100% available capacity. They may either + be machine instances that are running but not yet available or machine instances + that still have not been created. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + format: int32 + type: integer + type: object + type: object + initialization: + description: |- + initialization provides observations of the MachinePool initialization process. + NOTE: Fields in this struct are part of the Cluster API contract and are used to orchestrate initial MachinePool provisioning. + minProperties: 1 + properties: + bootstrapDataSecretCreated: + description: |- + bootstrapDataSecretCreated is true when the bootstrap provider reports that the MachinePool's boostrap secret is created. + NOTE: this field is part of the Cluster API contract, and it is used to orchestrate provisioning. + The value of this field is never updated after provisioning is completed. + type: boolean + infrastructureProvisioned: + description: |- + infrastructureProvisioned is true when the infrastructure provider reports that MachinePool's infrastructure is fully provisioned. + NOTE: this field is part of the Cluster API contract, and it is used to orchestrate provisioning. + The value of this field is never updated after provisioning is completed. + type: boolean + type: object + nodeRefs: + description: nodeRefs will point to the corresponding Nodes if it + they exist. + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + maxItems: 10000 + type: array + x-kubernetes-list-type: atomic + observedGeneration: + description: observedGeneration is the latest generation observed + by the controller. + format: int64 + minimum: 1 + type: integer + phase: + description: phase represents the current phase of cluster actuation. + enum: + - Pending + - Provisioning + - Provisioned + - Running + - ScalingUp + - ScalingDown + - Scaling + - Deleting + - Failed + - Unknown + type: string + readyReplicas: + description: readyReplicas is the number of ready replicas for this + MachinePool. A machine is considered ready when Machine's Ready + condition is true. + format: int32 + type: integer + replicas: + description: replicas is the most recently observed number of replicas. + format: int32 + type: integer + upToDateReplicas: + description: upToDateReplicas is the number of up-to-date replicas + targeted by this MachinePool. A machine is considered up-to-date + when Machine's UpToDate condition is true. + format: int32 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.18.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: machines.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Machine + listKind: MachineList + plural: machines + shortNames: + - ma + singular: machine + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Node name associated with this machine + jsonPath: .status.nodeRef.name + name: NodeName + type: string + - description: Provider ID + jsonPath: .spec.providerID + name: ProviderID + type: string + - description: Machine status such as Terminating/Pending/Running/Failed etc + jsonPath: .status.phase + name: Phase + type: string + - description: Time duration since creation of Machine + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this Machine + jsonPath: .spec.version + name: Version + type: string + deprecated: true + name: v1beta1 + schema: + openAPIV3Schema: + description: Machine is the Schema for the machines API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the desired state of Machine. + properties: + bootstrap: + description: |- + bootstrap is a reference to a local struct which encapsulates + fields to configure the Machine’s bootstrapping mechanism. + properties: + configRef: + description: |- + configRef is a reference to a bootstrap provider-specific resource + that holds configuration details. The reference is optional to + allow users/operators to specify Bootstrap.DataSecretName without + the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: |- + dataSecretName is the name of the secret that stores the bootstrap data script. + If nil, the Machine should remain in the Pending state. + maxLength: 253 + minLength: 0 + type: string + type: object + clusterName: + description: clusterName is the name of the Cluster this object belongs + to. + maxLength: 63 + minLength: 1 + type: string + failureDomain: + description: |- + failureDomain is the failure domain the machine will be created in. + Must match a key in the FailureDomains map stored on the cluster object. + maxLength: 256 + minLength: 1 + type: string + infrastructureRef: + description: |- + infrastructureRef is a required reference to a custom resource + offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + nodeDeletionTimeout: + description: |- + nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine + hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. + Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: |- + nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + type: string + nodeVolumeDetachTimeout: + description: |- + nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + type: string + providerID: + description: |- + providerID is the identification ID of the machine provided by the provider. + This field must match the provider ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler + with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out + machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a + generic out-of-tree provider for autoscaler, this field is required by autoscaler to be + able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver + and then a comparison is done to find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by higher level entities like autoscaler that will + be interfacing with cluster-api as generic provider. + maxLength: 512 + minLength: 1 + type: string + readinessGates: + description: |- + readinessGates specifies additional conditions to include when evaluating Machine Ready condition. + + This field can be used e.g. by Cluster API control plane providers to extend the semantic of the + Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates + for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc. + + Another example are external controllers, e.g. responsible to install special software/hardware on the Machines; + they can include the status of those components with a new condition and add this condition to ReadinessGates. + + NOTE: This field is considered only for computing v1beta2 conditions. + NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those + readiness gates condition are reporting the same message, when computing the Machine's Ready condition those + readinessGates will be replaced by a single entry reporting "Control plane components: " + message. + This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster). + items: + description: MachineReadinessGate contains the type of a Machine + condition to be used as a readiness gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Machine's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this readinessGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map + version: + description: |- + version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + maxLength: 256 + minLength: 1 + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + status: + description: status is the observed state of Machine. + properties: + addresses: + description: |- + addresses is a list of addresses assigned to the machine. + This field is copied from the infrastructure provider reference. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: address is the machine address. + maxLength: 256 + minLength: 1 + type: string + type: + description: type is the machine address type, one of Hostname, + ExternalIP, InternalIP, ExternalDNS or InternalDNS. + enum: + - Hostname + - ExternalIP + - InternalIP + - ExternalDNS + - InternalDNS + type: string + required: + - address + - type + type: object + type: array + bootstrapReady: + description: bootstrapReady is the state of the bootstrap provider. + type: boolean + certificatesExpiryDate: + description: |- + certificatesExpiryDate is the expiry date of the machine certificates. + This value is only set for control plane machines. + format: date-time + type: string + conditions: + description: conditions defines current service state of the Machine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + deletion: + description: |- + deletion contains information relating to removal of the Machine. + Only present when the Machine has a deletionTimestamp and drain or wait for volume detach started. + properties: + nodeDrainStartTime: + description: |- + nodeDrainStartTime is the time when the drain of the node started and is used to determine + if the NodeDrainTimeout is exceeded. + Only present when the Machine has a deletionTimestamp and draining the node had been started. + format: date-time + type: string + waitForNodeVolumeDetachStartTime: + description: |- + waitForNodeVolumeDetachStartTime is the time when waiting for volume detachment started + and is used to determine if the NodeVolumeDetachTimeout is exceeded. + Detaching volumes from nodes is usually done by CSI implementations and the current state + is observed from the node's `.Status.VolumesAttached` field. + Only present when the Machine has a deletionTimestamp and waiting for volume detachments had been started. + format: date-time + type: string + type: object + failureMessage: + description: |- + failureMessage will be set in the event that there is a terminal problem + reconciling the Machine and will contain a more verbose string suitable + for logging and human consumption. + + This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over + time (like service outages), but instead indicate that something is + fundamentally wrong with the Machine's spec or the configuration of + the controller, and that manual intervention is required. Examples + of terminal errors would be invalid combinations of settings in the + spec, values that are unsupported by the controller, or the + responsible controller itself being critically misconfigured. + + Any transient errors that occur during the reconciliation of Machines + can be added as events to the Machine object and/or logged in the + controller's output. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + maxLength: 10240 + minLength: 1 + type: string + failureReason: + description: |- + failureReason will be set in the event that there is a terminal problem + reconciling the Machine and will contain a succinct value suitable + for machine interpretation. + + This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over + time (like service outages), but instead indicate that something is + fundamentally wrong with the Machine's spec or the configuration of + the controller, and that manual intervention is required. Examples + of terminal errors would be invalid combinations of settings in the + spec, values that are unsupported by the controller, or the + responsible controller itself being critically misconfigured. + + Any transient errors that occur during the reconciliation of Machines + can be added as events to the Machine object and/or logged in the + controller's output. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + type: string + infrastructureReady: + description: infrastructureReady is the state of the infrastructure + provider. + type: boolean + lastUpdated: + description: lastUpdated identifies when the phase of the Machine + last transitioned. + format: date-time + type: string + nodeInfo: + description: |- + nodeInfo is a set of ids/uuids to uniquely identify the node. + More info: https://kubernetes.io/docs/concepts/nodes/node/#info + properties: + architecture: + description: The Architecture reported by the node + type: string + bootID: + description: Boot ID reported by the node. + type: string + containerRuntimeVersion: + description: ContainerRuntime Version reported by the node through + runtime remote API (e.g. containerd://1.4.2). + type: string + kernelVersion: + description: Kernel Version reported by the node from 'uname -r' + (e.g. 3.16.0-0.bpo.4-amd64). + type: string + kubeProxyVersion: + description: 'Deprecated: KubeProxy Version reported by the node.' + type: string + kubeletVersion: + description: Kubelet Version reported by the node. + type: string + machineID: + description: |- + MachineID reported by the node. For unique machine identification + in the cluster this field is preferred. Learn more from man(5) + machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html + type: string + operatingSystem: + description: The Operating System reported by the node + type: string + osImage: + description: OS Image reported by the node from /etc/os-release + (e.g. Debian GNU/Linux 7 (wheezy)). + type: string + swap: + description: Swap Info reported by the node. + properties: + capacity: + description: Total amount of swap memory in bytes. + format: int64 + type: integer + type: object + systemUUID: + description: |- + SystemUUID reported by the node. For unique machine identification + MachineID is preferred. This field is specific to Red Hat hosts + https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid + type: string + required: + - architecture + - bootID + - containerRuntimeVersion + - kernelVersion + - kubeProxyVersion + - kubeletVersion + - machineID + - operatingSystem + - osImage + - systemUUID + type: object + nodeRef: + description: nodeRef will point to the corresponding Node if it exists. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + observedGeneration: + description: observedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: phase represents the current phase of machine actuation. + enum: + - Pending + - Provisioning + - Provisioned + - Running + - Deleting + - Deleted + - Failed + - Unknown + type: string + v1beta2: + description: v1beta2 groups all the fields that will be added or modified + in Machine's status with the V1Beta2 version. + properties: + conditions: + description: |- + conditions represents the observations of a Machine's current state. + Known condition types are Available, Ready, UpToDate, BootstrapConfigReady, InfrastructureReady, NodeReady, + NodeHealthy, Deleting, Paused. + If a MachineHealthCheck is targeting this machine, also HealthCheckSucceeded, OwnerRemediated conditions are added. + Additionally control plane Machines controlled by KubeadmControlPlane will have following additional conditions: + APIServerPodHealthy, ControllerManagerPodHealthy, SchedulerPodHealthy, EtcdPodHealthy, EtcdMemberHealthy. + items: + description: Condition contains details for one aspect of the + current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Node name associated with this machine + jsonPath: .status.nodeRef.name + name: Node Name + type: string + - description: Provider ID + jsonPath: .spec.providerID + name: Provider ID + priority: 10 + type: string + - description: Machine pass all readiness checks + jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - description: Machine is Ready for at least MinReadySeconds + jsonPath: .status.conditions[?(@.type=="Available")].status + name: Available + type: string + - description: ' Machine spec matches the spec of the Machine''s owner resource, + e.g. MachineDeployment' + jsonPath: .status.conditions[?(@.type=="UpToDate")].status + name: Up-to-date + type: string + - description: Internal IP of the machine + jsonPath: .status.addresses[?(@.type=="InternalIP")].address + name: Internal-IP + priority: 10 + type: string + - description: External IP of the machine + jsonPath: .status.addresses[?(@.type=="ExternalIP")].address + name: External-IP + priority: 10 + type: string + - description: OS Image reported by the node + jsonPath: .status.nodeInfo.osImage + name: OS-Image + priority: 10 + type: string + - description: Reconciliation paused + jsonPath: .status.conditions[?(@.type=="Paused")].status + name: Paused + priority: 10 + type: string + - description: Machine status such as Terminating/Pending/Running/Failed etc + jsonPath: .status.phase + name: Phase + type: string + - description: Time duration since creation of Machine + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this Machine + jsonPath: .spec.version + name: Version + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: Machine is the Schema for the machines API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the desired state of Machine. + properties: + bootstrap: + description: |- + bootstrap is a reference to a local struct which encapsulates + fields to configure the Machine’s bootstrapping mechanism. + properties: + configRef: + description: |- + configRef is a reference to a bootstrap provider-specific resource + that holds configuration details. The reference is optional to + allow users/operators to specify Bootstrap.DataSecretName without + the need of a controller. + properties: + apiGroup: + description: |- + apiGroup is the group of the resource being referenced. + apiGroup must be fully qualified domain name. + The corresponding version for this reference will be looked up from the contract + labels of the corresponding CRD of the resource being referenced. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: |- + kind of the resource being referenced. + kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: |- + name of the resource being referenced. + name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - apiGroup + - kind + - name + type: object + dataSecretName: + description: |- + dataSecretName is the name of the secret that stores the bootstrap data script. + If nil, the Machine should remain in the Pending state. + maxLength: 253 + minLength: 0 + type: string + type: object + clusterName: + description: clusterName is the name of the Cluster this object belongs + to. + maxLength: 63 + minLength: 1 + type: string + deletion: + description: deletion contains configuration options for Machine deletion. + minProperties: 1 + properties: + nodeDeletionTimeoutSeconds: + description: |- + nodeDeletionTimeoutSeconds defines how long the controller will attempt to delete the Node that the Machine + hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. + Defaults to 10 seconds. + format: int32 + minimum: 0 + type: integer + nodeDrainTimeoutSeconds: + description: |- + nodeDrainTimeoutSeconds is the total amount of time that the controller will spend on draining a node. + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: nodeDrainTimeoutSeconds is different from `kubectl drain --timeout` + format: int32 + minimum: 0 + type: integer + nodeVolumeDetachTimeoutSeconds: + description: |- + nodeVolumeDetachTimeoutSeconds is the total amount of time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + format: int32 + minimum: 0 + type: integer + type: object + failureDomain: + description: |- + failureDomain is the failure domain the machine will be created in. + Must match the name of a FailureDomain from the Cluster status. + maxLength: 256 + minLength: 1 + type: string + infrastructureRef: + description: |- + infrastructureRef is a required reference to a custom resource + offered by an infrastructure provider. + properties: + apiGroup: + description: |- + apiGroup is the group of the resource being referenced. + apiGroup must be fully qualified domain name. + The corresponding version for this reference will be looked up from the contract + labels of the corresponding CRD of the resource being referenced. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: |- + kind of the resource being referenced. + kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: |- + name of the resource being referenced. + name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - apiGroup + - kind + - name + type: object + minReadySeconds: + description: |- + minReadySeconds is the minimum number of seconds for which a Machine should be ready before considering it available. + Defaults to 0 (Machine will be considered available as soon as the Machine is ready) + format: int32 + minimum: 0 + type: integer + providerID: + description: |- + providerID is the identification ID of the machine provided by the provider. + This field must match the provider ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler + with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out + machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a + generic out-of-tree provider for autoscaler, this field is required by autoscaler to be + able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver + and then a comparison is done to find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by higher level entities like autoscaler that will + be interfacing with cluster-api as generic provider. + maxLength: 512 + minLength: 1 + type: string + readinessGates: + description: |- + readinessGates specifies additional conditions to include when evaluating Machine Ready condition. + + This field can be used e.g. by Cluster API control plane providers to extend the semantic of the + Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates + for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc. + + Another example are external controllers, e.g. responsible to install special software/hardware on the Machines; + they can include the status of those components with a new condition and add this condition to ReadinessGates. + + NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those + readiness gates condition are reporting the same message, when computing the Machine's Ready condition those + readinessGates will be replaced by a single entry reporting "Control plane components: " + message. + This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster). + items: + description: MachineReadinessGate contains the type of a Machine + condition to be used as a readiness gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Machine's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this readinessGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map + version: + description: |- + version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + maxLength: 256 + minLength: 1 + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + status: + description: status is the observed state of Machine. + minProperties: 1 + properties: + addresses: + description: |- + addresses is a list of addresses assigned to the machine. + This field is copied from the infrastructure provider reference. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: address is the machine address. + maxLength: 256 + minLength: 1 + type: string + type: + description: type is the machine address type, one of Hostname, + ExternalIP, InternalIP, ExternalDNS or InternalDNS. + enum: + - Hostname + - ExternalIP + - InternalIP + - ExternalDNS + - InternalDNS + type: string + required: + - address + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-type: atomic + certificatesExpiryDate: + description: |- + certificatesExpiryDate is the expiry date of the machine certificates. + This value is only set for control plane machines. + format: date-time + type: string + conditions: + description: |- + conditions represents the observations of a Machine's current state. + Known condition types are Available, Ready, UpToDate, BootstrapConfigReady, InfrastructureReady, NodeReady, + NodeHealthy, Deleting, Paused. + If a MachineHealthCheck is targeting this machine, also HealthCheckSucceeded, OwnerRemediated conditions are added. + Additionally control plane Machines controlled by KubeadmControlPlane will have following additional conditions: + APIServerPodHealthy, ControllerManagerPodHealthy, SchedulerPodHealthy, EtcdPodHealthy, EtcdMemberHealthy. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + deletion: + description: |- + deletion contains information relating to removal of the Machine. + Only present when the Machine has a deletionTimestamp and drain or wait for volume detach started. + properties: + nodeDrainStartTime: + description: |- + nodeDrainStartTime is the time when the drain of the node started and is used to determine + if the nodeDrainTimeoutSeconds is exceeded. + Only present when the Machine has a deletionTimestamp and draining the node had been started. + format: date-time + type: string + waitForNodeVolumeDetachStartTime: + description: |- + waitForNodeVolumeDetachStartTime is the time when waiting for volume detachment started + and is used to determine if the nodeVolumeDetachTimeoutSeconds is exceeded. + Detaching volumes from nodes is usually done by CSI implementations and the current state + is observed from the node's `.Status.VolumesAttached` field. + Only present when the Machine has a deletionTimestamp and waiting for volume detachments had been started. + format: date-time + type: string + type: object + deprecated: + description: deprecated groups all the status fields that are deprecated + and will be removed when all the nested field are removed. + properties: + v1beta1: + description: |- + v1beta1 groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + properties: + conditions: + description: |- + conditions defines current service state of the Machine. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + items: + description: Condition defines an observation of a Cluster + API resource operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, + Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: |- + failureMessage will be set in the event that there is a terminal problem + reconciling the Machine and will contain a more verbose string suitable + for logging and human consumption. + + This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over + time (like service outages), but instead indicate that something is + fundamentally wrong with the Machine's spec or the configuration of + the controller, and that manual intervention is required. Examples + of terminal errors would be invalid combinations of settings in the + spec, values that are unsupported by the controller, or the + responsible controller itself being critically misconfigured. + + Any transient errors that occur during the reconciliation of Machines + can be added as events to the Machine object and/or logged in the + controller's output. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + maxLength: 10240 + minLength: 1 + type: string + failureReason: + description: |- + failureReason will be set in the event that there is a terminal problem + reconciling the Machine and will contain a succinct value suitable + for machine interpretation. + + This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over + time (like service outages), but instead indicate that something is + fundamentally wrong with the Machine's spec or the configuration of + the controller, and that manual intervention is required. Examples + of terminal errors would be invalid combinations of settings in the + spec, values that are unsupported by the controller, or the + responsible controller itself being critically misconfigured. + + Any transient errors that occur during the reconciliation of Machines + can be added as events to the Machine object and/or logged in the + controller's output. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + type: string + type: object + type: object + initialization: + description: |- + initialization provides observations of the Machine initialization process. + NOTE: Fields in this struct are part of the Cluster API contract and are used to orchestrate initial Machine provisioning. + minProperties: 1 + properties: + bootstrapDataSecretCreated: + description: |- + bootstrapDataSecretCreated is true when the bootstrap provider reports that the Machine's boostrap secret is created. + NOTE: this field is part of the Cluster API contract, and it is used to orchestrate provisioning. + The value of this field is never updated after provisioning is completed. + type: boolean + infrastructureProvisioned: + description: |- + infrastructureProvisioned is true when the infrastructure provider reports that Machine's infrastructure is fully provisioned. + NOTE: this field is part of the Cluster API contract, and it is used to orchestrate provisioning. + The value of this field is never updated after provisioning is completed. + type: boolean + type: object + lastUpdated: + description: lastUpdated identifies when the phase of the Machine + last transitioned. + format: date-time + type: string + nodeInfo: + description: |- + nodeInfo is a set of ids/uuids to uniquely identify the node. + More info: https://kubernetes.io/docs/concepts/nodes/node/#info + properties: + architecture: + description: The Architecture reported by the node + type: string + bootID: + description: Boot ID reported by the node. + type: string + containerRuntimeVersion: + description: ContainerRuntime Version reported by the node through + runtime remote API (e.g. containerd://1.4.2). + type: string + kernelVersion: + description: Kernel Version reported by the node from 'uname -r' + (e.g. 3.16.0-0.bpo.4-amd64). + type: string + kubeProxyVersion: + description: 'Deprecated: KubeProxy Version reported by the node.' + type: string + kubeletVersion: + description: Kubelet Version reported by the node. + type: string + machineID: + description: |- + MachineID reported by the node. For unique machine identification + in the cluster this field is preferred. Learn more from man(5) + machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html + type: string + operatingSystem: + description: The Operating System reported by the node + type: string + osImage: + description: OS Image reported by the node from /etc/os-release + (e.g. Debian GNU/Linux 7 (wheezy)). + type: string + swap: + description: Swap Info reported by the node. + properties: + capacity: + description: Total amount of swap memory in bytes. + format: int64 + type: integer + type: object + systemUUID: + description: |- + SystemUUID reported by the node. For unique machine identification + MachineID is preferred. This field is specific to Red Hat hosts + https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid + type: string + required: + - architecture + - bootID + - containerRuntimeVersion + - kernelVersion + - kubeProxyVersion + - kubeletVersion + - machineID + - operatingSystem + - osImage + - systemUUID + type: object + nodeRef: + description: nodeRef will point to the corresponding Node if it exists. + properties: + name: + description: |- + name of the node. + name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - name + type: object + observedGeneration: + description: observedGeneration is the latest generation observed + by the controller. + format: int64 + minimum: 1 + type: integer + phase: + description: phase represents the current phase of machine actuation. + enum: + - Pending + - Provisioning + - Provisioned + - Running + - Deleting + - Deleted + - Failed + - Unknown + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.18.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: machinesets.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: MachineSet + listKind: MachineSetList + plural: machinesets + shortNames: + - ms + singular: machineset + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Total number of machines desired by this machineset + jsonPath: .spec.replicas + name: Desired + priority: 10 + type: integer + - description: Total number of non-terminated machines targeted by this machineset + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of ready machines targeted by this machineset. + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Total number of available machines (ready for at least minReadySeconds) + jsonPath: .status.availableReplicas + name: Available + type: integer + - description: Time duration since creation of MachineSet + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this MachineSet + jsonPath: .spec.template.spec.version + name: Version + type: string + deprecated: true + name: v1beta1 + schema: + openAPIV3Schema: + description: MachineSet is the Schema for the machinesets API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the desired state of MachineSet. + properties: + clusterName: + description: clusterName is the name of the Cluster this object belongs + to. + maxLength: 63 + minLength: 1 + type: string + deletePolicy: + description: |- + deletePolicy defines the policy used to identify nodes to delete when downscaling. + Defaults to "Random". Valid values are "Random, "Newest", "Oldest" + enum: + - Random + - Newest + - Oldest + type: string + machineNamingStrategy: + description: |- + machineNamingStrategy allows changing the naming pattern used when creating Machines. + Note: InfraMachines & BootstrapConfigs will use the same name as the corresponding Machines. + properties: + template: + description: |- + template defines the template to use for generating the names of the + Machine objects. + If not defined, it will fallback to `{{ .machineSet.name }}-{{ .random }}`. + If the generated name string exceeds 63 characters, it will be trimmed to + 58 characters and will + get concatenated with a random suffix of length 5. + Length of the template string must not exceed 256 characters. + The template allows the following variables `.cluster.name`, + `.machineSet.name` and `.random`. + The variable `.cluster.name` retrieves the name of the cluster object + that owns the Machines being created. + The variable `.machineSet.name` retrieves the name of the MachineSet + object that owns the Machines being created. + The variable `.random` is substituted with random alphanumeric string, + without vowels, of length 5. This variable is required part of the + template. If not provided, validation will fail. + maxLength: 256 + minLength: 1 + type: string + type: object + minReadySeconds: + description: |- + minReadySeconds is the minimum number of seconds for which a Node for a newly created machine should be ready before considering the replica available. + Defaults to 0 (machine will be considered available as soon as the Node is ready) + format: int32 + type: integer + replicas: + description: |- + replicas is the number of desired replicas. + This is a pointer to distinguish between explicit zero and unspecified. + + Defaults to: + * if the Kubernetes autoscaler min size and max size annotations are set: + - if it's a new MachineSet, use min size + - if the replicas field of the old MachineSet is < min size, use min size + - if the replicas field of the old MachineSet is > max size, use max size + - if the replicas field of the old MachineSet is in the (min size, max size) range, keep the value from the oldMS + * otherwise use 1 + Note: Defaulting will be run whenever the replicas field is not set: + * A new MachineSet is created with replicas not set. + * On an existing MachineSet the replicas field was first set and is now unset. + Those cases are especially relevant for the following Kubernetes autoscaler use cases: + * A new MachineSet is created and replicas should be managed by the autoscaler + * An existing MachineSet which initially wasn't controlled by the autoscaler + should be later controlled by the autoscaler + format: int32 + type: integer + selector: + description: |- + selector is a label query over machines that should match the replica count. + Label keys and values that must match in order to be controlled by this MachineSet. + It must match the machine template's labels. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + template: + description: |- + template is the object that describes the machine that will be created if + insufficient replicas are detected. + Object references to custom resources are treated as templates. + properties: + metadata: + description: |- + metadata is the standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + spec is the specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + bootstrap: + description: |- + bootstrap is a reference to a local struct which encapsulates + fields to configure the Machine’s bootstrapping mechanism. + properties: + configRef: + description: |- + configRef is a reference to a bootstrap provider-specific resource + that holds configuration details. The reference is optional to + allow users/operators to specify Bootstrap.DataSecretName without + the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: |- + dataSecretName is the name of the secret that stores the bootstrap data script. + If nil, the Machine should remain in the Pending state. + maxLength: 253 + minLength: 0 + type: string + type: object + clusterName: + description: clusterName is the name of the Cluster this object + belongs to. + maxLength: 63 + minLength: 1 + type: string + failureDomain: + description: |- + failureDomain is the failure domain the machine will be created in. + Must match a key in the FailureDomains map stored on the cluster object. + maxLength: 256 + minLength: 1 + type: string + infrastructureRef: + description: |- + infrastructureRef is a required reference to a custom resource + offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + nodeDeletionTimeout: + description: |- + nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine + hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. + Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: |- + nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + type: string + nodeVolumeDetachTimeout: + description: |- + nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + type: string + providerID: + description: |- + providerID is the identification ID of the machine provided by the provider. + This field must match the provider ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler + with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out + machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a + generic out-of-tree provider for autoscaler, this field is required by autoscaler to be + able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver + and then a comparison is done to find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by higher level entities like autoscaler that will + be interfacing with cluster-api as generic provider. + maxLength: 512 + minLength: 1 + type: string + readinessGates: + description: |- + readinessGates specifies additional conditions to include when evaluating Machine Ready condition. + + This field can be used e.g. by Cluster API control plane providers to extend the semantic of the + Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates + for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc. + + Another example are external controllers, e.g. responsible to install special software/hardware on the Machines; + they can include the status of those components with a new condition and add this condition to ReadinessGates. + + NOTE: This field is considered only for computing v1beta2 conditions. + NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those + readiness gates condition are reporting the same message, when computing the Machine's Ready condition those + readinessGates will be replaced by a single entry reporting "Control plane components: " + message. + This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster). + items: + description: MachineReadinessGate contains the type of a + Machine condition to be used as a readiness gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Machine's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this readinessGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map + version: + description: |- + version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + maxLength: 256 + minLength: 1 + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - selector + type: object + status: + description: status is the observed state of MachineSet. + properties: + availableReplicas: + description: availableReplicas is the number of available replicas + (ready for at least minReadySeconds) for this MachineSet. + format: int32 + type: integer + conditions: + description: conditions defines current service state of the MachineSet. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: |- + failureMessage will be set in the event that there is a terminal problem + reconciling the Machine and will contain a more verbose string suitable + for logging and human consumption. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + maxLength: 10240 + minLength: 1 + type: string + failureReason: + description: |- + failureReason will be set in the event that there is a terminal problem + reconciling the Machine and will contain a succinct value suitable + for machine interpretation. + + In the event that there is a terminal problem reconciling the + replicas, both FailureReason and FailureMessage will be set. FailureReason + will be populated with a succinct value suitable for machine + interpretation, while FailureMessage will contain a more verbose + string suitable for logging and human consumption. + + These fields should not be set for transitive errors that a + controller faces that are expected to be fixed automatically over + time (like service outages), but instead indicate that something is + fundamentally wrong with the MachineTemplate's spec or the configuration of + the machine controller, and that manual intervention is required. Examples + of terminal errors would be invalid combinations of settings in the + spec, values that are unsupported by the machine controller, or the + responsible machine controller itself being critically misconfigured. + + Any transient errors that occur during the reconciliation of Machines + can be added as events to the MachineSet object and/or logged in the + controller's output. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + type: string + fullyLabeledReplicas: + description: |- + fullyLabeledReplicas is the number of replicas that have labels matching the labels of the machine template of the MachineSet. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + format: int32 + type: integer + observedGeneration: + description: observedGeneration reflects the generation of the most + recently observed MachineSet. + format: int64 + type: integer + readyReplicas: + description: readyReplicas is the number of ready replicas for this + MachineSet. A machine is considered ready when the node has been + created and is "Ready". + format: int32 + type: integer + replicas: + description: replicas is the most recently observed number of replicas. + format: int32 + type: integer + selector: + description: |- + selector is the same as the label selector but in the string format to avoid introspection + by clients. The string will be in the same format as the query-param syntax. + More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors + maxLength: 4096 + minLength: 1 + type: string + v1beta2: + description: v1beta2 groups all the fields that will be added or modified + in MachineSet's status with the V1Beta2 version. + properties: + availableReplicas: + description: availableReplicas is the number of available replicas + for this MachineSet. A machine is considered available when + Machine's Available condition is true. + format: int32 + type: integer + conditions: + description: |- + conditions represents the observations of a MachineSet's current state. + Known condition types are MachinesReady, MachinesUpToDate, ScalingUp, ScalingDown, Remediating, Deleting, Paused. + items: + description: Condition contains details for one aspect of the + current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + readyReplicas: + description: readyReplicas is the number of ready replicas for + this MachineSet. A machine is considered ready when Machine's + Ready condition is true. + format: int32 + type: integer + upToDateReplicas: + description: upToDateReplicas is the number of up-to-date replicas + for this MachineSet. A machine is considered up-to-date when + Machine's UpToDate condition is true. + format: int32 + type: integer + type: object + type: object + type: object + served: true + storage: false + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: The desired number of machines + jsonPath: .spec.replicas + name: Desired + type: integer + - description: The number of machines + jsonPath: .status.replicas + name: Current + type: integer + - description: The number of machines with Ready condition true + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: The number of machines with Available condition true + jsonPath: .status.availableReplicas + name: Available + type: integer + - description: The number of machines with UpToDate condition true + jsonPath: .status.upToDateReplicas + name: Up-to-date + type: integer + - description: Reconciliation paused + jsonPath: .status.conditions[?(@.type=="Paused")].status + name: Paused + priority: 10 + type: string + - description: Time duration since creation of MachineSet + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this MachineSet + jsonPath: .spec.template.spec.version + name: Version + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: MachineSet is the Schema for the machinesets API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the desired state of MachineSet. + properties: + clusterName: + description: clusterName is the name of the Cluster this object belongs + to. + maxLength: 63 + minLength: 1 + type: string + deletion: + description: deletion contains configuration options for MachineSet + deletion. + minProperties: 1 + properties: + order: + description: |- + order defines the order in which Machines are deleted when downscaling. + Defaults to "Random". Valid values are "Random, "Newest", "Oldest" + enum: + - Random + - Newest + - Oldest + type: string + type: object + machineNaming: + description: |- + machineNaming allows changing the naming pattern used when creating Machines. + Note: InfraMachines & BootstrapConfigs will use the same name as the corresponding Machines. + minProperties: 1 + properties: + template: + description: |- + template defines the template to use for generating the names of the + Machine objects. + If not defined, it will fallback to `{{ .machineSet.name }}-{{ .random }}`. + If the generated name string exceeds 63 characters, it will be trimmed to + 58 characters and will + get concatenated with a random suffix of length 5. + Length of the template string must not exceed 256 characters. + The template allows the following variables `.cluster.name`, + `.machineSet.name` and `.random`. + The variable `.cluster.name` retrieves the name of the cluster object + that owns the Machines being created. + The variable `.machineSet.name` retrieves the name of the MachineSet + object that owns the Machines being created. + The variable `.random` is substituted with random alphanumeric string, + without vowels, of length 5. This variable is required part of the + template. If not provided, validation will fail. + maxLength: 256 + minLength: 1 + type: string + type: object + replicas: + description: |- + replicas is the number of desired replicas. + This is a pointer to distinguish between explicit zero and unspecified. + + Defaults to: + * if the Kubernetes autoscaler min size and max size annotations are set: + - if it's a new MachineSet, use min size + - if the replicas field of the old MachineSet is < min size, use min size + - if the replicas field of the old MachineSet is > max size, use max size + - if the replicas field of the old MachineSet is in the (min size, max size) range, keep the value from the oldMS + * otherwise use 1 + Note: Defaulting will be run whenever the replicas field is not set: + * A new MachineSet is created with replicas not set. + * On an existing MachineSet the replicas field was first set and is now unset. + Those cases are especially relevant for the following Kubernetes autoscaler use cases: + * A new MachineSet is created and replicas should be managed by the autoscaler + * An existing MachineSet which initially wasn't controlled by the autoscaler + should be later controlled by the autoscaler + format: int32 + type: integer + selector: + description: |- + selector is a label query over machines that should match the replica count. + Label keys and values that must match in order to be controlled by this MachineSet. + It must match the machine template's labels. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + template: + description: |- + template is the object that describes the machine that will be created if + insufficient replicas are detected. + Object references to custom resources are treated as templates. + properties: + metadata: + description: |- + metadata is the standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + minProperties: 1 + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + spec is the specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + bootstrap: + description: |- + bootstrap is a reference to a local struct which encapsulates + fields to configure the Machine’s bootstrapping mechanism. + properties: + configRef: + description: |- + configRef is a reference to a bootstrap provider-specific resource + that holds configuration details. The reference is optional to + allow users/operators to specify Bootstrap.DataSecretName without + the need of a controller. + properties: + apiGroup: + description: |- + apiGroup is the group of the resource being referenced. + apiGroup must be fully qualified domain name. + The corresponding version for this reference will be looked up from the contract + labels of the corresponding CRD of the resource being referenced. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: |- + kind of the resource being referenced. + kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: |- + name of the resource being referenced. + name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - apiGroup + - kind + - name + type: object + dataSecretName: + description: |- + dataSecretName is the name of the secret that stores the bootstrap data script. + If nil, the Machine should remain in the Pending state. + maxLength: 253 + minLength: 0 + type: string + type: object + clusterName: + description: clusterName is the name of the Cluster this object + belongs to. + maxLength: 63 + minLength: 1 + type: string + deletion: + description: deletion contains configuration options for Machine + deletion. + minProperties: 1 + properties: + nodeDeletionTimeoutSeconds: + description: |- + nodeDeletionTimeoutSeconds defines how long the controller will attempt to delete the Node that the Machine + hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. + Defaults to 10 seconds. + format: int32 + minimum: 0 + type: integer + nodeDrainTimeoutSeconds: + description: |- + nodeDrainTimeoutSeconds is the total amount of time that the controller will spend on draining a node. + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: nodeDrainTimeoutSeconds is different from `kubectl drain --timeout` + format: int32 + minimum: 0 + type: integer + nodeVolumeDetachTimeoutSeconds: + description: |- + nodeVolumeDetachTimeoutSeconds is the total amount of time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + format: int32 + minimum: 0 + type: integer + type: object + failureDomain: + description: |- + failureDomain is the failure domain the machine will be created in. + Must match the name of a FailureDomain from the Cluster status. + maxLength: 256 + minLength: 1 + type: string + infrastructureRef: + description: |- + infrastructureRef is a required reference to a custom resource + offered by an infrastructure provider. + properties: + apiGroup: + description: |- + apiGroup is the group of the resource being referenced. + apiGroup must be fully qualified domain name. + The corresponding version for this reference will be looked up from the contract + labels of the corresponding CRD of the resource being referenced. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: |- + kind of the resource being referenced. + kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: |- + name of the resource being referenced. + name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - apiGroup + - kind + - name + type: object + minReadySeconds: + description: |- + minReadySeconds is the minimum number of seconds for which a Machine should be ready before considering it available. + Defaults to 0 (Machine will be considered available as soon as the Machine is ready) + format: int32 + minimum: 0 + type: integer + providerID: + description: |- + providerID is the identification ID of the machine provided by the provider. + This field must match the provider ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler + with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out + machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a + generic out-of-tree provider for autoscaler, this field is required by autoscaler to be + able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver + and then a comparison is done to find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by higher level entities like autoscaler that will + be interfacing with cluster-api as generic provider. + maxLength: 512 + minLength: 1 + type: string + readinessGates: + description: |- + readinessGates specifies additional conditions to include when evaluating Machine Ready condition. + + This field can be used e.g. by Cluster API control plane providers to extend the semantic of the + Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates + for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc. + + Another example are external controllers, e.g. responsible to install special software/hardware on the Machines; + they can include the status of those components with a new condition and add this condition to ReadinessGates. + + NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those + readiness gates condition are reporting the same message, when computing the Machine's Ready condition those + readinessGates will be replaced by a single entry reporting "Control plane components: " + message. + This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster). + items: + description: MachineReadinessGate contains the type of a + Machine condition to be used as a readiness gate. + properties: + conditionType: + description: |- + conditionType refers to a condition with matching type in the Machine's condition list. + If the conditions doesn't exist, it will be treated as unknown. + Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. + maxLength: 316 + minLength: 1 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + polarity: + description: |- + polarity of the conditionType specified in this readinessGate. + Valid values are Positive, Negative and omitted. + When omitted, the default behaviour will be Positive. + A positive polarity means that the condition should report a true status under normal conditions. + A negative polarity means that the condition should report a false status under normal conditions. + enum: + - Positive + - Negative + type: string + required: + - conditionType + type: object + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - conditionType + x-kubernetes-list-type: map + version: + description: |- + version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + maxLength: 256 + minLength: 1 + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + required: + - spec + type: object + required: + - clusterName + - selector + - template + type: object + status: + description: status is the observed state of MachineSet. + minProperties: 1 + properties: + availableReplicas: + description: availableReplicas is the number of available replicas + for this MachineSet. A machine is considered available when Machine's + Available condition is true. + format: int32 + type: integer + conditions: + description: |- + conditions represents the observations of a MachineSet's current state. + Known condition types are MachinesReady, MachinesUpToDate, ScalingUp, ScalingDown, Remediating, Deleting, Paused. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + deprecated: + description: deprecated groups all the status fields that are deprecated + and will be removed when all the nested field are removed. + properties: + v1beta1: + description: v1beta1 groups all the status fields that are deprecated + and will be removed when support for v1beta1 will be dropped. + properties: + availableReplicas: + description: |- + availableReplicas is the number of available replicas (ready for at least minReadySeconds) for this MachineSet. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + format: int32 + type: integer + conditions: + description: |- + conditions defines current service state of the MachineSet. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + items: + description: Condition defines an observation of a Cluster + API resource operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, + Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: |- + failureMessage will be set in the event that there is a terminal problem + reconciling the Machine and will contain a more verbose string suitable + for logging and human consumption. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + maxLength: 10240 + minLength: 1 + type: string + failureReason: + description: |- + failureReason will be set in the event that there is a terminal problem + reconciling the Machine and will contain a succinct value suitable + for machine interpretation. + + In the event that there is a terminal problem reconciling the + replicas, both FailureReason and FailureMessage will be set. FailureReason + will be populated with a succinct value suitable for machine + interpretation, while FailureMessage will contain a more verbose + string suitable for logging and human consumption. + + These fields should not be set for transitive errors that a + controller faces that are expected to be fixed automatically over + time (like service outages), but instead indicate that something is + fundamentally wrong with the MachineTemplate's spec or the configuration of + the machine controller, and that manual intervention is required. Examples + of terminal errors would be invalid combinations of settings in the + spec, values that are unsupported by the machine controller, or the + responsible machine controller itself being critically misconfigured. + + Any transient errors that occur during the reconciliation of Machines + can be added as events to the MachineSet object and/or logged in the + controller's output. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + type: string + fullyLabeledReplicas: + description: |- + fullyLabeledReplicas is the number of replicas that have labels matching the labels of the machine template of the MachineSet. + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + format: int32 + type: integer + readyReplicas: + description: |- + readyReplicas is the number of ready replicas for this MachineSet. A machine is considered ready when the node has been created and is "Ready". + + Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. + format: int32 + type: integer + type: object + type: object + observedGeneration: + description: observedGeneration reflects the generation of the most + recently observed MachineSet. + format: int64 + minimum: 1 + type: integer + readyReplicas: + description: readyReplicas is the number of ready replicas for this + MachineSet. A machine is considered ready when Machine's Ready condition + is true. + format: int32 + type: integer + replicas: + description: replicas is the most recently observed number of replicas. + format: int32 + type: integer + selector: + description: |- + selector is the same as the label selector but in the string format to avoid introspection + by clients. The string will be in the same format as the query-param syntax. + More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors + maxLength: 4096 + minLength: 1 + type: string + upToDateReplicas: + description: upToDateReplicas is the number of up-to-date replicas + for this MachineSet. A machine is considered up-to-date when Machine's + UpToDate condition is true. + format: int32 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-manager + namespace: capi-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-leader-election-role + namespace: capi-system + rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + --- + aggregationRule: + clusterRoleSelectors: + - matchLabels: + cluster.x-k8s.io/aggregate-to-manager: "true" + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-aggregated-manager-role + rules: [] + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + cluster.x-k8s.io/aggregate-to-manager: "true" + cluster.x-k8s.io/provider: cluster-api + name: capi-manager-role + rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - addons.cluster.x-k8s.io + resources: + - clusterresourcesets/finalizers + - clusterresourcesets/status + verbs: + - get + - patch + - update + - apiGroups: + - addons.cluster.x-k8s.io + - bootstrap.cluster.x-k8s.io + - controlplane.cluster.x-k8s.io + - infrastructure.cluster.x-k8s.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resourceNames: + - clusterclasses.cluster.x-k8s.io + - clusterresourcesetbindings.addons.cluster.x-k8s.io + - clusterresourcesets.addons.cluster.x-k8s.io + - clusters.cluster.x-k8s.io + - extensionconfigs.runtime.cluster.x-k8s.io + - ipaddressclaims.ipam.cluster.x-k8s.io + - ipaddresses.ipam.cluster.x-k8s.io + - machinedeployments.cluster.x-k8s.io + - machinedrainrules.cluster.x-k8s.io + - machinehealthchecks.cluster.x-k8s.io + - machinepools.cluster.x-k8s.io + - machines.cluster.x-k8s.io + - machinesets.cluster.x-k8s.io + resources: + - customresourcedefinitions + - customresourcedefinitions/status + verbs: + - patch + - update + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - cluster.x-k8s.io + resources: + - clusterclasses + - clusterclasses/status + - clusters + - clusters/finalizers + - clusters/status + - machinedrainrules + - machinehealthchecks/finalizers + - machinehealthchecks/status + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - cluster.x-k8s.io + resources: + - machinedeployments + - machinedeployments/finalizers + - machinedeployments/status + - machinehealthchecks + - machinepools + - machinepools/finalizers + - machinepools/status + - machines + - machines/finalizers + - machines/status + - machinesets + - machinesets/finalizers + - machinesets/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ipam.cluster.x-k8s.io + resources: + - ipaddressclaims + - ipaddresses + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - ipam.cluster.x-k8s.io + resources: + - ipaddressclaims/status + verbs: + - patch + - update + - apiGroups: + - runtime.cluster.x-k8s.io + resources: + - extensionconfigs + - extensionconfigs/status + verbs: + - get + - list + - patch + - update + - watch + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-leader-election-rolebinding + namespace: capi-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capi-leader-election-role + subjects: + - kind: ServiceAccount + name: capi-manager + namespace: capi-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-manager-rolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capi-aggregated-manager-role + subjects: + - kind: ServiceAccount + name: capi-manager + namespace: capi-system + --- + apiVersion: v1 + kind: Service + metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-webhook-service + namespace: capi-system + spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: cluster-api + --- + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + control-plane: controller-manager + name: capi-controller-manager + namespace: capi-system + spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: cluster-api + control-plane: controller-manager + template: + metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + control-plane: controller-manager + spec: + containers: + - args: + - --leader-elect + - --diagnostics-address=${CAPI_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${CAPI_INSECURE_DIAGNOSTICS:=false} + - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=true},ClusterResourceSet=${EXP_CLUSTER_RESOURCE_SET:=true},ClusterTopology=${CLUSTER_TOPOLOGY:=false},RuntimeSDK=${EXP_RUNTIME_SDK:=false},MachineSetPreflightChecks=${EXP_MACHINE_SET_PREFLIGHT_CHECKS:=true},MachineWaitForVolumeDetachConsiderVolumeAttachments=${EXP_MACHINE_WAITFORVOLUMEDETACH_CONSIDER_VOLUMEATTACHMENTS:=true},PriorityQueue=${EXP_PRIORITY_QUEUE:=false} + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + image: registry.k8s.io/cluster-api/cluster-api-controller:v1.11.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: capi-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + secretName: capi-webhook-service-cert + --- + apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-serving-cert + namespace: capi-system + spec: + dnsNames: + - capi-webhook-service.capi-system.svc + - capi-webhook-service.capi-system.svc.cluster.local + issuerRef: + kind: Issuer + name: capi-selfsigned-issuer + secretName: capi-webhook-service-cert + subject: + organizations: + - k8s-sig-cluster-lifecycle + --- + apiVersion: cert-manager.io/v1 + kind: Issuer + metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-selfsigned-issuer + namespace: capi-system + spec: + selfSigned: {} + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: MutatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-mutating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta2-cluster + failurePolicy: Fail + matchPolicy: Equivalent + name: default.cluster.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - clusters + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-addons-cluster-x-k8s-io-v1beta2-clusterresourceset + failurePolicy: Fail + matchPolicy: Equivalent + name: default.clusterresourceset.addons.cluster.x-k8s.io + rules: + - apiGroups: + - addons.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - clusterresourcesets + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta2-machine + failurePolicy: Fail + matchPolicy: Equivalent + name: default.machine.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - machines + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta2-machinedeployment + failurePolicy: Fail + matchPolicy: Equivalent + name: default.machinedeployment.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - machinedeployments + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta2-machinehealthcheck + failurePolicy: Fail + matchPolicy: Equivalent + name: default.machinehealthcheck.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - machinehealthchecks + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta2-machineset + failurePolicy: Fail + matchPolicy: Equivalent + name: default.machineset.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - machinesets + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-runtime-cluster-x-k8s-io-v1beta2-extensionconfig + failurePolicy: Fail + matchPolicy: Equivalent + name: default.extensionconfig.runtime.addons.cluster.x-k8s.io + rules: + - apiGroups: + - runtime.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - extensionconfigs + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta2-machinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: default.machinepool.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - machinepools + sideEffects: None + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-validating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta2-cluster + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.cluster.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - clusters + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta2-clusterclass + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.clusterclass.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - clusterclasses + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-addons-cluster-x-k8s-io-v1beta2-clusterresourceset + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.clusterresourceset.addons.cluster.x-k8s.io + rules: + - apiGroups: + - addons.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - clusterresourcesets + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-addons-cluster-x-k8s-io-v1beta2-clusterresourcesetbinding + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.clusterresourcesetbinding.addons.cluster.x-k8s.io + rules: + - apiGroups: + - addons.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - clusterresourcesetbindings + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta2-machine + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.machine.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - machines + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta2-machinedeployment + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.machinedeployment.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - machinedeployments + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta2-machinedrainrule + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.machinedrainrule.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - machinedrainrules + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta2-machinehealthcheck + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.machinehealthcheck.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - machinehealthchecks + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta2-machineset + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.machineset.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - machinesets + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-runtime-cluster-x-k8s-io-v1beta2-extensionconfig + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.extensionconfig.runtime.cluster.x-k8s.io + rules: + - apiGroups: + - runtime.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - extensionconfigs + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta2-machinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.machinepool.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - machinepools + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-ipam-cluster-x-k8s-io-v1beta2-ipaddress + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.ipaddress.ipam.cluster.x-k8s.io + rules: + - apiGroups: + - ipam.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - ipaddresses + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-ipam-cluster-x-k8s-io-v1beta2-ipaddressclaim + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.ipaddressclaim.ipam.cluster.x-k8s.io + rules: + - apiGroups: + - ipam.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - ipaddressclaims + sideEffects: None + metadata: | + apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 + kind: Metadata + releaseSeries: + - major: 1 + minor: 11 + contract: v1beta2 + - major: 1 + minor: 10 + contract: v1beta1 + - major: 1 + minor: 9 + contract: v1beta1 + - major: 1 + minor: 8 + contract: v1beta1 + - major: 1 + minor: 7 + contract: v1beta1 + - major: 1 + minor: 6 + contract: v1beta1 + - major: 1 + minor: 5 + contract: v1beta1 + - major: 1 + minor: 4 + contract: v1beta1 + - major: 1 + minor: 3 + contract: v1beta1 + - major: 1 + minor: 2 + contract: v1beta1 + - major: 1 + minor: 1 + contract: v1beta1 + - major: 1 + minor: 0 + contract: v1beta1 +kind: ConfigMap +metadata: + labels: + provider.cluster.x-k8s.io/name: cluster-api + provider.cluster.x-k8s.io/type: core + provider.cluster.x-k8s.io/version: v1.11.0 + name: core-cluster-api-v1.11.0 + namespace: capi-system diff --git a/test/e2e/resources/core-cluster-api-v1.7.7.yaml b/test/e2e/resources/core-cluster-api-v1.7.7.yaml deleted file mode 100644 index 74673f0da..000000000 --- a/test/e2e/resources/core-cluster-api-v1.7.7.yaml +++ /dev/null @@ -1,13362 +0,0 @@ -apiVersion: v1 -data: - components: | - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.14.0 - labels: - cluster.x-k8s.io/provider: cluster-api - name: clusterclasses.cluster.x-k8s.io - spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: cluster.x-k8s.io - names: - categories: - - cluster-api - kind: ClusterClass - listKind: ClusterClassList - plural: clusterclasses - shortNames: - - cc - singular: clusterclass - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Time duration since creation of ClusterClass - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - name: v1alpha4 - schema: - openAPIV3Schema: - description: |- - ClusterClass is a template which can be used to create managed topologies. - - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ClusterClassSpec describes the desired state of the ClusterClass. - properties: - controlPlane: - description: |- - ControlPlane is a reference to a local struct that holds the details - for provisioning the Control Plane for the Cluster. - properties: - machineInfrastructure: - description: |- - MachineTemplate defines the metadata and infrastructure information - for control plane machines. - - - This field is supported if and only if the control plane provider template - referenced above is Machine based and supports setting replicas. - properties: - ref: - description: |- - Ref is a required reference to a custom resource - offered by a provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - ref - type: object - metadata: - description: |- - Metadata is the metadata applied to the machines of the ControlPlane. - At runtime this metadata is merged with the corresponding metadata from the topology. - - - This field is supported if and only if the control plane provider template - referenced is Machine based. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - ref: - description: |- - Ref is a required reference to a custom resource - offered by a provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - ref - type: object - infrastructure: - description: |- - Infrastructure is a reference to a provider-specific template that holds - the details for provisioning infrastructure specific cluster - for the underlying provider. - The underlying provider is responsible for the implementation - of the template to an infrastructure cluster. - properties: - ref: - description: |- - Ref is a required reference to a custom resource - offered by a provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - ref - type: object - workers: - description: |- - Workers describes the worker nodes for the cluster. - It is a collection of node types which can be used to create - the worker nodes of the cluster. - properties: - machineDeployments: - description: |- - MachineDeployments is a list of machine deployment classes that can be used to create - a set of worker nodes. - items: - description: |- - MachineDeploymentClass serves as a template to define a set of worker nodes of the cluster - provisioned using the `ClusterClass`. - properties: - class: - description: |- - Class denotes a type of worker node present in the cluster, - this name MUST be unique within a ClusterClass and can be referenced - in the Cluster to create a managed MachineDeployment. - type: string - template: - description: |- - Template is a local struct containing a collection of templates for creation of - MachineDeployment objects representing a set of worker nodes. - properties: - bootstrap: - description: |- - Bootstrap contains the bootstrap template reference to be used - for the creation of worker Machines. - properties: - ref: - description: |- - Ref is a required reference to a custom resource - offered by a provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - ref - type: object - infrastructure: - description: |- - Infrastructure contains the infrastructure template reference to be used - for the creation of worker Machines. - properties: - ref: - description: |- - Ref is a required reference to a custom resource - offered by a provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - ref - type: object - metadata: - description: |- - Metadata is the metadata applied to the machines of the MachineDeployment. - At runtime this metadata is merged with the corresponding metadata from the topology. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - required: - - bootstrap - - infrastructure - type: object - required: - - class - - template - type: object - type: array - type: object - type: object - type: object - served: false - storage: false - subresources: {} - - additionalPrinterColumns: - - description: Time duration since creation of ClusterClass - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: ClusterClass is a template which can be used to create managed - topologies. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ClusterClassSpec describes the desired state of the ClusterClass. - properties: - controlPlane: - description: |- - ControlPlane is a reference to a local struct that holds the details - for provisioning the Control Plane for the Cluster. - properties: - machineHealthCheck: - description: |- - MachineHealthCheck defines a MachineHealthCheck for this ControlPlaneClass. - This field is supported if and only if the ControlPlane provider template - referenced above is Machine based and supports setting replicas. - properties: - maxUnhealthy: - anyOf: - - type: integer - - type: string - description: |- - Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by - "selector" are not healthy. - x-kubernetes-int-or-string: true - nodeStartupTimeout: - description: |- - NodeStartupTimeout allows to set the maximum time for MachineHealthCheck - to consider a Machine unhealthy if a corresponding Node isn't associated - through a `Spec.ProviderID` field. - - - The duration set in this field is compared to the greatest of: - - Cluster's infrastructure ready condition timestamp (if and when available) - - Control Plane's initialized condition timestamp (if and when available) - - Machine's infrastructure ready condition timestamp (if and when available) - - Machine's metadata creation timestamp - - - Defaults to 10 minutes. - If you wish to disable this feature, set the value explicitly to 0. - type: string - remediationTemplate: - description: |- - RemediationTemplate is a reference to a remediation template - provided by an infrastructure provider. - - - This field is completely optional, when filled, the MachineHealthCheck controller - creates a new object from the template referenced and hands off remediation of the machine to - a controller that lives outside of Cluster API. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - unhealthyConditions: - description: |- - UnhealthyConditions contains a list of the conditions that determine - whether a node is considered unhealthy. The conditions are combined in a - logical OR, i.e. if any of the conditions is met, the node is unhealthy. - items: - description: |- - UnhealthyCondition represents a Node condition type and value with a timeout - specified as a duration. When the named condition has been in the given - status for at least the timeout value, a node is considered unhealthy. - properties: - status: - minLength: 1 - type: string - timeout: - type: string - type: - minLength: 1 - type: string - required: - - status - - timeout - - type - type: object - type: array - unhealthyRange: - description: |- - Any further remediation is only allowed if the number of machines selected by "selector" as not healthy - is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy. - Eg. "[3-5]" - This means that remediation will be allowed only when: - (a) there are at least 3 unhealthy machines (and) - (b) there are at most 5 unhealthy machines - pattern: ^\[[0-9]+-[0-9]+\]$ - type: string - type: object - machineInfrastructure: - description: |- - MachineInfrastructure defines the metadata and infrastructure information - for control plane machines. - - - This field is supported if and only if the control plane provider template - referenced above is Machine based and supports setting replicas. - properties: - ref: - description: |- - Ref is a required reference to a custom resource - offered by a provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - ref - type: object - metadata: - description: |- - Metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane - if the ControlPlaneTemplate referenced is machine based. If not, it is applied only to the - ControlPlane. - At runtime this metadata is merged with the corresponding metadata from the topology. - - - This field is supported if and only if the control plane provider template - referenced is Machine based. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - namingStrategy: - description: NamingStrategy allows changing the naming pattern - used when creating the control plane provider object. - properties: - template: - description: |- - Template defines the template to use for generating the name of the ControlPlane object. - If not defined, it will fallback to `{{ .cluster.name }}-{{ .random }}`. - If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will - get concatenated with a random suffix of length 5. - The templating mechanism provides the following arguments: - * `.cluster.name`: The name of the cluster object. - * `.random`: A random alphanumeric string, without vowels, of length 5. - type: string - type: object - nodeDeletionTimeout: - description: |- - NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine - hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. - Defaults to 10 seconds. - NOTE: This value can be overridden while defining a Cluster.Topology. - type: string - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - NOTE: This value can be overridden while defining a Cluster.Topology. - type: string - nodeVolumeDetachTimeout: - description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - NOTE: This value can be overridden while defining a Cluster.Topology. - type: string - ref: - description: |- - Ref is a required reference to a custom resource - offered by a provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - ref - type: object - infrastructure: - description: |- - Infrastructure is a reference to a provider-specific template that holds - the details for provisioning infrastructure specific cluster - for the underlying provider. - The underlying provider is responsible for the implementation - of the template to an infrastructure cluster. - properties: - ref: - description: |- - Ref is a required reference to a custom resource - offered by a provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - ref - type: object - patches: - description: |- - Patches defines the patches which are applied to customize - referenced templates of a ClusterClass. - Note: Patches will be applied in the order of the array. - items: - description: ClusterClassPatch defines a patch which is applied - to customize the referenced templates. - properties: - definitions: - description: |- - Definitions define inline patches. - Note: Patches will be applied in the order of the array. - Note: Exactly one of Definitions or External must be set. - items: - description: PatchDefinition defines a patch which is applied - to customize the referenced templates. - properties: - jsonPatches: - description: |- - JSONPatches defines the patches which should be applied on the templates - matching the selector. - Note: Patches will be applied in the order of the array. - items: - description: JSONPatch defines a JSON patch. - properties: - op: - description: |- - Op defines the operation of the patch. - Note: Only `add`, `replace` and `remove` are supported. - type: string - path: - description: |- - Path defines the path of the patch. - Note: Only the spec of a template can be patched, thus the path has to start with /spec/. - Note: For now the only allowed array modifications are `append` and `prepend`, i.e.: - * for op: `add`: only index 0 (prepend) and - (append) are allowed - * for op: `replace` or `remove`: no indexes are allowed - type: string - value: - description: |- - Value defines the value of the patch. - Note: Either Value or ValueFrom is required for add and replace - operations. Only one of them is allowed to be set at the same time. - Note: We have to use apiextensionsv1.JSON instead of our JSON type, - because controller-tools has a hard-coded schema for apiextensionsv1.JSON - which cannot be produced by another type (unset type field). - Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 - x-kubernetes-preserve-unknown-fields: true - valueFrom: - description: |- - ValueFrom defines the value of the patch. - Note: Either Value or ValueFrom is required for add and replace - operations. Only one of them is allowed to be set at the same time. - properties: - template: - description: |- - Template is the Go template to be used to calculate the value. - A template can reference variables defined in .spec.variables and builtin variables. - Note: The template must evaluate to a valid YAML or JSON value. - type: string - variable: - description: |- - Variable is the variable to be used as value. - Variable can be one of the variables defined in .spec.variables or a builtin variable. - type: string - type: object - required: - - op - - path - type: object - type: array - selector: - description: Selector defines on which templates the patch - should be applied. - properties: - apiVersion: - description: APIVersion filters templates by apiVersion. - type: string - kind: - description: Kind filters templates by kind. - type: string - matchResources: - description: MatchResources selects templates based - on where they are referenced. - properties: - controlPlane: - description: |- - ControlPlane selects templates referenced in .spec.ControlPlane. - Note: this will match the controlPlane and also the controlPlane - machineInfrastructure (depending on the kind and apiVersion). - type: boolean - infrastructureCluster: - description: InfrastructureCluster selects templates - referenced in .spec.infrastructure. - type: boolean - machineDeploymentClass: - description: |- - MachineDeploymentClass selects templates referenced in specific MachineDeploymentClasses in - .spec.workers.machineDeployments. - properties: - names: - description: Names selects templates by class - names. - items: - type: string - type: array - type: object - machinePoolClass: - description: |- - MachinePoolClass selects templates referenced in specific MachinePoolClasses in - .spec.workers.machinePools. - properties: - names: - description: Names selects templates by class - names. - items: - type: string - type: array - type: object - type: object - required: - - apiVersion - - kind - - matchResources - type: object - required: - - jsonPatches - - selector - type: object - type: array - description: - description: Description is a human-readable description of - this patch. - type: string - enabledIf: - description: |- - EnabledIf is a Go template to be used to calculate if a patch should be enabled. - It can reference variables defined in .spec.variables and builtin variables. - The patch will be enabled if the template evaluates to `true`, otherwise it will - be disabled. - If EnabledIf is not set, the patch will be enabled per default. - type: string - external: - description: |- - External defines an external patch. - Note: Exactly one of Definitions or External must be set. - properties: - discoverVariablesExtension: - description: DiscoverVariablesExtension references an extension - which is called to discover variables. - type: string - generateExtension: - description: GenerateExtension references an extension which - is called to generate patches. - type: string - settings: - additionalProperties: - type: string - description: |- - Settings defines key value pairs to be passed to the extensions. - Values defined here take precedence over the values defined in the - corresponding ExtensionConfig. - type: object - validateExtension: - description: ValidateExtension references an extension which - is called to validate the topology. - type: string - type: object - name: - description: Name of the patch. - type: string - required: - - name - type: object - type: array - variables: - description: |- - Variables defines the variables which can be configured - in the Cluster topology and are then used in patches. - items: - description: |- - ClusterClassVariable defines a variable which can - be configured in the Cluster topology and used in patches. - properties: - metadata: - description: |- - Metadata is the metadata of a variable. - It can be used to add additional data for higher level tools to - a ClusterClassVariable. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map that can be used to store and - retrieve arbitrary metadata. - They are not queryable. - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) variables. - type: object - type: object - name: - description: Name of the variable. - type: string - required: - description: |- - Required specifies if the variable is required. - Note: this applies to the variable as a whole and thus the - top-level object defined in the schema. If nested fields are - required, this will be specified inside the schema. - type: boolean - schema: - description: Schema defines the schema of the variable. - properties: - openAPIV3Schema: - description: |- - OpenAPIV3Schema defines the schema of a variable via OpenAPI v3 - schema. The schema is a subset of the schema used in - Kubernetes CRDs. - properties: - additionalProperties: - description: |- - AdditionalProperties specifies the schema of values in a map (keys are always strings). - NOTE: Can only be set if type is object. - NOTE: AdditionalProperties is mutually exclusive with Properties. - NOTE: This field uses PreserveUnknownFields and Schemaless, - because recursive validation is not possible. - x-kubernetes-preserve-unknown-fields: true - default: - description: |- - Default is the default value of the variable. - NOTE: Can be set for all types. - x-kubernetes-preserve-unknown-fields: true - description: - description: Description is a human-readable description - of this variable. - type: string - enum: - description: |- - Enum is the list of valid values of the variable. - NOTE: Can be set for all types. - items: - x-kubernetes-preserve-unknown-fields: true - type: array - example: - description: Example is an example for this variable. - x-kubernetes-preserve-unknown-fields: true - exclusiveMaximum: - description: |- - ExclusiveMaximum specifies if the Maximum is exclusive. - NOTE: Can only be set if type is integer or number. - type: boolean - exclusiveMinimum: - description: |- - ExclusiveMinimum specifies if the Minimum is exclusive. - NOTE: Can only be set if type is integer or number. - type: boolean - format: - description: |- - Format is an OpenAPI v3 format string. Unknown formats are ignored. - For a list of supported formats please see: (of the k8s.io/apiextensions-apiserver version we're currently using) - https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go - NOTE: Can only be set if type is string. - type: string - items: - description: |- - Items specifies fields of an array. - NOTE: Can only be set if type is array. - NOTE: This field uses PreserveUnknownFields and Schemaless, - because recursive validation is not possible. - x-kubernetes-preserve-unknown-fields: true - maxItems: - description: |- - MaxItems is the max length of an array variable. - NOTE: Can only be set if type is array. - format: int64 - type: integer - maxLength: - description: |- - MaxLength is the max length of a string variable. - NOTE: Can only be set if type is string. - format: int64 - type: integer - maximum: - description: |- - Maximum is the maximum of an integer or number variable. - If ExclusiveMaximum is false, the variable is valid if it is lower than, or equal to, the value of Maximum. - If ExclusiveMaximum is true, the variable is valid if it is strictly lower than the value of Maximum. - NOTE: Can only be set if type is integer or number. - format: int64 - type: integer - minItems: - description: |- - MinItems is the min length of an array variable. - NOTE: Can only be set if type is array. - format: int64 - type: integer - minLength: - description: |- - MinLength is the min length of a string variable. - NOTE: Can only be set if type is string. - format: int64 - type: integer - minimum: - description: |- - Minimum is the minimum of an integer or number variable. - If ExclusiveMinimum is false, the variable is valid if it is greater than, or equal to, the value of Minimum. - If ExclusiveMinimum is true, the variable is valid if it is strictly greater than the value of Minimum. - NOTE: Can only be set if type is integer or number. - format: int64 - type: integer - pattern: - description: |- - Pattern is the regex which a string variable must match. - NOTE: Can only be set if type is string. - type: string - properties: - description: |- - Properties specifies fields of an object. - NOTE: Can only be set if type is object. - NOTE: Properties is mutually exclusive with AdditionalProperties. - NOTE: This field uses PreserveUnknownFields and Schemaless, - because recursive validation is not possible. - x-kubernetes-preserve-unknown-fields: true - required: - description: |- - Required specifies which fields of an object are required. - NOTE: Can only be set if type is object. - items: - type: string - type: array - type: - description: |- - Type is the type of the variable. - Valid values are: object, array, string, integer, number or boolean. - type: string - uniqueItems: - description: |- - UniqueItems specifies if items in an array must be unique. - NOTE: Can only be set if type is array. - type: boolean - x-kubernetes-preserve-unknown-fields: - description: |- - XPreserveUnknownFields allows setting fields in a variable object - which are not defined in the variable schema. This affects fields recursively, - except if nested properties or additionalProperties are specified in the schema. - type: boolean - required: - - type - type: object - required: - - openAPIV3Schema - type: object - required: - - name - - required - - schema - type: object - type: array - workers: - description: |- - Workers describes the worker nodes for the cluster. - It is a collection of node types which can be used to create - the worker nodes of the cluster. - properties: - machineDeployments: - description: |- - MachineDeployments is a list of machine deployment classes that can be used to create - a set of worker nodes. - items: - description: |- - MachineDeploymentClass serves as a template to define a set of worker nodes of the cluster - provisioned using the `ClusterClass`. - properties: - class: - description: |- - Class denotes a type of worker node present in the cluster, - this name MUST be unique within a ClusterClass and can be referenced - in the Cluster to create a managed MachineDeployment. - type: string - failureDomain: - description: |- - FailureDomain is the failure domain the machines will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. - type: string - machineHealthCheck: - description: MachineHealthCheck defines a MachineHealthCheck - for this MachineDeploymentClass. - properties: - maxUnhealthy: - anyOf: - - type: integer - - type: string - description: |- - Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by - "selector" are not healthy. - x-kubernetes-int-or-string: true - nodeStartupTimeout: - description: |- - NodeStartupTimeout allows to set the maximum time for MachineHealthCheck - to consider a Machine unhealthy if a corresponding Node isn't associated - through a `Spec.ProviderID` field. - - - The duration set in this field is compared to the greatest of: - - Cluster's infrastructure ready condition timestamp (if and when available) - - Control Plane's initialized condition timestamp (if and when available) - - Machine's infrastructure ready condition timestamp (if and when available) - - Machine's metadata creation timestamp - - - Defaults to 10 minutes. - If you wish to disable this feature, set the value explicitly to 0. - type: string - remediationTemplate: - description: |- - RemediationTemplate is a reference to a remediation template - provided by an infrastructure provider. - - - This field is completely optional, when filled, the MachineHealthCheck controller - creates a new object from the template referenced and hands off remediation of the machine to - a controller that lives outside of Cluster API. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - unhealthyConditions: - description: |- - UnhealthyConditions contains a list of the conditions that determine - whether a node is considered unhealthy. The conditions are combined in a - logical OR, i.e. if any of the conditions is met, the node is unhealthy. - items: - description: |- - UnhealthyCondition represents a Node condition type and value with a timeout - specified as a duration. When the named condition has been in the given - status for at least the timeout value, a node is considered unhealthy. - properties: - status: - minLength: 1 - type: string - timeout: - type: string - type: - minLength: 1 - type: string - required: - - status - - timeout - - type - type: object - type: array - unhealthyRange: - description: |- - Any further remediation is only allowed if the number of machines selected by "selector" as not healthy - is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy. - Eg. "[3-5]" - This means that remediation will be allowed only when: - (a) there are at least 3 unhealthy machines (and) - (b) there are at most 5 unhealthy machines - pattern: ^\[[0-9]+-[0-9]+\]$ - type: string - type: object - minReadySeconds: - description: |- - Minimum number of seconds for which a newly created machine should - be ready. - Defaults to 0 (machine will be considered available as soon as it - is ready) - NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. - format: int32 - type: integer - namingStrategy: - description: NamingStrategy allows changing the naming pattern - used when creating the MachineDeployment. - properties: - template: - description: |- - Template defines the template to use for generating the name of the MachineDeployment object. - If not defined, it will fallback to `{{ .cluster.name }}-{{ .machineDeployment.topologyName }}-{{ .random }}`. - If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will - get concatenated with a random suffix of length 5. - The templating mechanism provides the following arguments: - * `.cluster.name`: The name of the cluster object. - * `.random`: A random alphanumeric string, without vowels, of length 5. - * `.machineDeployment.topologyName`: The name of the MachineDeployment topology (Cluster.spec.topology.workers.machineDeployments[].name). - type: string - type: object - nodeDeletionTimeout: - description: |- - NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine - hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. - Defaults to 10 seconds. - NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. - type: string - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. - type: string - nodeVolumeDetachTimeout: - description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. - type: string - strategy: - description: |- - The deployment strategy to use to replace existing machines with - new ones. - NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. - properties: - remediation: - description: |- - Remediation controls the strategy of remediating unhealthy machines - and how remediating operations should occur during the lifecycle of the dependant MachineSets. - properties: - maxInFlight: - anyOf: - - type: integer - - type: string - description: |- - MaxInFlight determines how many in flight remediations should happen at the same time. - - - Remediation only happens on the MachineSet with the most current revision, while - older MachineSets (usually present during rollout operations) aren't allowed to remediate. - - - Note: In general (independent of remediations), unhealthy machines are always - prioritized during scale down operations over healthy ones. - - - MaxInFlight can be set to a fixed number or a percentage. - Example: when this is set to 20%, the MachineSet controller deletes at most 20% of - the desired replicas. - - - If not set, remediation is limited to all machines (bounded by replicas) - under the active MachineSet's management. - x-kubernetes-int-or-string: true - type: object - rollingUpdate: - description: |- - Rolling update config params. Present only if - MachineDeploymentStrategyType = RollingUpdate. - properties: - deletePolicy: - description: |- - DeletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling. - Valid values are "Random, "Newest", "Oldest" - When no value is supplied, the default DeletePolicy of MachineSet is used - enum: - - Random - - Newest - - Oldest - type: string - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of machines that can be scheduled above the - desired number of machines. - Value can be an absolute number (ex: 5) or a percentage of - desired machines (ex: 10%). - This can not be 0 if MaxUnavailable is 0. - Absolute number is calculated from percentage by rounding up. - Defaults to 1. - Example: when this is set to 30%, the new MachineSet can be scaled - up immediately when the rolling update starts, such that the total - number of old and new machines do not exceed 130% of desired - machines. Once old machines have been killed, new MachineSet can - be scaled up further, ensuring that total number of machines running - at any time during the update is at most 130% of desired machines. - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of machines that can be unavailable during the update. - Value can be an absolute number (ex: 5) or a percentage of desired - machines (ex: 10%). - Absolute number is calculated from percentage by rounding down. - This can not be 0 if MaxSurge is 0. - Defaults to 0. - Example: when this is set to 30%, the old MachineSet can be scaled - down to 70% of desired machines immediately when the rolling update - starts. Once new machines are ready, old MachineSet can be scaled - down further, followed by scaling up the new MachineSet, ensuring - that the total number of machines available at all times - during the update is at least 70% of desired machines. - x-kubernetes-int-or-string: true - type: object - type: - description: |- - Type of deployment. Allowed values are RollingUpdate and OnDelete. - The default is RollingUpdate. - enum: - - RollingUpdate - - OnDelete - type: string - type: object - template: - description: |- - Template is a local struct containing a collection of templates for creation of - MachineDeployment objects representing a set of worker nodes. - properties: - bootstrap: - description: |- - Bootstrap contains the bootstrap template reference to be used - for the creation of worker Machines. - properties: - ref: - description: |- - Ref is a required reference to a custom resource - offered by a provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - ref - type: object - infrastructure: - description: |- - Infrastructure contains the infrastructure template reference to be used - for the creation of worker Machines. - properties: - ref: - description: |- - Ref is a required reference to a custom resource - offered by a provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - ref - type: object - metadata: - description: |- - Metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment. - At runtime this metadata is merged with the corresponding metadata from the topology. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - required: - - bootstrap - - infrastructure - type: object - required: - - class - - template - type: object - type: array - machinePools: - description: |- - MachinePools is a list of machine pool classes that can be used to create - a set of worker nodes. - items: - description: |- - MachinePoolClass serves as a template to define a pool of worker nodes of the cluster - provisioned using `ClusterClass`. - properties: - class: - description: |- - Class denotes a type of machine pool present in the cluster, - this name MUST be unique within a ClusterClass and can be referenced - in the Cluster to create a managed MachinePool. - type: string - failureDomains: - description: |- - FailureDomains is the list of failure domains the MachinePool should be attached to. - Must match a key in the FailureDomains map stored on the cluster object. - NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. - items: - type: string - type: array - minReadySeconds: - description: |- - Minimum number of seconds for which a newly created machine pool should - be ready. - Defaults to 0 (machine will be considered available as soon as it - is ready) - NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. - format: int32 - type: integer - namingStrategy: - description: NamingStrategy allows changing the naming pattern - used when creating the MachinePool. - properties: - template: - description: |- - Template defines the template to use for generating the name of the MachinePool object. - If not defined, it will fallback to `{{ .cluster.name }}-{{ .machinePool.topologyName }}-{{ .random }}`. - If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will - get concatenated with a random suffix of length 5. - The templating mechanism provides the following arguments: - * `.cluster.name`: The name of the cluster object. - * `.random`: A random alphanumeric string, without vowels, of length 5. - * `.machinePool.topologyName`: The name of the MachinePool topology (Cluster.spec.topology.workers.machinePools[].name). - type: string - type: object - nodeDeletionTimeout: - description: |- - NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine - hosts after the Machine Pool is marked for deletion. A duration of 0 will retry deletion indefinitely. - Defaults to 10 seconds. - NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. - type: string - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. - type: string - nodeVolumeDetachTimeout: - description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. - type: string - template: - description: |- - Template is a local struct containing a collection of templates for creation of - MachinePools objects representing a pool of worker nodes. - properties: - bootstrap: - description: |- - Bootstrap contains the bootstrap template reference to be used - for the creation of the Machines in the MachinePool. - properties: - ref: - description: |- - Ref is a required reference to a custom resource - offered by a provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - ref - type: object - infrastructure: - description: |- - Infrastructure contains the infrastructure template reference to be used - for the creation of the MachinePool. - properties: - ref: - description: |- - Ref is a required reference to a custom resource - offered by a provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - ref - type: object - metadata: - description: |- - Metadata is the metadata applied to the MachinePool. - At runtime this metadata is merged with the corresponding metadata from the topology. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - required: - - bootstrap - - infrastructure - type: object - required: - - class - - template - type: object - type: array - type: object - type: object - status: - description: ClusterClassStatus defines the observed state of the ClusterClass. - properties: - conditions: - description: Conditions defines current observed state of the ClusterClass. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - variables: - description: Variables is a list of ClusterClassStatusVariable that - are defined for the ClusterClass. - items: - description: ClusterClassStatusVariable defines a variable which - appears in the status of a ClusterClass. - properties: - definitions: - description: Definitions is a list of definitions for a variable. - items: - description: ClusterClassStatusVariableDefinition defines - a variable which appears in the status of a ClusterClass. - properties: - from: - description: |- - From specifies the origin of the variable definition. - This will be `inline` for variables defined in the ClusterClass or the name of a patch defined in the ClusterClass - for variables discovered from a DiscoverVariables runtime extensions. - type: string - metadata: - description: |- - Metadata is the metadata of a variable. - It can be used to add additional data for higher level tools to - a ClusterClassVariable. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map that can be used to store and - retrieve arbitrary metadata. - They are not queryable. - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) variables. - type: object - type: object - required: - description: |- - Required specifies if the variable is required. - Note: this applies to the variable as a whole and thus the - top-level object defined in the schema. If nested fields are - required, this will be specified inside the schema. - type: boolean - schema: - description: Schema defines the schema of the variable. - properties: - openAPIV3Schema: - description: |- - OpenAPIV3Schema defines the schema of a variable via OpenAPI v3 - schema. The schema is a subset of the schema used in - Kubernetes CRDs. - properties: - additionalProperties: - description: |- - AdditionalProperties specifies the schema of values in a map (keys are always strings). - NOTE: Can only be set if type is object. - NOTE: AdditionalProperties is mutually exclusive with Properties. - NOTE: This field uses PreserveUnknownFields and Schemaless, - because recursive validation is not possible. - x-kubernetes-preserve-unknown-fields: true - default: - description: |- - Default is the default value of the variable. - NOTE: Can be set for all types. - x-kubernetes-preserve-unknown-fields: true - description: - description: Description is a human-readable description - of this variable. - type: string - enum: - description: |- - Enum is the list of valid values of the variable. - NOTE: Can be set for all types. - items: - x-kubernetes-preserve-unknown-fields: true - type: array - example: - description: Example is an example for this variable. - x-kubernetes-preserve-unknown-fields: true - exclusiveMaximum: - description: |- - ExclusiveMaximum specifies if the Maximum is exclusive. - NOTE: Can only be set if type is integer or number. - type: boolean - exclusiveMinimum: - description: |- - ExclusiveMinimum specifies if the Minimum is exclusive. - NOTE: Can only be set if type is integer or number. - type: boolean - format: - description: |- - Format is an OpenAPI v3 format string. Unknown formats are ignored. - For a list of supported formats please see: (of the k8s.io/apiextensions-apiserver version we're currently using) - https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go - NOTE: Can only be set if type is string. - type: string - items: - description: |- - Items specifies fields of an array. - NOTE: Can only be set if type is array. - NOTE: This field uses PreserveUnknownFields and Schemaless, - because recursive validation is not possible. - x-kubernetes-preserve-unknown-fields: true - maxItems: - description: |- - MaxItems is the max length of an array variable. - NOTE: Can only be set if type is array. - format: int64 - type: integer - maxLength: - description: |- - MaxLength is the max length of a string variable. - NOTE: Can only be set if type is string. - format: int64 - type: integer - maximum: - description: |- - Maximum is the maximum of an integer or number variable. - If ExclusiveMaximum is false, the variable is valid if it is lower than, or equal to, the value of Maximum. - If ExclusiveMaximum is true, the variable is valid if it is strictly lower than the value of Maximum. - NOTE: Can only be set if type is integer or number. - format: int64 - type: integer - minItems: - description: |- - MinItems is the min length of an array variable. - NOTE: Can only be set if type is array. - format: int64 - type: integer - minLength: - description: |- - MinLength is the min length of a string variable. - NOTE: Can only be set if type is string. - format: int64 - type: integer - minimum: - description: |- - Minimum is the minimum of an integer or number variable. - If ExclusiveMinimum is false, the variable is valid if it is greater than, or equal to, the value of Minimum. - If ExclusiveMinimum is true, the variable is valid if it is strictly greater than the value of Minimum. - NOTE: Can only be set if type is integer or number. - format: int64 - type: integer - pattern: - description: |- - Pattern is the regex which a string variable must match. - NOTE: Can only be set if type is string. - type: string - properties: - description: |- - Properties specifies fields of an object. - NOTE: Can only be set if type is object. - NOTE: Properties is mutually exclusive with AdditionalProperties. - NOTE: This field uses PreserveUnknownFields and Schemaless, - because recursive validation is not possible. - x-kubernetes-preserve-unknown-fields: true - required: - description: |- - Required specifies which fields of an object are required. - NOTE: Can only be set if type is object. - items: - type: string - type: array - type: - description: |- - Type is the type of the variable. - Valid values are: object, array, string, integer, number or boolean. - type: string - uniqueItems: - description: |- - UniqueItems specifies if items in an array must be unique. - NOTE: Can only be set if type is array. - type: boolean - x-kubernetes-preserve-unknown-fields: - description: |- - XPreserveUnknownFields allows setting fields in a variable object - which are not defined in the variable schema. This affects fields recursively, - except if nested properties or additionalProperties are specified in the schema. - type: boolean - required: - - type - type: object - required: - - openAPIV3Schema - type: object - required: - - from - - required - - schema - type: object - type: array - definitionsConflict: - description: DefinitionsConflict specifies whether or not there - are conflicting definitions for a single variable name. - type: boolean - name: - description: Name is the name of the variable. - type: string - required: - - definitions - - name - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.14.0 - labels: - cluster.x-k8s.io/provider: cluster-api - name: clusterresourcesetbindings.addons.cluster.x-k8s.io - spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: addons.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: ClusterResourceSetBinding - listKind: ClusterResourceSetBindingList - plural: clusterresourcesetbindings - singular: clusterresourcesetbinding - scope: Namespaced - versions: - - deprecated: true - name: v1alpha3 - schema: - openAPIV3Schema: - description: |- - ClusterResourceSetBinding lists all matching ClusterResourceSets with the cluster it belongs to. - - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ClusterResourceSetBindingSpec defines the desired state of - ClusterResourceSetBinding. - properties: - bindings: - description: Bindings is a list of ClusterResourceSets and their resources. - items: - description: ResourceSetBinding keeps info on all of the resources - in a ClusterResourceSet. - properties: - clusterResourceSetName: - description: ClusterResourceSetName is the name of the ClusterResourceSet - that is applied to the owner cluster of the binding. - type: string - resources: - description: Resources is a list of resources that the ClusterResourceSet - has. - items: - description: ResourceBinding shows the status of a resource - that belongs to a ClusterResourceSet matched by the owner - cluster of the ClusterResourceSetBinding object. - properties: - applied: - description: Applied is to track if a resource is applied - to the cluster or not. - type: boolean - hash: - description: |- - Hash is the hash of a resource's data. This can be used to decide if a resource is changed. - For "ApplyOnce" ClusterResourceSet.spec.strategy, this is no-op as that strategy does not act on change. - type: string - kind: - description: 'Kind of the resource. Supported kinds are: - Secrets and ConfigMaps.' - enum: - - Secret - - ConfigMap - type: string - lastAppliedTime: - description: LastAppliedTime identifies when this resource - was last applied to the cluster. - format: date-time - type: string - name: - description: Name of the resource that is in the same - namespace with ClusterResourceSet object. - minLength: 1 - type: string - required: - - applied - - kind - - name - type: object - type: array - required: - - clusterResourceSetName - type: object - type: array - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Time duration since creation of ClusterResourceSetBinding - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - name: v1alpha4 - schema: - openAPIV3Schema: - description: |- - ClusterResourceSetBinding lists all matching ClusterResourceSets with the cluster it belongs to. - - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ClusterResourceSetBindingSpec defines the desired state of - ClusterResourceSetBinding. - properties: - bindings: - description: Bindings is a list of ClusterResourceSets and their resources. - items: - description: ResourceSetBinding keeps info on all of the resources - in a ClusterResourceSet. - properties: - clusterResourceSetName: - description: ClusterResourceSetName is the name of the ClusterResourceSet - that is applied to the owner cluster of the binding. - type: string - resources: - description: Resources is a list of resources that the ClusterResourceSet - has. - items: - description: ResourceBinding shows the status of a resource - that belongs to a ClusterResourceSet matched by the owner - cluster of the ClusterResourceSetBinding object. - properties: - applied: - description: Applied is to track if a resource is applied - to the cluster or not. - type: boolean - hash: - description: |- - Hash is the hash of a resource's data. This can be used to decide if a resource is changed. - For "ApplyOnce" ClusterResourceSet.spec.strategy, this is no-op as that strategy does not act on change. - type: string - kind: - description: 'Kind of the resource. Supported kinds are: - Secrets and ConfigMaps.' - enum: - - Secret - - ConfigMap - type: string - lastAppliedTime: - description: LastAppliedTime identifies when this resource - was last applied to the cluster. - format: date-time - type: string - name: - description: Name of the resource that is in the same - namespace with ClusterResourceSet object. - minLength: 1 - type: string - required: - - applied - - kind - - name - type: object - type: array - required: - - clusterResourceSetName - type: object - type: array - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Time duration since creation of ClusterResourceSetBinding - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: ClusterResourceSetBinding lists all matching ClusterResourceSets - with the cluster it belongs to. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ClusterResourceSetBindingSpec defines the desired state of - ClusterResourceSetBinding. - properties: - bindings: - description: Bindings is a list of ClusterResourceSets and their resources. - items: - description: ResourceSetBinding keeps info on all of the resources - in a ClusterResourceSet. - properties: - clusterResourceSetName: - description: ClusterResourceSetName is the name of the ClusterResourceSet - that is applied to the owner cluster of the binding. - type: string - resources: - description: Resources is a list of resources that the ClusterResourceSet - has. - items: - description: ResourceBinding shows the status of a resource - that belongs to a ClusterResourceSet matched by the owner - cluster of the ClusterResourceSetBinding object. - properties: - applied: - description: Applied is to track if a resource is applied - to the cluster or not. - type: boolean - hash: - description: |- - Hash is the hash of a resource's data. This can be used to decide if a resource is changed. - For "ApplyOnce" ClusterResourceSet.spec.strategy, this is no-op as that strategy does not act on change. - type: string - kind: - description: 'Kind of the resource. Supported kinds are: - Secrets and ConfigMaps.' - enum: - - Secret - - ConfigMap - type: string - lastAppliedTime: - description: LastAppliedTime identifies when this resource - was last applied to the cluster. - format: date-time - type: string - name: - description: Name of the resource that is in the same - namespace with ClusterResourceSet object. - minLength: 1 - type: string - required: - - applied - - kind - - name - type: object - type: array - required: - - clusterResourceSetName - type: object - type: array - clusterName: - description: |- - ClusterName is the name of the Cluster this binding applies to. - Note: this field mandatory in v1beta2. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.14.0 - labels: - cluster.x-k8s.io/provider: cluster-api - name: clusterresourcesets.addons.cluster.x-k8s.io - spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: addons.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: ClusterResourceSet - listKind: ClusterResourceSetList - plural: clusterresourcesets - singular: clusterresourceset - scope: Namespaced - versions: - - deprecated: true - name: v1alpha3 - schema: - openAPIV3Schema: - description: |- - ClusterResourceSet is the Schema for the clusterresourcesets API. - - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet. - properties: - clusterSelector: - description: |- - Label selector for Clusters. The Clusters that are - selected by this will be the ones affected by this ClusterResourceSet. - It must match the Cluster labels. This field is immutable. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - resources: - description: Resources is a list of Secrets/ConfigMaps where each - contains 1 or more resources to be applied to remote clusters. - items: - description: ResourceRef specifies a resource. - properties: - kind: - description: 'Kind of the resource. Supported kinds are: Secrets - and ConfigMaps.' - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the resource that is in the same namespace - with ClusterResourceSet object. - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - strategy: - description: Strategy is the strategy to be used during applying resources. - Defaults to ApplyOnce. This field is immutable. - enum: - - ApplyOnce - type: string - required: - - clusterSelector - type: object - status: - description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet. - properties: - conditions: - description: Conditions defines current state of the ClusterResourceSet. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration reflects the generation of the most - recently observed ClusterResourceSet. - format: int64 - type: integer - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Time duration since creation of ClusterResourceSet - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - name: v1alpha4 - schema: - openAPIV3Schema: - description: |- - ClusterResourceSet is the Schema for the clusterresourcesets API. - - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet. - properties: - clusterSelector: - description: |- - Label selector for Clusters. The Clusters that are - selected by this will be the ones affected by this ClusterResourceSet. - It must match the Cluster labels. This field is immutable. - Label selector cannot be empty. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - resources: - description: Resources is a list of Secrets/ConfigMaps where each - contains 1 or more resources to be applied to remote clusters. - items: - description: ResourceRef specifies a resource. - properties: - kind: - description: 'Kind of the resource. Supported kinds are: Secrets - and ConfigMaps.' - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the resource that is in the same namespace - with ClusterResourceSet object. - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - strategy: - description: Strategy is the strategy to be used during applying resources. - Defaults to ApplyOnce. This field is immutable. - enum: - - ApplyOnce - type: string - required: - - clusterSelector - type: object - status: - description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet. - properties: - conditions: - description: Conditions defines current state of the ClusterResourceSet. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration reflects the generation of the most - recently observed ClusterResourceSet. - format: int64 - type: integer - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Time duration since creation of ClusterResourceSet - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: ClusterResourceSet is the Schema for the clusterresourcesets - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet. - properties: - clusterSelector: - description: |- - Label selector for Clusters. The Clusters that are - selected by this will be the ones affected by this ClusterResourceSet. - It must match the Cluster labels. This field is immutable. - Label selector cannot be empty. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - resources: - description: Resources is a list of Secrets/ConfigMaps where each - contains 1 or more resources to be applied to remote clusters. - items: - description: ResourceRef specifies a resource. - properties: - kind: - description: 'Kind of the resource. Supported kinds are: Secrets - and ConfigMaps.' - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the resource that is in the same namespace - with ClusterResourceSet object. - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - strategy: - description: Strategy is the strategy to be used during applying resources. - Defaults to ApplyOnce. This field is immutable. - enum: - - ApplyOnce - - Reconcile - type: string - required: - - clusterSelector - type: object - status: - description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet. - properties: - conditions: - description: Conditions defines current state of the ClusterResourceSet. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration reflects the generation of the most - recently observed ClusterResourceSet. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.14.0 - labels: - cluster.x-k8s.io/provider: cluster-api - name: clusters.cluster.x-k8s.io - spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: cluster.x-k8s.io - names: - categories: - - cluster-api - kind: Cluster - listKind: ClusterList - plural: clusters - shortNames: - - cl - singular: cluster - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed - jsonPath: .status.phase - name: Phase - type: string - deprecated: true - name: v1alpha3 - schema: - openAPIV3Schema: - description: Cluster is the Schema for the clusters API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ClusterSpec defines the desired state of Cluster. - properties: - clusterNetwork: - description: Cluster network configuration. - properties: - apiServerPort: - description: |- - APIServerPort specifies the port the API Server should bind to. - Defaults to 6443. - format: int32 - type: integer - pods: - description: The network ranges from which Pod networks are allocated. - properties: - cidrBlocks: - items: - type: string - type: array - required: - - cidrBlocks - type: object - serviceDomain: - description: Domain name for services. - type: string - services: - description: The network ranges from which service VIPs are allocated. - properties: - cidrBlocks: - items: - type: string - type: array - required: - - cidrBlocks - type: object - type: object - controlPlaneEndpoint: - description: ControlPlaneEndpoint represents the endpoint used to - communicate with the control plane. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - controlPlaneRef: - description: |- - ControlPlaneRef is an optional reference to a provider-specific resource that holds - the details for provisioning the Control Plane for a Cluster. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - infrastructureRef: - description: |- - InfrastructureRef is a reference to a provider-specific resource that holds the details - for provisioning infrastructure for a cluster in said provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - paused: - description: Paused can be used to prevent controllers from processing - the Cluster and all its associated objects. - type: boolean - type: object - status: - description: ClusterStatus defines the observed state of Cluster. - properties: - conditions: - description: Conditions defines current service state of the cluster. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - controlPlaneInitialized: - description: ControlPlaneInitialized defines if the control plane - has been initialized. - type: boolean - controlPlaneReady: - description: ControlPlaneReady defines if the control plane is ready. - type: boolean - failureDomains: - additionalProperties: - description: |- - FailureDomainSpec is the Schema for Cluster API failure domains. - It allows controllers to understand how many failure domains a cluster can optionally span across. - properties: - attributes: - additionalProperties: - type: string - description: Attributes is a free form map of attributes an - infrastructure provider might use or require. - type: object - controlPlane: - description: ControlPlane determines if this failure domain - is suitable for use by control plane machines. - type: boolean - type: object - description: FailureDomains is a slice of failure domain objects synced - from the infrastructure provider. - type: object - failureMessage: - description: |- - FailureMessage indicates that there is a fatal problem reconciling the - state, and will be set to a descriptive error message. - type: string - failureReason: - description: |- - FailureReason indicates that there is a fatal problem reconciling the - state, and will be set to a token value suitable for - programmatic interpretation. - type: string - infrastructureReady: - description: InfrastructureReady is the state of the infrastructure - provider. - type: boolean - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - phase: - description: |- - Phase represents the current phase of cluster actuation. - E.g. Pending, Running, Terminating, Failed etc. - type: string - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Time duration since creation of Cluster - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed - jsonPath: .status.phase - name: Phase - type: string - deprecated: true - name: v1alpha4 - schema: - openAPIV3Schema: - description: |- - Cluster is the Schema for the clusters API. - - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ClusterSpec defines the desired state of Cluster. - properties: - clusterNetwork: - description: Cluster network configuration. - properties: - apiServerPort: - description: |- - APIServerPort specifies the port the API Server should bind to. - Defaults to 6443. - format: int32 - type: integer - pods: - description: The network ranges from which Pod networks are allocated. - properties: - cidrBlocks: - items: - type: string - type: array - required: - - cidrBlocks - type: object - serviceDomain: - description: Domain name for services. - type: string - services: - description: The network ranges from which service VIPs are allocated. - properties: - cidrBlocks: - items: - type: string - type: array - required: - - cidrBlocks - type: object - type: object - controlPlaneEndpoint: - description: ControlPlaneEndpoint represents the endpoint used to - communicate with the control plane. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - controlPlaneRef: - description: |- - ControlPlaneRef is an optional reference to a provider-specific resource that holds - the details for provisioning the Control Plane for a Cluster. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - infrastructureRef: - description: |- - InfrastructureRef is a reference to a provider-specific resource that holds the details - for provisioning infrastructure for a cluster in said provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - paused: - description: Paused can be used to prevent controllers from processing - the Cluster and all its associated objects. - type: boolean - topology: - description: |- - This encapsulates the topology for the cluster. - NOTE: It is required to enable the ClusterTopology - feature gate flag to activate managed topologies support; - this feature is highly experimental, and parts of it might still be not implemented. - properties: - class: - description: The name of the ClusterClass object to create the - topology. - type: string - controlPlane: - description: ControlPlane describes the cluster control plane. - properties: - metadata: - description: |- - Metadata is the metadata applied to the machines of the ControlPlane. - At runtime this metadata is merged with the corresponding metadata from the ClusterClass. - - - This field is supported if and only if the control plane provider template - referenced in the ClusterClass is Machine based. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - replicas: - description: |- - Replicas is the number of control plane nodes. - If the value is nil, the ControlPlane object is created without the number of Replicas - and it's assumed that the control plane controller does not implement support for this field. - When specified against a control plane provider that lacks support for this field, this value will be ignored. - format: int32 - type: integer - type: object - rolloutAfter: - description: |- - RolloutAfter performs a rollout of the entire cluster one component at a time, - control plane first and then machine deployments. - format: date-time - type: string - version: - description: The Kubernetes version of the cluster. - type: string - workers: - description: |- - Workers encapsulates the different constructs that form the worker nodes - for the cluster. - properties: - machineDeployments: - description: MachineDeployments is a list of machine deployments - in the cluster. - items: - description: |- - MachineDeploymentTopology specifies the different parameters for a set of worker nodes in the topology. - This set of nodes is managed by a MachineDeployment object whose lifecycle is managed by the Cluster controller. - properties: - class: - description: |- - Class is the name of the MachineDeploymentClass used to create the set of worker nodes. - This should match one of the deployment classes defined in the ClusterClass object - mentioned in the `Cluster.Spec.Class` field. - type: string - metadata: - description: |- - Metadata is the metadata applied to the machines of the MachineDeployment. - At runtime this metadata is merged with the corresponding metadata from the ClusterClass. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - name: - description: |- - Name is the unique identifier for this MachineDeploymentTopology. - The value is used with other unique identifiers to create a MachineDeployment's Name - (e.g. cluster's name, etc). In case the name is greater than the allowed maximum length, - the values are hashed together. - type: string - replicas: - description: |- - Replicas is the number of worker nodes belonging to this set. - If the value is nil, the MachineDeployment is created without the number of Replicas (defaulting to zero) - and it's assumed that an external entity (like cluster autoscaler) is responsible for the management - of this value. - format: int32 - type: integer - required: - - class - - name - type: object - type: array - type: object - required: - - class - - version - type: object - type: object - status: - description: ClusterStatus defines the observed state of Cluster. - properties: - conditions: - description: Conditions defines current service state of the cluster. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - controlPlaneReady: - description: ControlPlaneReady defines if the control plane is ready. - type: boolean - failureDomains: - additionalProperties: - description: |- - FailureDomainSpec is the Schema for Cluster API failure domains. - It allows controllers to understand how many failure domains a cluster can optionally span across. - properties: - attributes: - additionalProperties: - type: string - description: Attributes is a free form map of attributes an - infrastructure provider might use or require. - type: object - controlPlane: - description: ControlPlane determines if this failure domain - is suitable for use by control plane machines. - type: boolean - type: object - description: FailureDomains is a slice of failure domain objects synced - from the infrastructure provider. - type: object - failureMessage: - description: |- - FailureMessage indicates that there is a fatal problem reconciling the - state, and will be set to a descriptive error message. - type: string - failureReason: - description: |- - FailureReason indicates that there is a fatal problem reconciling the - state, and will be set to a token value suitable for - programmatic interpretation. - type: string - infrastructureReady: - description: InfrastructureReady is the state of the infrastructure - provider. - type: boolean - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - phase: - description: |- - Phase represents the current phase of cluster actuation. - E.g. Pending, Running, Terminating, Failed etc. - type: string - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: ClusterClass of this Cluster, empty if the Cluster is not using - a ClusterClass - jsonPath: .spec.topology.class - name: ClusterClass - type: string - - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed - jsonPath: .status.phase - name: Phase - type: string - - description: Time duration since creation of Cluster - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Kubernetes version associated with this Cluster - jsonPath: .spec.topology.version - name: Version - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: Cluster is the Schema for the clusters API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ClusterSpec defines the desired state of Cluster. - properties: - clusterNetwork: - description: Cluster network configuration. - properties: - apiServerPort: - description: |- - APIServerPort specifies the port the API Server should bind to. - Defaults to 6443. - format: int32 - type: integer - pods: - description: The network ranges from which Pod networks are allocated. - properties: - cidrBlocks: - items: - type: string - type: array - required: - - cidrBlocks - type: object - serviceDomain: - description: Domain name for services. - type: string - services: - description: The network ranges from which service VIPs are allocated. - properties: - cidrBlocks: - items: - type: string - type: array - required: - - cidrBlocks - type: object - type: object - controlPlaneEndpoint: - description: ControlPlaneEndpoint represents the endpoint used to - communicate with the control plane. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - controlPlaneRef: - description: |- - ControlPlaneRef is an optional reference to a provider-specific resource that holds - the details for provisioning the Control Plane for a Cluster. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - infrastructureRef: - description: |- - InfrastructureRef is a reference to a provider-specific resource that holds the details - for provisioning infrastructure for a cluster in said provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - paused: - description: Paused can be used to prevent controllers from processing - the Cluster and all its associated objects. - type: boolean - topology: - description: |- - This encapsulates the topology for the cluster. - NOTE: It is required to enable the ClusterTopology - feature gate flag to activate managed topologies support; - this feature is highly experimental, and parts of it might still be not implemented. - properties: - class: - description: The name of the ClusterClass object to create the - topology. - type: string - controlPlane: - description: ControlPlane describes the cluster control plane. - properties: - machineHealthCheck: - description: |- - MachineHealthCheck allows to enable, disable and override - the MachineHealthCheck configuration in the ClusterClass for this control plane. - properties: - enable: - description: |- - Enable controls if a MachineHealthCheck should be created for the target machines. - - - If false: No MachineHealthCheck will be created. - - - If not set(default): A MachineHealthCheck will be created if it is defined here or - in the associated ClusterClass. If no MachineHealthCheck is defined then none will be created. - - - If true: A MachineHealthCheck is guaranteed to be created. Cluster validation will - block if `enable` is true and no MachineHealthCheck definition is available. - type: boolean - maxUnhealthy: - anyOf: - - type: integer - - type: string - description: |- - Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by - "selector" are not healthy. - x-kubernetes-int-or-string: true - nodeStartupTimeout: - description: |- - NodeStartupTimeout allows to set the maximum time for MachineHealthCheck - to consider a Machine unhealthy if a corresponding Node isn't associated - through a `Spec.ProviderID` field. - - - The duration set in this field is compared to the greatest of: - - Cluster's infrastructure ready condition timestamp (if and when available) - - Control Plane's initialized condition timestamp (if and when available) - - Machine's infrastructure ready condition timestamp (if and when available) - - Machine's metadata creation timestamp - - - Defaults to 10 minutes. - If you wish to disable this feature, set the value explicitly to 0. - type: string - remediationTemplate: - description: |- - RemediationTemplate is a reference to a remediation template - provided by an infrastructure provider. - - - This field is completely optional, when filled, the MachineHealthCheck controller - creates a new object from the template referenced and hands off remediation of the machine to - a controller that lives outside of Cluster API. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - unhealthyConditions: - description: |- - UnhealthyConditions contains a list of the conditions that determine - whether a node is considered unhealthy. The conditions are combined in a - logical OR, i.e. if any of the conditions is met, the node is unhealthy. - items: - description: |- - UnhealthyCondition represents a Node condition type and value with a timeout - specified as a duration. When the named condition has been in the given - status for at least the timeout value, a node is considered unhealthy. - properties: - status: - minLength: 1 - type: string - timeout: - type: string - type: - minLength: 1 - type: string - required: - - status - - timeout - - type - type: object - type: array - unhealthyRange: - description: |- - Any further remediation is only allowed if the number of machines selected by "selector" as not healthy - is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy. - Eg. "[3-5]" - This means that remediation will be allowed only when: - (a) there are at least 3 unhealthy machines (and) - (b) there are at most 5 unhealthy machines - pattern: ^\[[0-9]+-[0-9]+\]$ - type: string - type: object - metadata: - description: |- - Metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane - if the ControlPlaneTemplate referenced by the ClusterClass is machine based. If not, it - is applied only to the ControlPlane. - At runtime this metadata is merged with the corresponding metadata from the ClusterClass. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - nodeDeletionTimeout: - description: |- - NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine - hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. - Defaults to 10 seconds. - type: string - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - nodeVolumeDetachTimeout: - description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - type: string - replicas: - description: |- - Replicas is the number of control plane nodes. - If the value is nil, the ControlPlane object is created without the number of Replicas - and it's assumed that the control plane controller does not implement support for this field. - When specified against a control plane provider that lacks support for this field, this value will be ignored. - format: int32 - type: integer - variables: - description: Variables can be used to customize the ControlPlane - through patches. - properties: - overrides: - description: Overrides can be used to override Cluster - level variables. - items: - description: |- - ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a - Variable definition in the ClusterClass `status` variables. - properties: - definitionFrom: - description: |- - DefinitionFrom specifies where the definition of this Variable is from. DefinitionFrom is `inline` when the - definition is from the ClusterClass `.spec.variables` or the name of a patch defined in the ClusterClass - `.spec.patches` where the patch is external and provides external variables. - This field is mandatory if the variable has `DefinitionsConflict: true` in ClusterClass `status.variables[]` - type: string - name: - description: Name of the variable. - type: string - value: - description: |- - Value of the variable. - Note: the value will be validated against the schema of the corresponding ClusterClassVariable - from the ClusterClass. - Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a - hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools, - i.e. it is not possible to have no type field. - Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 - x-kubernetes-preserve-unknown-fields: true - required: - - name - - value - type: object - type: array - type: object - type: object - rolloutAfter: - description: |- - RolloutAfter performs a rollout of the entire cluster one component at a time, - control plane first and then machine deployments. - - - Deprecated: This field has no function and is going to be removed in the next apiVersion. - format: date-time - type: string - variables: - description: |- - Variables can be used to customize the Cluster through - patches. They must comply to the corresponding - VariableClasses defined in the ClusterClass. - items: - description: |- - ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a - Variable definition in the ClusterClass `status` variables. - properties: - definitionFrom: - description: |- - DefinitionFrom specifies where the definition of this Variable is from. DefinitionFrom is `inline` when the - definition is from the ClusterClass `.spec.variables` or the name of a patch defined in the ClusterClass - `.spec.patches` where the patch is external and provides external variables. - This field is mandatory if the variable has `DefinitionsConflict: true` in ClusterClass `status.variables[]` - type: string - name: - description: Name of the variable. - type: string - value: - description: |- - Value of the variable. - Note: the value will be validated against the schema of the corresponding ClusterClassVariable - from the ClusterClass. - Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a - hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools, - i.e. it is not possible to have no type field. - Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 - x-kubernetes-preserve-unknown-fields: true - required: - - name - - value - type: object - type: array - version: - description: The Kubernetes version of the cluster. - type: string - workers: - description: |- - Workers encapsulates the different constructs that form the worker nodes - for the cluster. - properties: - machineDeployments: - description: MachineDeployments is a list of machine deployments - in the cluster. - items: - description: |- - MachineDeploymentTopology specifies the different parameters for a set of worker nodes in the topology. - This set of nodes is managed by a MachineDeployment object whose lifecycle is managed by the Cluster controller. - properties: - class: - description: |- - Class is the name of the MachineDeploymentClass used to create the set of worker nodes. - This should match one of the deployment classes defined in the ClusterClass object - mentioned in the `Cluster.Spec.Class` field. - type: string - failureDomain: - description: |- - FailureDomain is the failure domain the machines will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - type: string - machineHealthCheck: - description: |- - MachineHealthCheck allows to enable, disable and override - the MachineHealthCheck configuration in the ClusterClass for this MachineDeployment. - properties: - enable: - description: |- - Enable controls if a MachineHealthCheck should be created for the target machines. - - - If false: No MachineHealthCheck will be created. - - - If not set(default): A MachineHealthCheck will be created if it is defined here or - in the associated ClusterClass. If no MachineHealthCheck is defined then none will be created. - - - If true: A MachineHealthCheck is guaranteed to be created. Cluster validation will - block if `enable` is true and no MachineHealthCheck definition is available. - type: boolean - maxUnhealthy: - anyOf: - - type: integer - - type: string - description: |- - Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by - "selector" are not healthy. - x-kubernetes-int-or-string: true - nodeStartupTimeout: - description: |- - NodeStartupTimeout allows to set the maximum time for MachineHealthCheck - to consider a Machine unhealthy if a corresponding Node isn't associated - through a `Spec.ProviderID` field. - - - The duration set in this field is compared to the greatest of: - - Cluster's infrastructure ready condition timestamp (if and when available) - - Control Plane's initialized condition timestamp (if and when available) - - Machine's infrastructure ready condition timestamp (if and when available) - - Machine's metadata creation timestamp - - - Defaults to 10 minutes. - If you wish to disable this feature, set the value explicitly to 0. - type: string - remediationTemplate: - description: |- - RemediationTemplate is a reference to a remediation template - provided by an infrastructure provider. - - - This field is completely optional, when filled, the MachineHealthCheck controller - creates a new object from the template referenced and hands off remediation of the machine to - a controller that lives outside of Cluster API. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - unhealthyConditions: - description: |- - UnhealthyConditions contains a list of the conditions that determine - whether a node is considered unhealthy. The conditions are combined in a - logical OR, i.e. if any of the conditions is met, the node is unhealthy. - items: - description: |- - UnhealthyCondition represents a Node condition type and value with a timeout - specified as a duration. When the named condition has been in the given - status for at least the timeout value, a node is considered unhealthy. - properties: - status: - minLength: 1 - type: string - timeout: - type: string - type: - minLength: 1 - type: string - required: - - status - - timeout - - type - type: object - type: array - unhealthyRange: - description: |- - Any further remediation is only allowed if the number of machines selected by "selector" as not healthy - is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy. - Eg. "[3-5]" - This means that remediation will be allowed only when: - (a) there are at least 3 unhealthy machines (and) - (b) there are at most 5 unhealthy machines - pattern: ^\[[0-9]+-[0-9]+\]$ - type: string - type: object - metadata: - description: |- - Metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment. - At runtime this metadata is merged with the corresponding metadata from the ClusterClass. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - minReadySeconds: - description: |- - Minimum number of seconds for which a newly created machine should - be ready. - Defaults to 0 (machine will be considered available as soon as it - is ready) - format: int32 - type: integer - name: - description: |- - Name is the unique identifier for this MachineDeploymentTopology. - The value is used with other unique identifiers to create a MachineDeployment's Name - (e.g. cluster's name, etc). In case the name is greater than the allowed maximum length, - the values are hashed together. - type: string - nodeDeletionTimeout: - description: |- - NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine - hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. - Defaults to 10 seconds. - type: string - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - nodeVolumeDetachTimeout: - description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - type: string - replicas: - description: |- - Replicas is the number of worker nodes belonging to this set. - If the value is nil, the MachineDeployment is created without the number of Replicas (defaulting to 1) - and it's assumed that an external entity (like cluster autoscaler) is responsible for the management - of this value. - format: int32 - type: integer - strategy: - description: |- - The deployment strategy to use to replace existing machines with - new ones. - properties: - remediation: - description: |- - Remediation controls the strategy of remediating unhealthy machines - and how remediating operations should occur during the lifecycle of the dependant MachineSets. - properties: - maxInFlight: - anyOf: - - type: integer - - type: string - description: |- - MaxInFlight determines how many in flight remediations should happen at the same time. - - - Remediation only happens on the MachineSet with the most current revision, while - older MachineSets (usually present during rollout operations) aren't allowed to remediate. - - - Note: In general (independent of remediations), unhealthy machines are always - prioritized during scale down operations over healthy ones. - - - MaxInFlight can be set to a fixed number or a percentage. - Example: when this is set to 20%, the MachineSet controller deletes at most 20% of - the desired replicas. - - - If not set, remediation is limited to all machines (bounded by replicas) - under the active MachineSet's management. - x-kubernetes-int-or-string: true - type: object - rollingUpdate: - description: |- - Rolling update config params. Present only if - MachineDeploymentStrategyType = RollingUpdate. - properties: - deletePolicy: - description: |- - DeletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling. - Valid values are "Random, "Newest", "Oldest" - When no value is supplied, the default DeletePolicy of MachineSet is used - enum: - - Random - - Newest - - Oldest - type: string - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of machines that can be scheduled above the - desired number of machines. - Value can be an absolute number (ex: 5) or a percentage of - desired machines (ex: 10%). - This can not be 0 if MaxUnavailable is 0. - Absolute number is calculated from percentage by rounding up. - Defaults to 1. - Example: when this is set to 30%, the new MachineSet can be scaled - up immediately when the rolling update starts, such that the total - number of old and new machines do not exceed 130% of desired - machines. Once old machines have been killed, new MachineSet can - be scaled up further, ensuring that total number of machines running - at any time during the update is at most 130% of desired machines. - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of machines that can be unavailable during the update. - Value can be an absolute number (ex: 5) or a percentage of desired - machines (ex: 10%). - Absolute number is calculated from percentage by rounding down. - This can not be 0 if MaxSurge is 0. - Defaults to 0. - Example: when this is set to 30%, the old MachineSet can be scaled - down to 70% of desired machines immediately when the rolling update - starts. Once new machines are ready, old MachineSet can be scaled - down further, followed by scaling up the new MachineSet, ensuring - that the total number of machines available at all times - during the update is at least 70% of desired machines. - x-kubernetes-int-or-string: true - type: object - type: - description: |- - Type of deployment. Allowed values are RollingUpdate and OnDelete. - The default is RollingUpdate. - enum: - - RollingUpdate - - OnDelete - type: string - type: object - variables: - description: Variables can be used to customize the - MachineDeployment through patches. - properties: - overrides: - description: Overrides can be used to override Cluster - level variables. - items: - description: |- - ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a - Variable definition in the ClusterClass `status` variables. - properties: - definitionFrom: - description: |- - DefinitionFrom specifies where the definition of this Variable is from. DefinitionFrom is `inline` when the - definition is from the ClusterClass `.spec.variables` or the name of a patch defined in the ClusterClass - `.spec.patches` where the patch is external and provides external variables. - This field is mandatory if the variable has `DefinitionsConflict: true` in ClusterClass `status.variables[]` - type: string - name: - description: Name of the variable. - type: string - value: - description: |- - Value of the variable. - Note: the value will be validated against the schema of the corresponding ClusterClassVariable - from the ClusterClass. - Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a - hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools, - i.e. it is not possible to have no type field. - Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 - x-kubernetes-preserve-unknown-fields: true - required: - - name - - value - type: object - type: array - type: object - required: - - class - - name - type: object - type: array - machinePools: - description: MachinePools is a list of machine pools in the - cluster. - items: - description: |- - MachinePoolTopology specifies the different parameters for a pool of worker nodes in the topology. - This pool of nodes is managed by a MachinePool object whose lifecycle is managed by the Cluster controller. - properties: - class: - description: |- - Class is the name of the MachinePoolClass used to create the pool of worker nodes. - This should match one of the deployment classes defined in the ClusterClass object - mentioned in the `Cluster.Spec.Class` field. - type: string - failureDomains: - description: |- - FailureDomains is the list of failure domains the machine pool will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - items: - type: string - type: array - metadata: - description: |- - Metadata is the metadata applied to the MachinePool. - At runtime this metadata is merged with the corresponding metadata from the ClusterClass. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - minReadySeconds: - description: |- - Minimum number of seconds for which a newly created machine pool should - be ready. - Defaults to 0 (machine will be considered available as soon as it - is ready) - format: int32 - type: integer - name: - description: |- - Name is the unique identifier for this MachinePoolTopology. - The value is used with other unique identifiers to create a MachinePool's Name - (e.g. cluster's name, etc). In case the name is greater than the allowed maximum length, - the values are hashed together. - type: string - nodeDeletionTimeout: - description: |- - NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the MachinePool - hosts after the MachinePool is marked for deletion. A duration of 0 will retry deletion indefinitely. - Defaults to 10 seconds. - type: string - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - nodeVolumeDetachTimeout: - description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - type: string - replicas: - description: |- - Replicas is the number of nodes belonging to this pool. - If the value is nil, the MachinePool is created without the number of Replicas (defaulting to 1) - and it's assumed that an external entity (like cluster autoscaler) is responsible for the management - of this value. - format: int32 - type: integer - variables: - description: Variables can be used to customize the - MachinePool through patches. - properties: - overrides: - description: Overrides can be used to override Cluster - level variables. - items: - description: |- - ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a - Variable definition in the ClusterClass `status` variables. - properties: - definitionFrom: - description: |- - DefinitionFrom specifies where the definition of this Variable is from. DefinitionFrom is `inline` when the - definition is from the ClusterClass `.spec.variables` or the name of a patch defined in the ClusterClass - `.spec.patches` where the patch is external and provides external variables. - This field is mandatory if the variable has `DefinitionsConflict: true` in ClusterClass `status.variables[]` - type: string - name: - description: Name of the variable. - type: string - value: - description: |- - Value of the variable. - Note: the value will be validated against the schema of the corresponding ClusterClassVariable - from the ClusterClass. - Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a - hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools, - i.e. it is not possible to have no type field. - Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 - x-kubernetes-preserve-unknown-fields: true - required: - - name - - value - type: object - type: array - type: object - required: - - class - - name - type: object - type: array - type: object - required: - - class - - version - type: object - type: object - status: - description: ClusterStatus defines the observed state of Cluster. - properties: - conditions: - description: Conditions defines current service state of the cluster. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - controlPlaneReady: - description: ControlPlaneReady defines if the control plane is ready. - type: boolean - failureDomains: - additionalProperties: - description: |- - FailureDomainSpec is the Schema for Cluster API failure domains. - It allows controllers to understand how many failure domains a cluster can optionally span across. - properties: - attributes: - additionalProperties: - type: string - description: Attributes is a free form map of attributes an - infrastructure provider might use or require. - type: object - controlPlane: - description: ControlPlane determines if this failure domain - is suitable for use by control plane machines. - type: boolean - type: object - description: FailureDomains is a slice of failure domain objects synced - from the infrastructure provider. - type: object - failureMessage: - description: |- - FailureMessage indicates that there is a fatal problem reconciling the - state, and will be set to a descriptive error message. - type: string - failureReason: - description: |- - FailureReason indicates that there is a fatal problem reconciling the - state, and will be set to a token value suitable for - programmatic interpretation. - type: string - infrastructureReady: - description: InfrastructureReady is the state of the infrastructure - provider. - type: boolean - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - phase: - description: |- - Phase represents the current phase of cluster actuation. - E.g. Pending, Running, Terminating, Failed etc. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - labels: - cluster.x-k8s.io/provider: cluster-api - name: extensionconfigs.runtime.cluster.x-k8s.io - spec: - group: runtime.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: ExtensionConfig - listKind: ExtensionConfigList - plural: extensionconfigs - shortNames: - - ext - singular: extensionconfig - scope: Cluster - versions: - - additionalPrinterColumns: - - description: Time duration since creation of ExtensionConfig - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: ExtensionConfig is the Schema for the ExtensionConfig API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ExtensionConfigSpec is the desired state of the ExtensionConfig - properties: - clientConfig: - description: ClientConfig defines how to communicate with the Extension - server. - properties: - caBundle: - description: CABundle is a PEM encoded CA bundle which will be - used to validate the Extension server's server certificate. - format: byte - type: string - service: - description: |- - Service is a reference to the Kubernetes service for the Extension server. - Note: Exactly one of `url` or `service` must be specified. - - - If the Extension server is running within a cluster, then you should use `service`. - properties: - name: - description: Name is the name of the service. - type: string - namespace: - description: Namespace is the namespace of the service. - type: string - path: - description: |- - Path is an optional URL path and if present may be any string permissible in - a URL. If a path is set it will be used as prefix to the hook-specific path. - type: string - port: - description: |- - Port is the port on the service that's hosting the Extension server. - Defaults to 443. - Port should be a valid port number (1-65535, inclusive). - format: int32 - type: integer - required: - - name - - namespace - type: object - url: - description: |- - URL gives the location of the Extension server, in standard URL form - (`scheme://host:port/path`). - Note: Exactly one of `url` or `service` must be specified. - - - The scheme must be "https". - - - The `host` should not refer to a service running in the cluster; use - the `service` field instead. - - - A path is optional, and if present may be any string permissible in - a URL. If a path is set it will be used as prefix to the hook-specific path. - - - Attempting to use a user or basic auth e.g. "user:password@" is not - allowed. Fragments ("#...") and query parameters ("?...") are not - allowed either. - type: string - type: object - namespaceSelector: - description: |- - NamespaceSelector decides whether to call the hook for an object based - on whether the namespace for that object matches the selector. - Defaults to the empty LabelSelector, which matches all objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - settings: - additionalProperties: - type: string - description: |- - Settings defines key value pairs to be passed to all calls - to all supported RuntimeExtensions. - Note: Settings can be overridden on the ClusterClass. - type: object - required: - - clientConfig - type: object - status: - description: ExtensionConfigStatus is the current state of the ExtensionConfig - properties: - conditions: - description: Conditions define the current service state of the ExtensionConfig. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - handlers: - description: Handlers defines the current ExtensionHandlers supported - by an Extension. - items: - description: ExtensionHandler specifies the details of a handler - for a particular runtime hook registered by an Extension server. - properties: - failurePolicy: - description: |- - FailurePolicy defines how failures in calls to the ExtensionHandler should be handled by a client. - Defaults to Fail if not set. - type: string - name: - description: Name is the unique name of the ExtensionHandler. - type: string - requestHook: - description: RequestHook defines the versioned runtime hook - which this ExtensionHandler serves. - properties: - apiVersion: - description: APIVersion is the group and version of the - Hook. - type: string - hook: - description: Hook is the name of the hook. - type: string - required: - - apiVersion - - hook - type: object - timeoutSeconds: - description: |- - TimeoutSeconds defines the timeout duration for client calls to the ExtensionHandler. - Defaults to 10 is not set. - format: int32 - type: integer - required: - - name - - requestHook - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - type: object - served: true - storage: true - subresources: - status: {} - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - labels: - cluster.x-k8s.io/provider: cluster-api - name: ipaddressclaims.ipam.cluster.x-k8s.io - spec: - group: ipam.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: IPAddressClaim - listKind: IPAddressClaimList - plural: ipaddressclaims - singular: ipaddressclaim - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Name of the pool to allocate an address from - jsonPath: .spec.poolRef.name - name: Pool Name - type: string - - description: Kind of the pool to allocate an address from - jsonPath: .spec.poolRef.kind - name: Pool Kind - type: string - - description: Time duration since creation of IPAdressClaim - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: IPAddressClaim is the Schema for the ipaddressclaim API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IPAddressClaimSpec is the desired state of an IPAddressClaim. - properties: - poolRef: - description: PoolRef is a reference to the pool from which an IP address - should be created. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - required: - - poolRef - type: object - status: - description: IPAddressClaimStatus is the observed status of a IPAddressClaim. - properties: - addressRef: - description: AddressRef is a reference to the address that was created - for this claim. - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - conditions: - description: Conditions summarises the current state of the IPAddressClaim - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Name of the pool to allocate an address from - jsonPath: .spec.poolRef.name - name: Pool Name - type: string - - description: Kind of the pool to allocate an address from - jsonPath: .spec.poolRef.kind - name: Pool Kind - type: string - - description: Time duration since creation of IPAdressClaim - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: IPAddressClaim is the Schema for the ipaddressclaim API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IPAddressClaimSpec is the desired state of an IPAddressClaim. - properties: - poolRef: - description: PoolRef is a reference to the pool from which an IP address - should be created. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - required: - - poolRef - type: object - status: - description: IPAddressClaimStatus is the observed status of a IPAddressClaim. - properties: - addressRef: - description: AddressRef is a reference to the address that was created - for this claim. - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - conditions: - description: Conditions summarises the current state of the IPAddressClaim - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - labels: - cluster.x-k8s.io/provider: cluster-api - name: ipaddresses.ipam.cluster.x-k8s.io - spec: - group: ipam.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: IPAddress - listKind: IPAddressList - plural: ipaddresses - singular: ipaddress - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Address - jsonPath: .spec.address - name: Address - type: string - - description: Name of the pool the address is from - jsonPath: .spec.poolRef.name - name: Pool Name - type: string - - description: Kind of the pool the address is from - jsonPath: .spec.poolRef.kind - name: Pool Kind - type: string - - description: Time duration since creation of IPAdress - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: IPAddress is the Schema for the ipaddress API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IPAddressSpec is the desired state of an IPAddress. - properties: - address: - description: Address is the IP address. - type: string - claimRef: - description: ClaimRef is a reference to the claim this IPAddress was - created for. - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - gateway: - description: Gateway is the network gateway of the network the address - is from. - type: string - poolRef: - description: PoolRef is a reference to the pool that this IPAddress - was created from. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - prefix: - description: Prefix is the prefix of the address. - type: integer - required: - - address - - claimRef - - poolRef - - prefix - type: object - type: object - served: true - storage: false - subresources: {} - - additionalPrinterColumns: - - description: Address - jsonPath: .spec.address - name: Address - type: string - - description: Name of the pool the address is from - jsonPath: .spec.poolRef.name - name: Pool Name - type: string - - description: Kind of the pool the address is from - jsonPath: .spec.poolRef.kind - name: Pool Kind - type: string - - description: Time duration since creation of IPAdress - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: IPAddress is the Schema for the ipaddress API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IPAddressSpec is the desired state of an IPAddress. - properties: - address: - description: Address is the IP address. - type: string - claimRef: - description: ClaimRef is a reference to the claim this IPAddress was - created for. - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - gateway: - description: Gateway is the network gateway of the network the address - is from. - type: string - poolRef: - description: PoolRef is a reference to the pool that this IPAddress - was created from. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - prefix: - description: Prefix is the prefix of the address. - type: integer - required: - - address - - claimRef - - poolRef - - prefix - type: object - type: object - served: true - storage: true - subresources: {} - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.14.0 - labels: - cluster.x-k8s.io/provider: cluster-api - name: machinedeployments.cluster.x-k8s.io - spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: cluster.x-k8s.io - names: - categories: - - cluster-api - kind: MachineDeployment - listKind: MachineDeploymentList - plural: machinedeployments - shortNames: - - md - singular: machinedeployment - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown - jsonPath: .status.phase - name: Phase - type: string - - description: Total number of non-terminated machines targeted by this MachineDeployment - jsonPath: .status.replicas - name: Replicas - type: integer - - description: Total number of ready machines targeted by this MachineDeployment - jsonPath: .status.readyReplicas - name: Ready - type: integer - - description: Total number of non-terminated machines targeted by this deployment - that have the desired template spec - jsonPath: .status.updatedReplicas - name: Updated - type: integer - - description: Total number of unavailable machines targeted by this MachineDeployment - jsonPath: .status.unavailableReplicas - name: Unavailable - type: integer - deprecated: true - name: v1alpha3 - schema: - openAPIV3Schema: - description: |- - MachineDeployment is the Schema for the machinedeployments API. - - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MachineDeploymentSpec defines the desired state of MachineDeployment. - properties: - clusterName: - description: ClusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - minReadySeconds: - description: |- - Minimum number of seconds for which a newly created machine should - be ready. - Defaults to 0 (machine will be considered available as soon as it - is ready) - format: int32 - type: integer - paused: - description: Indicates that the deployment is paused. - type: boolean - progressDeadlineSeconds: - description: |- - The maximum time in seconds for a deployment to make progress before it - is considered to be failed. The deployment controller will continue to - process failed deployments and a condition with a ProgressDeadlineExceeded - reason will be surfaced in the deployment status. Note that progress will - not be estimated during the time a deployment is paused. Defaults to 600s. - format: int32 - type: integer - replicas: - description: |- - Number of desired machines. Defaults to 1. - This is a pointer to distinguish between explicit zero and not specified. - format: int32 - type: integer - revisionHistoryLimit: - description: |- - The number of old MachineSets to retain to allow rollback. - This is a pointer to distinguish between explicit zero and not specified. - Defaults to 1. - format: int32 - type: integer - selector: - description: |- - Label selector for machines. Existing MachineSets whose machines are - selected by this will be the ones affected by this deployment. - It must match the machine template's labels. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - strategy: - description: |- - The deployment strategy to use to replace existing machines with - new ones. - properties: - rollingUpdate: - description: |- - Rolling update config params. Present only if - MachineDeploymentStrategyType = RollingUpdate. - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of machines that can be scheduled above the - desired number of machines. - Value can be an absolute number (ex: 5) or a percentage of - desired machines (ex: 10%). - This can not be 0 if MaxUnavailable is 0. - Absolute number is calculated from percentage by rounding up. - Defaults to 1. - Example: when this is set to 30%, the new MachineSet can be scaled - up immediately when the rolling update starts, such that the total - number of old and new machines do not exceed 130% of desired - machines. Once old machines have been killed, new MachineSet can - be scaled up further, ensuring that total number of machines running - at any time during the update is at most 130% of desired machines. - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of machines that can be unavailable during the update. - Value can be an absolute number (ex: 5) or a percentage of desired - machines (ex: 10%). - Absolute number is calculated from percentage by rounding down. - This can not be 0 if MaxSurge is 0. - Defaults to 0. - Example: when this is set to 30%, the old MachineSet can be scaled - down to 70% of desired machines immediately when the rolling update - starts. Once new machines are ready, old MachineSet can be scaled - down further, followed by scaling up the new MachineSet, ensuring - that the total number of machines available at all times - during the update is at least 70% of desired machines. - x-kubernetes-int-or-string: true - type: object - type: - description: |- - Type of deployment. Currently the only supported strategy is - "RollingUpdate". - Default is RollingUpdate. - type: string - type: object - template: - description: Template describes the machines that will be created. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - generateName: - description: |- - GenerateName is an optional prefix, used by the server, to generate a unique - name ONLY IF the Name field has not been provided. - If this field is used, the name returned to the client will be different - than the name passed. This value will also be combined with a unique suffix. - The provided value has the same validation rules as the Name field, - and may be truncated by the length of the suffix required to make the value - unique on the server. - - - If this field is specified and the generated name exists, the server will - NOT return a 409 - instead, it will either return 201 Created or 500 with Reason - ServerTimeout indicating a unique name could not be found in the time allotted, and the client - should retry (optionally after the time indicated in the Retry-After header). - - - Applied only if Name is not specified. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency - - - Deprecated: This field has no function and is going to be removed in a next release. - type: string - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - name: - description: |- - Name must be unique within a namespace. Is required when creating resources, although - some resources may allow a client to request the generation of an appropriate name - automatically. Name is primarily intended for creation idempotence and configuration - definition. - Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names - - - Deprecated: This field has no function and is going to be removed in a next release. - type: string - namespace: - description: |- - Namespace defines the space within each name must be unique. An empty namespace is - equivalent to the "default" namespace, but "default" is the canonical representation. - Not all objects are required to be scoped to a namespace - the value of this field for - those objects will be empty. - - - Must be a DNS_LABEL. - Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces - - - Deprecated: This field has no function and is going to be removed in a next release. - type: string - ownerReferences: - description: |- - List of objects depended by this object. If ALL objects in the list have - been deleted, this object will be garbage collected. If this object is managed by a controller, - then an entry in this list will point to this controller, with the controller field set to true. - There cannot be more than one managing controller. - - - Deprecated: This field has no function and is going to be removed in a next release. - items: - description: |- - OwnerReference contains enough information to let you identify an owning - object. An owning object must be in the same namespace as the dependent, or - be cluster-scoped, so there is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: |- - If true, AND if the owner has the "foregroundDeletion" finalizer, then - the owner cannot be deleted from the key-value store until this - reference is removed. - See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts with this field and enforces the foreground deletion. - Defaults to false. - To set this field, a user needs "delete" permission of the owner, - otherwise 422 (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the managing - controller. - type: boolean - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids - type: string - required: - - apiVersion - - kind - - name - - uid - type: object - x-kubernetes-map-type: atomic - type: array - type: object - spec: - description: |- - Specification of the desired behavior of the machine. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - properties: - bootstrap: - description: |- - Bootstrap is a reference to a local struct which encapsulates - fields to configure the Machine’s bootstrapping mechanism. - properties: - configRef: - description: |- - ConfigRef is a reference to a bootstrap provider-specific resource - that holds configuration details. The reference is optional to - allow users/operators to specify Bootstrap.Data without - the need of a controller. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - data: - description: |- - Data contains the bootstrap data, such as cloud-init details scripts. - If nil, the Machine should remain in the Pending state. - - - Deprecated: Switch to DataSecretName. - type: string - dataSecretName: - description: |- - DataSecretName is the name of the secret that stores the bootstrap data script. - If nil, the Machine should remain in the Pending state. - type: string - type: object - clusterName: - description: ClusterName is the name of the Cluster this object - belongs to. - minLength: 1 - type: string - failureDomain: - description: |- - FailureDomain is the failure domain the machine will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - type: string - infrastructureRef: - description: |- - InfrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - providerID: - description: |- - ProviderID is the identification ID of the machine provided by the provider. - This field must match the provider ID as seen on the node object corresponding to this machine. - This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler - with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out - machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a - generic out-of-tree provider for autoscaler, this field is required by autoscaler to be - able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered machines and are marked for delete. - This field will be set by the actuators and consumed by higher level entities like autoscaler that will - be interfacing with cluster-api as generic provider. - type: string - version: - description: |- - Version defines the desired Kubernetes version. - This field is meant to be optionally used by bootstrap providers. - type: string - required: - - bootstrap - - clusterName - - infrastructureRef - type: object - type: object - required: - - clusterName - - selector - - template - type: object - status: - description: MachineDeploymentStatus defines the observed state of MachineDeployment. - properties: - availableReplicas: - description: |- - Total number of available machines (ready for at least minReadySeconds) - targeted by this deployment. - format: int32 - type: integer - observedGeneration: - description: The generation observed by the deployment controller. - format: int64 - type: integer - phase: - description: Phase represents the current phase of a MachineDeployment - (ScalingUp, ScalingDown, Running, Failed, or Unknown). - type: string - readyReplicas: - description: Total number of ready machines targeted by this deployment. - format: int32 - type: integer - replicas: - description: |- - Total number of non-terminated machines targeted by this deployment - (their labels match the selector). - format: int32 - type: integer - selector: - description: |- - Selector is the same as the label selector but in the string format to avoid introspection - by clients. The string will be in the same format as the query-param syntax. - More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors - type: string - unavailableReplicas: - description: |- - Total number of unavailable machines targeted by this deployment. - This is the total number of machines that are still required for - the deployment to have 100% available capacity. They may either - be machines that are running but not yet available or machines - that still have not been created. - format: int32 - type: integer - updatedReplicas: - description: |- - Total number of non-terminated machines targeted by this deployment - that have the desired template spec. - format: int32 - type: integer - type: object - type: object - served: false - storage: false - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - - additionalPrinterColumns: - - description: Cluster - jsonPath: .spec.clusterName - name: Cluster - type: string - - description: Time duration since creation of MachineDeployment - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown - jsonPath: .status.phase - name: Phase - type: string - - description: Total number of non-terminated machines targeted by this MachineDeployment - jsonPath: .status.replicas - name: Replicas - type: integer - - description: Total number of ready machines targeted by this MachineDeployment - jsonPath: .status.readyReplicas - name: Ready - type: integer - - description: Total number of non-terminated machines targeted by this deployment - that have the desired template spec - jsonPath: .status.updatedReplicas - name: Updated - type: integer - - description: Total number of unavailable machines targeted by this MachineDeployment - jsonPath: .status.unavailableReplicas - name: Unavailable - type: integer - deprecated: true - name: v1alpha4 - schema: - openAPIV3Schema: - description: |- - MachineDeployment is the Schema for the machinedeployments API. - - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MachineDeploymentSpec defines the desired state of MachineDeployment. - properties: - clusterName: - description: ClusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - minReadySeconds: - description: |- - Minimum number of seconds for which a newly created machine should - be ready. - Defaults to 0 (machine will be considered available as soon as it - is ready) - format: int32 - type: integer - paused: - description: Indicates that the deployment is paused. - type: boolean - progressDeadlineSeconds: - description: |- - The maximum time in seconds for a deployment to make progress before it - is considered to be failed. The deployment controller will continue to - process failed deployments and a condition with a ProgressDeadlineExceeded - reason will be surfaced in the deployment status. Note that progress will - not be estimated during the time a deployment is paused. Defaults to 600s. - format: int32 - type: integer - replicas: - default: 1 - description: |- - Number of desired machines. Defaults to 1. - This is a pointer to distinguish between explicit zero and not specified. - format: int32 - type: integer - revisionHistoryLimit: - description: |- - The number of old MachineSets to retain to allow rollback. - This is a pointer to distinguish between explicit zero and not specified. - Defaults to 1. - format: int32 - type: integer - selector: - description: |- - Label selector for machines. Existing MachineSets whose machines are - selected by this will be the ones affected by this deployment. - It must match the machine template's labels. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - strategy: - description: |- - The deployment strategy to use to replace existing machines with - new ones. - properties: - rollingUpdate: - description: |- - Rolling update config params. Present only if - MachineDeploymentStrategyType = RollingUpdate. - properties: - deletePolicy: - description: |- - DeletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling. - Valid values are "Random, "Newest", "Oldest" - When no value is supplied, the default DeletePolicy of MachineSet is used - enum: - - Random - - Newest - - Oldest - type: string - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of machines that can be scheduled above the - desired number of machines. - Value can be an absolute number (ex: 5) or a percentage of - desired machines (ex: 10%). - This can not be 0 if MaxUnavailable is 0. - Absolute number is calculated from percentage by rounding up. - Defaults to 1. - Example: when this is set to 30%, the new MachineSet can be scaled - up immediately when the rolling update starts, such that the total - number of old and new machines do not exceed 130% of desired - machines. Once old machines have been killed, new MachineSet can - be scaled up further, ensuring that total number of machines running - at any time during the update is at most 130% of desired machines. - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of machines that can be unavailable during the update. - Value can be an absolute number (ex: 5) or a percentage of desired - machines (ex: 10%). - Absolute number is calculated from percentage by rounding down. - This can not be 0 if MaxSurge is 0. - Defaults to 0. - Example: when this is set to 30%, the old MachineSet can be scaled - down to 70% of desired machines immediately when the rolling update - starts. Once new machines are ready, old MachineSet can be scaled - down further, followed by scaling up the new MachineSet, ensuring - that the total number of machines available at all times - during the update is at least 70% of desired machines. - x-kubernetes-int-or-string: true - type: object - type: - description: |- - Type of deployment. - Default is RollingUpdate. - enum: - - RollingUpdate - - OnDelete - type: string - type: object - template: - description: Template describes the machines that will be created. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - spec: - description: |- - Specification of the desired behavior of the machine. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - properties: - bootstrap: - description: |- - Bootstrap is a reference to a local struct which encapsulates - fields to configure the Machine’s bootstrapping mechanism. - properties: - configRef: - description: |- - ConfigRef is a reference to a bootstrap provider-specific resource - that holds configuration details. The reference is optional to - allow users/operators to specify Bootstrap.DataSecretName without - the need of a controller. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - dataSecretName: - description: |- - DataSecretName is the name of the secret that stores the bootstrap data script. - If nil, the Machine should remain in the Pending state. - type: string - type: object - clusterName: - description: ClusterName is the name of the Cluster this object - belongs to. - minLength: 1 - type: string - failureDomain: - description: |- - FailureDomain is the failure domain the machine will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - type: string - infrastructureRef: - description: |- - InfrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - providerID: - description: |- - ProviderID is the identification ID of the machine provided by the provider. - This field must match the provider ID as seen on the node object corresponding to this machine. - This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler - with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out - machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a - generic out-of-tree provider for autoscaler, this field is required by autoscaler to be - able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered machines and are marked for delete. - This field will be set by the actuators and consumed by higher level entities like autoscaler that will - be interfacing with cluster-api as generic provider. - type: string - version: - description: |- - Version defines the desired Kubernetes version. - This field is meant to be optionally used by bootstrap providers. - type: string - required: - - bootstrap - - clusterName - - infrastructureRef - type: object - type: object - required: - - clusterName - - selector - - template - type: object - status: - description: MachineDeploymentStatus defines the observed state of MachineDeployment. - properties: - availableReplicas: - description: |- - Total number of available machines (ready for at least minReadySeconds) - targeted by this deployment. - format: int32 - type: integer - conditions: - description: Conditions defines current service state of the MachineDeployment. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - description: The generation observed by the deployment controller. - format: int64 - type: integer - phase: - description: Phase represents the current phase of a MachineDeployment - (ScalingUp, ScalingDown, Running, Failed, or Unknown). - type: string - readyReplicas: - description: Total number of ready machines targeted by this deployment. - format: int32 - type: integer - replicas: - description: |- - Total number of non-terminated machines targeted by this deployment - (their labels match the selector). - format: int32 - type: integer - selector: - description: |- - Selector is the same as the label selector but in the string format to avoid introspection - by clients. The string will be in the same format as the query-param syntax. - More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors - type: string - unavailableReplicas: - description: |- - Total number of unavailable machines targeted by this deployment. - This is the total number of machines that are still required for - the deployment to have 100% available capacity. They may either - be machines that are running but not yet available or machines - that still have not been created. - format: int32 - type: integer - updatedReplicas: - description: |- - Total number of non-terminated machines targeted by this deployment - that have the desired template spec. - format: int32 - type: integer - type: object - type: object - served: false - storage: false - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - - additionalPrinterColumns: - - description: Cluster - jsonPath: .spec.clusterName - name: Cluster - type: string - - description: Total number of machines desired by this MachineDeployment - jsonPath: .spec.replicas - name: Desired - priority: 10 - type: integer - - description: Total number of non-terminated machines targeted by this MachineDeployment - jsonPath: .status.replicas - name: Replicas - type: integer - - description: Total number of ready machines targeted by this MachineDeployment - jsonPath: .status.readyReplicas - name: Ready - type: integer - - description: Total number of non-terminated machines targeted by this deployment - that have the desired template spec - jsonPath: .status.updatedReplicas - name: Updated - type: integer - - description: Total number of unavailable machines targeted by this MachineDeployment - jsonPath: .status.unavailableReplicas - name: Unavailable - type: integer - - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown - jsonPath: .status.phase - name: Phase - type: string - - description: Time duration since creation of MachineDeployment - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Kubernetes version associated with this MachineDeployment - jsonPath: .spec.template.spec.version - name: Version - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: MachineDeployment is the Schema for the machinedeployments API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MachineDeploymentSpec defines the desired state of MachineDeployment. - properties: - clusterName: - description: ClusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - minReadySeconds: - description: |- - MinReadySeconds is the minimum number of seconds for which a Node for a newly created machine should be ready before considering the replica available. - Defaults to 0 (machine will be considered available as soon as the Node is ready) - format: int32 - type: integer - paused: - description: Indicates that the deployment is paused. - type: boolean - progressDeadlineSeconds: - description: |- - The maximum time in seconds for a deployment to make progress before it - is considered to be failed. The deployment controller will continue to - process failed deployments and a condition with a ProgressDeadlineExceeded - reason will be surfaced in the deployment status. Note that progress will - not be estimated during the time a deployment is paused. Defaults to 600s. - format: int32 - type: integer - replicas: - description: |- - Number of desired machines. - This is a pointer to distinguish between explicit zero and not specified. - - - Defaults to: - * if the Kubernetes autoscaler min size and max size annotations are set: - - if it's a new MachineDeployment, use min size - - if the replicas field of the old MachineDeployment is < min size, use min size - - if the replicas field of the old MachineDeployment is > max size, use max size - - if the replicas field of the old MachineDeployment is in the (min size, max size) range, keep the value from the oldMD - * otherwise use 1 - Note: Defaulting will be run whenever the replicas field is not set: - * A new MachineDeployment is created with replicas not set. - * On an existing MachineDeployment the replicas field was first set and is now unset. - Those cases are especially relevant for the following Kubernetes autoscaler use cases: - * A new MachineDeployment is created and replicas should be managed by the autoscaler - * An existing MachineDeployment which initially wasn't controlled by the autoscaler - should be later controlled by the autoscaler - format: int32 - type: integer - revisionHistoryLimit: - description: |- - The number of old MachineSets to retain to allow rollback. - This is a pointer to distinguish between explicit zero and not specified. - Defaults to 1. - format: int32 - type: integer - rolloutAfter: - description: |- - RolloutAfter is a field to indicate a rollout should be performed - after the specified time even if no changes have been made to the - MachineDeployment. - Example: In the YAML the time can be specified in the RFC3339 format. - To specify the rolloutAfter target as March 9, 2023, at 9 am UTC - use "2023-03-09T09:00:00Z". - format: date-time - type: string - selector: - description: |- - Label selector for machines. Existing MachineSets whose machines are - selected by this will be the ones affected by this deployment. - It must match the machine template's labels. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - strategy: - description: |- - The deployment strategy to use to replace existing machines with - new ones. - properties: - remediation: - description: |- - Remediation controls the strategy of remediating unhealthy machines - and how remediating operations should occur during the lifecycle of the dependant MachineSets. - properties: - maxInFlight: - anyOf: - - type: integer - - type: string - description: |- - MaxInFlight determines how many in flight remediations should happen at the same time. - - - Remediation only happens on the MachineSet with the most current revision, while - older MachineSets (usually present during rollout operations) aren't allowed to remediate. - - - Note: In general (independent of remediations), unhealthy machines are always - prioritized during scale down operations over healthy ones. - - - MaxInFlight can be set to a fixed number or a percentage. - Example: when this is set to 20%, the MachineSet controller deletes at most 20% of - the desired replicas. - - - If not set, remediation is limited to all machines (bounded by replicas) - under the active MachineSet's management. - x-kubernetes-int-or-string: true - type: object - rollingUpdate: - description: |- - Rolling update config params. Present only if - MachineDeploymentStrategyType = RollingUpdate. - properties: - deletePolicy: - description: |- - DeletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling. - Valid values are "Random, "Newest", "Oldest" - When no value is supplied, the default DeletePolicy of MachineSet is used - enum: - - Random - - Newest - - Oldest - type: string - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of machines that can be scheduled above the - desired number of machines. - Value can be an absolute number (ex: 5) or a percentage of - desired machines (ex: 10%). - This can not be 0 if MaxUnavailable is 0. - Absolute number is calculated from percentage by rounding up. - Defaults to 1. - Example: when this is set to 30%, the new MachineSet can be scaled - up immediately when the rolling update starts, such that the total - number of old and new machines do not exceed 130% of desired - machines. Once old machines have been killed, new MachineSet can - be scaled up further, ensuring that total number of machines running - at any time during the update is at most 130% of desired machines. - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of machines that can be unavailable during the update. - Value can be an absolute number (ex: 5) or a percentage of desired - machines (ex: 10%). - Absolute number is calculated from percentage by rounding down. - This can not be 0 if MaxSurge is 0. - Defaults to 0. - Example: when this is set to 30%, the old MachineSet can be scaled - down to 70% of desired machines immediately when the rolling update - starts. Once new machines are ready, old MachineSet can be scaled - down further, followed by scaling up the new MachineSet, ensuring - that the total number of machines available at all times - during the update is at least 70% of desired machines. - x-kubernetes-int-or-string: true - type: object - type: - description: |- - Type of deployment. Allowed values are RollingUpdate and OnDelete. - The default is RollingUpdate. - enum: - - RollingUpdate - - OnDelete - type: string - type: object - template: - description: Template describes the machines that will be created. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - spec: - description: |- - Specification of the desired behavior of the machine. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - properties: - bootstrap: - description: |- - Bootstrap is a reference to a local struct which encapsulates - fields to configure the Machine’s bootstrapping mechanism. - properties: - configRef: - description: |- - ConfigRef is a reference to a bootstrap provider-specific resource - that holds configuration details. The reference is optional to - allow users/operators to specify Bootstrap.DataSecretName without - the need of a controller. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - dataSecretName: - description: |- - DataSecretName is the name of the secret that stores the bootstrap data script. - If nil, the Machine should remain in the Pending state. - type: string - type: object - clusterName: - description: ClusterName is the name of the Cluster this object - belongs to. - minLength: 1 - type: string - failureDomain: - description: |- - FailureDomain is the failure domain the machine will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - type: string - infrastructureRef: - description: |- - InfrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - nodeDeletionTimeout: - description: |- - NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine - hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. - Defaults to 10 seconds. - type: string - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - nodeVolumeDetachTimeout: - description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - type: string - providerID: - description: |- - ProviderID is the identification ID of the machine provided by the provider. - This field must match the provider ID as seen on the node object corresponding to this machine. - This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler - with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out - machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a - generic out-of-tree provider for autoscaler, this field is required by autoscaler to be - able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered machines and are marked for delete. - This field will be set by the actuators and consumed by higher level entities like autoscaler that will - be interfacing with cluster-api as generic provider. - type: string - version: - description: |- - Version defines the desired Kubernetes version. - This field is meant to be optionally used by bootstrap providers. - type: string - required: - - bootstrap - - clusterName - - infrastructureRef - type: object - type: object - required: - - clusterName - - selector - - template - type: object - status: - description: MachineDeploymentStatus defines the observed state of MachineDeployment. - properties: - availableReplicas: - description: |- - Total number of available machines (ready for at least minReadySeconds) - targeted by this deployment. - format: int32 - type: integer - conditions: - description: Conditions defines current service state of the MachineDeployment. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - observedGeneration: - description: The generation observed by the deployment controller. - format: int64 - type: integer - phase: - description: Phase represents the current phase of a MachineDeployment - (ScalingUp, ScalingDown, Running, Failed, or Unknown). - type: string - readyReplicas: - description: Total number of ready machines targeted by this deployment. - format: int32 - type: integer - replicas: - description: |- - Total number of non-terminated machines targeted by this deployment - (their labels match the selector). - format: int32 - type: integer - selector: - description: |- - Selector is the same as the label selector but in the string format to avoid introspection - by clients. The string will be in the same format as the query-param syntax. - More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors - type: string - unavailableReplicas: - description: |- - Total number of unavailable machines targeted by this deployment. - This is the total number of machines that are still required for - the deployment to have 100% available capacity. They may either - be machines that are running but not yet available or machines - that still have not been created. - format: int32 - type: integer - updatedReplicas: - description: |- - Total number of non-terminated machines targeted by this deployment - that have the desired template spec. - format: int32 - type: integer - type: object - type: object - served: true - storage: true - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.14.0 - labels: - cluster.x-k8s.io/provider: cluster-api - name: machinehealthchecks.cluster.x-k8s.io - spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: cluster.x-k8s.io - names: - categories: - - cluster-api - kind: MachineHealthCheck - listKind: MachineHealthCheckList - plural: machinehealthchecks - shortNames: - - mhc - - mhcs - singular: machinehealthcheck - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Maximum number of unhealthy machines allowed - jsonPath: .spec.maxUnhealthy - name: MaxUnhealthy - type: string - - description: Number of machines currently monitored - jsonPath: .status.expectedMachines - name: ExpectedMachines - type: integer - - description: Current observed healthy machines - jsonPath: .status.currentHealthy - name: CurrentHealthy - type: integer - deprecated: true - name: v1alpha3 - schema: - openAPIV3Schema: - description: |- - MachineHealthCheck is the Schema for the machinehealthchecks API. - - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Specification of machine health check policy - properties: - clusterName: - description: ClusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - maxUnhealthy: - anyOf: - - type: integer - - type: string - description: |- - Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by - "selector" are not healthy. - x-kubernetes-int-or-string: true - nodeStartupTimeout: - description: |- - Machines older than this duration without a node will be considered to have - failed and will be remediated. - type: string - remediationTemplate: - description: |- - RemediationTemplate is a reference to a remediation template - provided by an infrastructure provider. - - - This field is completely optional, when filled, the MachineHealthCheck controller - creates a new object from the template referenced and hands off remediation of the machine to - a controller that lives outside of Cluster API. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - selector: - description: Label selector to match machines whose health will be - exercised - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - unhealthyConditions: - description: |- - UnhealthyConditions contains a list of the conditions that determine - whether a node is considered unhealthy. The conditions are combined in a - logical OR, i.e. if any of the conditions is met, the node is unhealthy. - items: - description: |- - UnhealthyCondition represents a Node condition type and value with a timeout - specified as a duration. When the named condition has been in the given - status for at least the timeout value, a node is considered unhealthy. - properties: - status: - minLength: 1 - type: string - timeout: - type: string - type: - minLength: 1 - type: string - required: - - status - - timeout - - type - type: object - minItems: 1 - type: array - required: - - clusterName - - selector - - unhealthyConditions - type: object - status: - description: Most recently observed status of MachineHealthCheck resource - properties: - conditions: - description: Conditions defines current service state of the MachineHealthCheck. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - currentHealthy: - description: total number of healthy machines counted by this machine - health check - format: int32 - minimum: 0 - type: integer - expectedMachines: - description: total number of machines counted by this machine health - check - format: int32 - minimum: 0 - type: integer - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - remediationsAllowed: - description: |- - RemediationsAllowed is the number of further remediations allowed by this machine health check before - maxUnhealthy short circuiting will be applied - format: int32 - minimum: 0 - type: integer - targets: - description: Targets shows the current list of machines the machine - health check is watching - items: - type: string - type: array - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Cluster - jsonPath: .spec.clusterName - name: Cluster - type: string - - description: Time duration since creation of MachineHealthCheck - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Maximum number of unhealthy machines allowed - jsonPath: .spec.maxUnhealthy - name: MaxUnhealthy - type: string - - description: Number of machines currently monitored - jsonPath: .status.expectedMachines - name: ExpectedMachines - type: integer - - description: Current observed healthy machines - jsonPath: .status.currentHealthy - name: CurrentHealthy - type: integer - deprecated: true - name: v1alpha4 - schema: - openAPIV3Schema: - description: |- - MachineHealthCheck is the Schema for the machinehealthchecks API. - - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Specification of machine health check policy - properties: - clusterName: - description: ClusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - maxUnhealthy: - anyOf: - - type: integer - - type: string - description: |- - Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by - "selector" are not healthy. - x-kubernetes-int-or-string: true - nodeStartupTimeout: - description: |- - Machines older than this duration without a node will be considered to have - failed and will be remediated. - If not set, this value is defaulted to 10 minutes. - If you wish to disable this feature, set the value explicitly to 0. - type: string - remediationTemplate: - description: |- - RemediationTemplate is a reference to a remediation template - provided by an infrastructure provider. - - - This field is completely optional, when filled, the MachineHealthCheck controller - creates a new object from the template referenced and hands off remediation of the machine to - a controller that lives outside of Cluster API. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - selector: - description: Label selector to match machines whose health will be - exercised - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - unhealthyConditions: - description: |- - UnhealthyConditions contains a list of the conditions that determine - whether a node is considered unhealthy. The conditions are combined in a - logical OR, i.e. if any of the conditions is met, the node is unhealthy. - items: - description: |- - UnhealthyCondition represents a Node condition type and value with a timeout - specified as a duration. When the named condition has been in the given - status for at least the timeout value, a node is considered unhealthy. - properties: - status: - minLength: 1 - type: string - timeout: - type: string - type: - minLength: 1 - type: string - required: - - status - - timeout - - type - type: object - minItems: 1 - type: array - unhealthyRange: - description: |- - Any further remediation is only allowed if the number of machines selected by "selector" as not healthy - is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy. - Eg. "[3-5]" - This means that remediation will be allowed only when: - (a) there are at least 3 unhealthy machines (and) - (b) there are at most 5 unhealthy machines - pattern: ^\[[0-9]+-[0-9]+\]$ - type: string - required: - - clusterName - - selector - - unhealthyConditions - type: object - status: - description: Most recently observed status of MachineHealthCheck resource - properties: - conditions: - description: Conditions defines current service state of the MachineHealthCheck. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - currentHealthy: - description: total number of healthy machines counted by this machine - health check - format: int32 - minimum: 0 - type: integer - expectedMachines: - description: total number of machines counted by this machine health - check - format: int32 - minimum: 0 - type: integer - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - remediationsAllowed: - description: |- - RemediationsAllowed is the number of further remediations allowed by this machine health check before - maxUnhealthy short circuiting will be applied - format: int32 - minimum: 0 - type: integer - targets: - description: Targets shows the current list of machines the machine - health check is watching - items: - type: string - type: array - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Cluster - jsonPath: .spec.clusterName - name: Cluster - type: string - - description: Number of machines currently monitored - jsonPath: .status.expectedMachines - name: ExpectedMachines - type: integer - - description: Maximum number of unhealthy machines allowed - jsonPath: .spec.maxUnhealthy - name: MaxUnhealthy - type: string - - description: Current observed healthy machines - jsonPath: .status.currentHealthy - name: CurrentHealthy - type: integer - - description: Time duration since creation of MachineHealthCheck - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: MachineHealthCheck is the Schema for the machinehealthchecks - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Specification of machine health check policy - properties: - clusterName: - description: ClusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - maxUnhealthy: - anyOf: - - type: integer - - type: string - description: |- - Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by - "selector" are not healthy. - x-kubernetes-int-or-string: true - nodeStartupTimeout: - description: |- - NodeStartupTimeout allows to set the maximum time for MachineHealthCheck - to consider a Machine unhealthy if a corresponding Node isn't associated - through a `Spec.ProviderID` field. - - - The duration set in this field is compared to the greatest of: - - Cluster's infrastructure ready condition timestamp (if and when available) - - Control Plane's initialized condition timestamp (if and when available) - - Machine's infrastructure ready condition timestamp (if and when available) - - Machine's metadata creation timestamp - - - Defaults to 10 minutes. - If you wish to disable this feature, set the value explicitly to 0. - type: string - remediationTemplate: - description: |- - RemediationTemplate is a reference to a remediation template - provided by an infrastructure provider. - - - This field is completely optional, when filled, the MachineHealthCheck controller - creates a new object from the template referenced and hands off remediation of the machine to - a controller that lives outside of Cluster API. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - selector: - description: Label selector to match machines whose health will be - exercised - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - unhealthyConditions: - description: |- - UnhealthyConditions contains a list of the conditions that determine - whether a node is considered unhealthy. The conditions are combined in a - logical OR, i.e. if any of the conditions is met, the node is unhealthy. - items: - description: |- - UnhealthyCondition represents a Node condition type and value with a timeout - specified as a duration. When the named condition has been in the given - status for at least the timeout value, a node is considered unhealthy. - properties: - status: - minLength: 1 - type: string - timeout: - type: string - type: - minLength: 1 - type: string - required: - - status - - timeout - - type - type: object - minItems: 1 - type: array - unhealthyRange: - description: |- - Any further remediation is only allowed if the number of machines selected by "selector" as not healthy - is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy. - Eg. "[3-5]" - This means that remediation will be allowed only when: - (a) there are at least 3 unhealthy machines (and) - (b) there are at most 5 unhealthy machines - pattern: ^\[[0-9]+-[0-9]+\]$ - type: string - required: - - clusterName - - selector - - unhealthyConditions - type: object - status: - description: Most recently observed status of MachineHealthCheck resource - properties: - conditions: - description: Conditions defines current service state of the MachineHealthCheck. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - currentHealthy: - description: total number of healthy machines counted by this machine - health check - format: int32 - minimum: 0 - type: integer - expectedMachines: - description: total number of machines counted by this machine health - check - format: int32 - minimum: 0 - type: integer - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - remediationsAllowed: - description: |- - RemediationsAllowed is the number of further remediations allowed by this machine health check before - maxUnhealthy short circuiting will be applied - format: int32 - minimum: 0 - type: integer - targets: - description: Targets shows the current list of machines the machine - health check is watching - items: - type: string - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.14.0 - labels: - cluster.x-k8s.io/provider: cluster-api - name: machinepools.cluster.x-k8s.io - spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: cluster.x-k8s.io - names: - categories: - - cluster-api - kind: MachinePool - listKind: MachinePoolList - plural: machinepools - shortNames: - - mp - singular: machinepool - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: MachinePool replicas count - jsonPath: .status.replicas - name: Replicas - type: string - - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed - etc - jsonPath: .status.phase - name: Phase - type: string - - description: Kubernetes version associated with this MachinePool - jsonPath: .spec.template.spec.version - name: Version - type: string - deprecated: true - name: v1alpha3 - schema: - openAPIV3Schema: - description: |- - MachinePool is the Schema for the machinepools API. - - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MachinePoolSpec defines the desired state of MachinePool. - properties: - clusterName: - description: ClusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - failureDomains: - description: FailureDomains is the list of failure domains this MachinePool - should be attached to. - items: - type: string - type: array - minReadySeconds: - description: |- - Minimum number of seconds for which a newly created machine instances should - be ready. - Defaults to 0 (machine instance will be considered available as soon as it - is ready) - format: int32 - type: integer - providerIDList: - description: |- - ProviderIDList are the identification IDs of machine instances provided by the provider. - This field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances. - items: - type: string - type: array - replicas: - description: |- - Number of desired machines. Defaults to 1. - This is a pointer to distinguish between explicit zero and not specified. - format: int32 - type: integer - strategy: - description: |- - The deployment strategy to use to replace existing machine instances with - new ones. - properties: - rollingUpdate: - description: |- - Rolling update config params. Present only if - MachineDeploymentStrategyType = RollingUpdate. - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of machines that can be scheduled above the - desired number of machines. - Value can be an absolute number (ex: 5) or a percentage of - desired machines (ex: 10%). - This can not be 0 if MaxUnavailable is 0. - Absolute number is calculated from percentage by rounding up. - Defaults to 1. - Example: when this is set to 30%, the new MachineSet can be scaled - up immediately when the rolling update starts, such that the total - number of old and new machines do not exceed 130% of desired - machines. Once old machines have been killed, new MachineSet can - be scaled up further, ensuring that total number of machines running - at any time during the update is at most 130% of desired machines. - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of machines that can be unavailable during the update. - Value can be an absolute number (ex: 5) or a percentage of desired - machines (ex: 10%). - Absolute number is calculated from percentage by rounding down. - This can not be 0 if MaxSurge is 0. - Defaults to 0. - Example: when this is set to 30%, the old MachineSet can be scaled - down to 70% of desired machines immediately when the rolling update - starts. Once new machines are ready, old MachineSet can be scaled - down further, followed by scaling up the new MachineSet, ensuring - that the total number of machines available at all times - during the update is at least 70% of desired machines. - x-kubernetes-int-or-string: true - type: object - type: - description: |- - Type of deployment. Currently the only supported strategy is - "RollingUpdate". - Default is RollingUpdate. - type: string - type: object - template: - description: Template describes the machines that will be created. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - generateName: - description: |- - GenerateName is an optional prefix, used by the server, to generate a unique - name ONLY IF the Name field has not been provided. - If this field is used, the name returned to the client will be different - than the name passed. This value will also be combined with a unique suffix. - The provided value has the same validation rules as the Name field, - and may be truncated by the length of the suffix required to make the value - unique on the server. - - - If this field is specified and the generated name exists, the server will - NOT return a 409 - instead, it will either return 201 Created or 500 with Reason - ServerTimeout indicating a unique name could not be found in the time allotted, and the client - should retry (optionally after the time indicated in the Retry-After header). - - - Applied only if Name is not specified. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency - - - Deprecated: This field has no function and is going to be removed in a next release. - type: string - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - name: - description: |- - Name must be unique within a namespace. Is required when creating resources, although - some resources may allow a client to request the generation of an appropriate name - automatically. Name is primarily intended for creation idempotence and configuration - definition. - Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names - - - Deprecated: This field has no function and is going to be removed in a next release. - type: string - namespace: - description: |- - Namespace defines the space within each name must be unique. An empty namespace is - equivalent to the "default" namespace, but "default" is the canonical representation. - Not all objects are required to be scoped to a namespace - the value of this field for - those objects will be empty. - - - Must be a DNS_LABEL. - Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces - - - Deprecated: This field has no function and is going to be removed in a next release. - type: string - ownerReferences: - description: |- - List of objects depended by this object. If ALL objects in the list have - been deleted, this object will be garbage collected. If this object is managed by a controller, - then an entry in this list will point to this controller, with the controller field set to true. - There cannot be more than one managing controller. - - - Deprecated: This field has no function and is going to be removed in a next release. - items: - description: |- - OwnerReference contains enough information to let you identify an owning - object. An owning object must be in the same namespace as the dependent, or - be cluster-scoped, so there is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: |- - If true, AND if the owner has the "foregroundDeletion" finalizer, then - the owner cannot be deleted from the key-value store until this - reference is removed. - See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts with this field and enforces the foreground deletion. - Defaults to false. - To set this field, a user needs "delete" permission of the owner, - otherwise 422 (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the managing - controller. - type: boolean - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids - type: string - required: - - apiVersion - - kind - - name - - uid - type: object - x-kubernetes-map-type: atomic - type: array - type: object - spec: - description: |- - Specification of the desired behavior of the machine. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - properties: - bootstrap: - description: |- - Bootstrap is a reference to a local struct which encapsulates - fields to configure the Machine’s bootstrapping mechanism. - properties: - configRef: - description: |- - ConfigRef is a reference to a bootstrap provider-specific resource - that holds configuration details. The reference is optional to - allow users/operators to specify Bootstrap.Data without - the need of a controller. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - data: - description: |- - Data contains the bootstrap data, such as cloud-init details scripts. - If nil, the Machine should remain in the Pending state. - - - Deprecated: Switch to DataSecretName. - type: string - dataSecretName: - description: |- - DataSecretName is the name of the secret that stores the bootstrap data script. - If nil, the Machine should remain in the Pending state. - type: string - type: object - clusterName: - description: ClusterName is the name of the Cluster this object - belongs to. - minLength: 1 - type: string - failureDomain: - description: |- - FailureDomain is the failure domain the machine will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - type: string - infrastructureRef: - description: |- - InfrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - providerID: - description: |- - ProviderID is the identification ID of the machine provided by the provider. - This field must match the provider ID as seen on the node object corresponding to this machine. - This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler - with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out - machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a - generic out-of-tree provider for autoscaler, this field is required by autoscaler to be - able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered machines and are marked for delete. - This field will be set by the actuators and consumed by higher level entities like autoscaler that will - be interfacing with cluster-api as generic provider. - type: string - version: - description: |- - Version defines the desired Kubernetes version. - This field is meant to be optionally used by bootstrap providers. - type: string - required: - - bootstrap - - clusterName - - infrastructureRef - type: object - type: object - required: - - clusterName - - template - type: object - status: - description: MachinePoolStatus defines the observed state of MachinePool. - properties: - availableReplicas: - description: The number of available replicas (ready for at least - minReadySeconds) for this MachinePool. - format: int32 - type: integer - bootstrapReady: - description: BootstrapReady is the state of the bootstrap provider. - type: boolean - conditions: - description: Conditions define the current service state of the MachinePool. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - failureMessage: - description: |- - FailureMessage indicates that there is a problem reconciling the state, - and will be set to a descriptive error message. - type: string - failureReason: - description: |- - FailureReason indicates that there is a problem reconciling the state, and - will be set to a token value suitable for programmatic interpretation. - type: string - infrastructureReady: - description: InfrastructureReady is the state of the infrastructure - provider. - type: boolean - nodeRefs: - description: NodeRefs will point to the corresponding Nodes if it - they exist. - items: - description: |- - ObjectReference contains enough information to let you inspect or modify the referred object. - --- - New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. - 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. - 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular - restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". - Those cannot be well described when embedded. - 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. - 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity - during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple - and the version of the actual struct is irrelevant. - 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type - will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. - - - Instead of using this type, create a locally provided and used type that is well-focused on your reference. - For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - type: array - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - phase: - description: |- - Phase represents the current phase of cluster actuation. - E.g. Pending, Running, Terminating, Failed etc. - type: string - readyReplicas: - description: The number of ready replicas for this MachinePool. A - machine is considered ready when the node has been created and is - "Ready". - format: int32 - type: integer - replicas: - description: Replicas is the most recently observed number of replicas. - format: int32 - type: integer - unavailableReplicas: - description: |- - Total number of unavailable machine instances targeted by this machine pool. - This is the total number of machine instances that are still required for - the machine pool to have 100% available capacity. They may either - be machine instances that are running but not yet available or machine instances - that still have not been created. - format: int32 - type: integer - type: object - type: object - served: false - storage: false - subresources: - scale: - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - - additionalPrinterColumns: - - description: Time duration since creation of MachinePool - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: MachinePool replicas count - jsonPath: .status.replicas - name: Replicas - type: string - - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed - etc - jsonPath: .status.phase - name: Phase - type: string - - description: Kubernetes version associated with this MachinePool - jsonPath: .spec.template.spec.version - name: Version - type: string - deprecated: true - name: v1alpha4 - schema: - openAPIV3Schema: - description: |- - MachinePool is the Schema for the machinepools API. - - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MachinePoolSpec defines the desired state of MachinePool. - properties: - clusterName: - description: ClusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - failureDomains: - description: FailureDomains is the list of failure domains this MachinePool - should be attached to. - items: - type: string - type: array - minReadySeconds: - description: |- - Minimum number of seconds for which a newly created machine instances should - be ready. - Defaults to 0 (machine instance will be considered available as soon as it - is ready) - format: int32 - type: integer - providerIDList: - description: |- - ProviderIDList are the identification IDs of machine instances provided by the provider. - This field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances. - items: - type: string - type: array - replicas: - description: |- - Number of desired machines. Defaults to 1. - This is a pointer to distinguish between explicit zero and not specified. - format: int32 - type: integer - template: - description: Template describes the machines that will be created. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - spec: - description: |- - Specification of the desired behavior of the machine. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - properties: - bootstrap: - description: |- - Bootstrap is a reference to a local struct which encapsulates - fields to configure the Machine’s bootstrapping mechanism. - properties: - configRef: - description: |- - ConfigRef is a reference to a bootstrap provider-specific resource - that holds configuration details. The reference is optional to - allow users/operators to specify Bootstrap.DataSecretName without - the need of a controller. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - dataSecretName: - description: |- - DataSecretName is the name of the secret that stores the bootstrap data script. - If nil, the Machine should remain in the Pending state. - type: string - type: object - clusterName: - description: ClusterName is the name of the Cluster this object - belongs to. - minLength: 1 - type: string - failureDomain: - description: |- - FailureDomain is the failure domain the machine will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - type: string - infrastructureRef: - description: |- - InfrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - providerID: - description: |- - ProviderID is the identification ID of the machine provided by the provider. - This field must match the provider ID as seen on the node object corresponding to this machine. - This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler - with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out - machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a - generic out-of-tree provider for autoscaler, this field is required by autoscaler to be - able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered machines and are marked for delete. - This field will be set by the actuators and consumed by higher level entities like autoscaler that will - be interfacing with cluster-api as generic provider. - type: string - version: - description: |- - Version defines the desired Kubernetes version. - This field is meant to be optionally used by bootstrap providers. - type: string - required: - - bootstrap - - clusterName - - infrastructureRef - type: object - type: object - required: - - clusterName - - template - type: object - status: - description: MachinePoolStatus defines the observed state of MachinePool. - properties: - availableReplicas: - description: The number of available replicas (ready for at least - minReadySeconds) for this MachinePool. - format: int32 - type: integer - bootstrapReady: - description: BootstrapReady is the state of the bootstrap provider. - type: boolean - conditions: - description: Conditions define the current service state of the MachinePool. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - failureMessage: - description: |- - FailureMessage indicates that there is a problem reconciling the state, - and will be set to a descriptive error message. - type: string - failureReason: - description: |- - FailureReason indicates that there is a problem reconciling the state, and - will be set to a token value suitable for programmatic interpretation. - type: string - infrastructureReady: - description: InfrastructureReady is the state of the infrastructure - provider. - type: boolean - nodeRefs: - description: NodeRefs will point to the corresponding Nodes if it - they exist. - items: - description: |- - ObjectReference contains enough information to let you inspect or modify the referred object. - --- - New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. - 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. - 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular - restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". - Those cannot be well described when embedded. - 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. - 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity - during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple - and the version of the actual struct is irrelevant. - 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type - will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. - - - Instead of using this type, create a locally provided and used type that is well-focused on your reference. - For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - type: array - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - phase: - description: |- - Phase represents the current phase of cluster actuation. - E.g. Pending, Running, Terminating, Failed etc. - type: string - readyReplicas: - description: The number of ready replicas for this MachinePool. A - machine is considered ready when the node has been created and is - "Ready". - format: int32 - type: integer - replicas: - description: Replicas is the most recently observed number of replicas. - format: int32 - type: integer - unavailableReplicas: - description: |- - Total number of unavailable machine instances targeted by this machine pool. - This is the total number of machine instances that are still required for - the machine pool to have 100% available capacity. They may either - be machine instances that are running but not yet available or machine instances - that still have not been created. - format: int32 - type: integer - type: object - type: object - served: false - storage: false - subresources: - scale: - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - - additionalPrinterColumns: - - description: Cluster - jsonPath: .spec.clusterName - name: Cluster - type: string - - description: Total number of machines desired by this MachinePool - jsonPath: .spec.replicas - name: Desired - priority: 10 - type: integer - - description: MachinePool replicas count - jsonPath: .status.replicas - name: Replicas - type: string - - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed - etc - jsonPath: .status.phase - name: Phase - type: string - - description: Time duration since creation of MachinePool - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Kubernetes version associated with this MachinePool - jsonPath: .spec.template.spec.version - name: Version - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: MachinePool is the Schema for the machinepools API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MachinePoolSpec defines the desired state of MachinePool. - properties: - clusterName: - description: ClusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - failureDomains: - description: FailureDomains is the list of failure domains this MachinePool - should be attached to. - items: - type: string - type: array - minReadySeconds: - description: |- - Minimum number of seconds for which a newly created machine instances should - be ready. - Defaults to 0 (machine instance will be considered available as soon as it - is ready) - NOTE: No logic is implemented for this field and it currently has no behaviour. - format: int32 - type: integer - providerIDList: - description: |- - ProviderIDList are the identification IDs of machine instances provided by the provider. - This field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances. - items: - type: string - type: array - replicas: - description: |- - Number of desired machines. Defaults to 1. - This is a pointer to distinguish between explicit zero and not specified. - format: int32 - type: integer - template: - description: Template describes the machines that will be created. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - spec: - description: |- - Specification of the desired behavior of the machine. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - properties: - bootstrap: - description: |- - Bootstrap is a reference to a local struct which encapsulates - fields to configure the Machine’s bootstrapping mechanism. - properties: - configRef: - description: |- - ConfigRef is a reference to a bootstrap provider-specific resource - that holds configuration details. The reference is optional to - allow users/operators to specify Bootstrap.DataSecretName without - the need of a controller. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - dataSecretName: - description: |- - DataSecretName is the name of the secret that stores the bootstrap data script. - If nil, the Machine should remain in the Pending state. - type: string - type: object - clusterName: - description: ClusterName is the name of the Cluster this object - belongs to. - minLength: 1 - type: string - failureDomain: - description: |- - FailureDomain is the failure domain the machine will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - type: string - infrastructureRef: - description: |- - InfrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - nodeDeletionTimeout: - description: |- - NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine - hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. - Defaults to 10 seconds. - type: string - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - nodeVolumeDetachTimeout: - description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - type: string - providerID: - description: |- - ProviderID is the identification ID of the machine provided by the provider. - This field must match the provider ID as seen on the node object corresponding to this machine. - This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler - with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out - machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a - generic out-of-tree provider for autoscaler, this field is required by autoscaler to be - able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered machines and are marked for delete. - This field will be set by the actuators and consumed by higher level entities like autoscaler that will - be interfacing with cluster-api as generic provider. - type: string - version: - description: |- - Version defines the desired Kubernetes version. - This field is meant to be optionally used by bootstrap providers. - type: string - required: - - bootstrap - - clusterName - - infrastructureRef - type: object - type: object - required: - - clusterName - - template - type: object - status: - description: MachinePoolStatus defines the observed state of MachinePool. - properties: - availableReplicas: - description: The number of available replicas (ready for at least - minReadySeconds) for this MachinePool. - format: int32 - type: integer - bootstrapReady: - description: BootstrapReady is the state of the bootstrap provider. - type: boolean - conditions: - description: Conditions define the current service state of the MachinePool. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureMessage: - description: |- - FailureMessage indicates that there is a problem reconciling the state, - and will be set to a descriptive error message. - type: string - failureReason: - description: |- - FailureReason indicates that there is a problem reconciling the state, and - will be set to a token value suitable for programmatic interpretation. - type: string - infrastructureReady: - description: InfrastructureReady is the state of the infrastructure - provider. - type: boolean - nodeRefs: - description: NodeRefs will point to the corresponding Nodes if it - they exist. - items: - description: |- - ObjectReference contains enough information to let you inspect or modify the referred object. - --- - New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. - 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. - 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular - restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". - Those cannot be well described when embedded. - 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. - 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity - during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple - and the version of the actual struct is irrelevant. - 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type - will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. - - - Instead of using this type, create a locally provided and used type that is well-focused on your reference. - For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - type: array - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - phase: - description: |- - Phase represents the current phase of cluster actuation. - E.g. Pending, Running, Terminating, Failed etc. - type: string - readyReplicas: - description: The number of ready replicas for this MachinePool. A - machine is considered ready when the node has been created and is - "Ready". - format: int32 - type: integer - replicas: - description: Replicas is the most recently observed number of replicas. - format: int32 - type: integer - unavailableReplicas: - description: |- - Total number of unavailable machine instances targeted by this machine pool. - This is the total number of machine instances that are still required for - the machine pool to have 100% available capacity. They may either - be machine instances that are running but not yet available or machine instances - that still have not been created. - format: int32 - type: integer - type: object - type: object - served: true - storage: true - subresources: - scale: - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.14.0 - labels: - cluster.x-k8s.io/provider: cluster-api - name: machines.cluster.x-k8s.io - spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: cluster.x-k8s.io - names: - categories: - - cluster-api - kind: Machine - listKind: MachineList - plural: machines - shortNames: - - ma - singular: machine - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Provider ID - jsonPath: .spec.providerID - name: ProviderID - type: string - - description: Machine status such as Terminating/Pending/Running/Failed etc - jsonPath: .status.phase - name: Phase - type: string - - description: Kubernetes version associated with this Machine - jsonPath: .spec.version - name: Version - type: string - - description: Node name associated with this machine - jsonPath: .status.nodeRef.name - name: NodeName - priority: 1 - type: string - deprecated: true - name: v1alpha3 - schema: - openAPIV3Schema: - description: |- - Machine is the Schema for the machines API. - - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MachineSpec defines the desired state of Machine. - properties: - bootstrap: - description: |- - Bootstrap is a reference to a local struct which encapsulates - fields to configure the Machine’s bootstrapping mechanism. - properties: - configRef: - description: |- - ConfigRef is a reference to a bootstrap provider-specific resource - that holds configuration details. The reference is optional to - allow users/operators to specify Bootstrap.Data without - the need of a controller. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - data: - description: |- - Data contains the bootstrap data, such as cloud-init details scripts. - If nil, the Machine should remain in the Pending state. - - - Deprecated: Switch to DataSecretName. - type: string - dataSecretName: - description: |- - DataSecretName is the name of the secret that stores the bootstrap data script. - If nil, the Machine should remain in the Pending state. - type: string - type: object - clusterName: - description: ClusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - failureDomain: - description: |- - FailureDomain is the failure domain the machine will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - type: string - infrastructureRef: - description: |- - InfrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - providerID: - description: |- - ProviderID is the identification ID of the machine provided by the provider. - This field must match the provider ID as seen on the node object corresponding to this machine. - This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler - with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out - machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a - generic out-of-tree provider for autoscaler, this field is required by autoscaler to be - able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered machines and are marked for delete. - This field will be set by the actuators and consumed by higher level entities like autoscaler that will - be interfacing with cluster-api as generic provider. - type: string - version: - description: |- - Version defines the desired Kubernetes version. - This field is meant to be optionally used by bootstrap providers. - type: string - required: - - bootstrap - - clusterName - - infrastructureRef - type: object - status: - description: MachineStatus defines the observed state of Machine. - properties: - addresses: - description: |- - Addresses is a list of addresses assigned to the machine. - This field is copied from the infrastructure provider reference. - items: - description: MachineAddress contains information for the node's - address. - properties: - address: - description: The machine address. - type: string - type: - description: Machine address type, one of Hostname, ExternalIP - or InternalIP. - type: string - required: - - address - - type - type: object - type: array - bootstrapReady: - description: BootstrapReady is the state of the bootstrap provider. - type: boolean - conditions: - description: Conditions defines current service state of the Machine. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - failureMessage: - description: |- - FailureMessage will be set in the event that there is a terminal problem - reconciling the Machine and will contain a more verbose string suitable - for logging and human consumption. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - failureReason: - description: |- - FailureReason will be set in the event that there is a terminal problem - reconciling the Machine and will contain a succinct value suitable - for machine interpretation. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - infrastructureReady: - description: InfrastructureReady is the state of the infrastructure - provider. - type: boolean - lastUpdated: - description: LastUpdated identifies when the phase of the Machine - last transitioned. - format: date-time - type: string - nodeRef: - description: NodeRef will point to the corresponding Node if it exists. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - phase: - description: |- - Phase represents the current phase of machine actuation. - E.g. Pending, Running, Terminating, Failed etc. - type: string - version: - description: |- - Version specifies the current version of Kubernetes running - on the corresponding Node. This is meant to be a means of bubbling - up status from the Node to the Machine. - It is entirely optional, but useful for end-user UX if it’s present. - type: string - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Cluster - jsonPath: .spec.clusterName - name: Cluster - type: string - - description: Time duration since creation of Machine - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Provider ID - jsonPath: .spec.providerID - name: ProviderID - type: string - - description: Machine status such as Terminating/Pending/Running/Failed etc - jsonPath: .status.phase - name: Phase - type: string - - description: Kubernetes version associated with this Machine - jsonPath: .spec.version - name: Version - type: string - - description: Node name associated with this machine - jsonPath: .status.nodeRef.name - name: NodeName - priority: 1 - type: string - deprecated: true - name: v1alpha4 - schema: - openAPIV3Schema: - description: |- - Machine is the Schema for the machines API. - - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MachineSpec defines the desired state of Machine. - properties: - bootstrap: - description: |- - Bootstrap is a reference to a local struct which encapsulates - fields to configure the Machine’s bootstrapping mechanism. - properties: - configRef: - description: |- - ConfigRef is a reference to a bootstrap provider-specific resource - that holds configuration details. The reference is optional to - allow users/operators to specify Bootstrap.DataSecretName without - the need of a controller. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - dataSecretName: - description: |- - DataSecretName is the name of the secret that stores the bootstrap data script. - If nil, the Machine should remain in the Pending state. - type: string - type: object - clusterName: - description: ClusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - failureDomain: - description: |- - FailureDomain is the failure domain the machine will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - type: string - infrastructureRef: - description: |- - InfrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - providerID: - description: |- - ProviderID is the identification ID of the machine provided by the provider. - This field must match the provider ID as seen on the node object corresponding to this machine. - This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler - with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out - machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a - generic out-of-tree provider for autoscaler, this field is required by autoscaler to be - able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered machines and are marked for delete. - This field will be set by the actuators and consumed by higher level entities like autoscaler that will - be interfacing with cluster-api as generic provider. - type: string - version: - description: |- - Version defines the desired Kubernetes version. - This field is meant to be optionally used by bootstrap providers. - type: string - required: - - bootstrap - - clusterName - - infrastructureRef - type: object - status: - description: MachineStatus defines the observed state of Machine. - properties: - addresses: - description: |- - Addresses is a list of addresses assigned to the machine. - This field is copied from the infrastructure provider reference. - items: - description: MachineAddress contains information for the node's - address. - properties: - address: - description: The machine address. - type: string - type: - description: Machine address type, one of Hostname, ExternalIP - or InternalIP. - type: string - required: - - address - - type - type: object - type: array - bootstrapReady: - description: BootstrapReady is the state of the bootstrap provider. - type: boolean - conditions: - description: Conditions defines current service state of the Machine. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - failureMessage: - description: |- - FailureMessage will be set in the event that there is a terminal problem - reconciling the Machine and will contain a more verbose string suitable - for logging and human consumption. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - failureReason: - description: |- - FailureReason will be set in the event that there is a terminal problem - reconciling the Machine and will contain a succinct value suitable - for machine interpretation. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - infrastructureReady: - description: InfrastructureReady is the state of the infrastructure - provider. - type: boolean - lastUpdated: - description: LastUpdated identifies when the phase of the Machine - last transitioned. - format: date-time - type: string - nodeInfo: - description: |- - NodeInfo is a set of ids/uuids to uniquely identify the node. - More info: https://kubernetes.io/docs/concepts/nodes/node/#info - properties: - architecture: - description: The Architecture reported by the node - type: string - bootID: - description: Boot ID reported by the node. - type: string - containerRuntimeVersion: - description: ContainerRuntime Version reported by the node through - runtime remote API (e.g. containerd://1.4.2). - type: string - kernelVersion: - description: Kernel Version reported by the node from 'uname -r' - (e.g. 3.16.0-0.bpo.4-amd64). - type: string - kubeProxyVersion: - description: KubeProxy Version reported by the node. - type: string - kubeletVersion: - description: Kubelet Version reported by the node. - type: string - machineID: - description: |- - MachineID reported by the node. For unique machine identification - in the cluster this field is preferred. Learn more from man(5) - machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html - type: string - operatingSystem: - description: The Operating System reported by the node - type: string - osImage: - description: OS Image reported by the node from /etc/os-release - (e.g. Debian GNU/Linux 7 (wheezy)). - type: string - systemUUID: - description: |- - SystemUUID reported by the node. For unique machine identification - MachineID is preferred. This field is specific to Red Hat hosts - https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid - type: string - required: - - architecture - - bootID - - containerRuntimeVersion - - kernelVersion - - kubeProxyVersion - - kubeletVersion - - machineID - - operatingSystem - - osImage - - systemUUID - type: object - nodeRef: - description: NodeRef will point to the corresponding Node if it exists. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - phase: - description: |- - Phase represents the current phase of machine actuation. - E.g. Pending, Running, Terminating, Failed etc. - type: string - version: - description: |- - Version specifies the current version of Kubernetes running - on the corresponding Node. This is meant to be a means of bubbling - up status from the Node to the Machine. - It is entirely optional, but useful for end-user UX if it’s present. - type: string - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Cluster - jsonPath: .spec.clusterName - name: Cluster - type: string - - description: Node name associated with this machine - jsonPath: .status.nodeRef.name - name: NodeName - type: string - - description: Provider ID - jsonPath: .spec.providerID - name: ProviderID - type: string - - description: Machine status such as Terminating/Pending/Running/Failed etc - jsonPath: .status.phase - name: Phase - type: string - - description: Time duration since creation of Machine - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Kubernetes version associated with this Machine - jsonPath: .spec.version - name: Version - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: Machine is the Schema for the machines API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MachineSpec defines the desired state of Machine. - properties: - bootstrap: - description: |- - Bootstrap is a reference to a local struct which encapsulates - fields to configure the Machine’s bootstrapping mechanism. - properties: - configRef: - description: |- - ConfigRef is a reference to a bootstrap provider-specific resource - that holds configuration details. The reference is optional to - allow users/operators to specify Bootstrap.DataSecretName without - the need of a controller. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - dataSecretName: - description: |- - DataSecretName is the name of the secret that stores the bootstrap data script. - If nil, the Machine should remain in the Pending state. - type: string - type: object - clusterName: - description: ClusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - failureDomain: - description: |- - FailureDomain is the failure domain the machine will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - type: string - infrastructureRef: - description: |- - InfrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - nodeDeletionTimeout: - description: |- - NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine - hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. - Defaults to 10 seconds. - type: string - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - nodeVolumeDetachTimeout: - description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - type: string - providerID: - description: |- - ProviderID is the identification ID of the machine provided by the provider. - This field must match the provider ID as seen on the node object corresponding to this machine. - This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler - with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out - machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a - generic out-of-tree provider for autoscaler, this field is required by autoscaler to be - able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered machines and are marked for delete. - This field will be set by the actuators and consumed by higher level entities like autoscaler that will - be interfacing with cluster-api as generic provider. - type: string - version: - description: |- - Version defines the desired Kubernetes version. - This field is meant to be optionally used by bootstrap providers. - type: string - required: - - bootstrap - - clusterName - - infrastructureRef - type: object - status: - description: MachineStatus defines the observed state of Machine. - properties: - addresses: - description: |- - Addresses is a list of addresses assigned to the machine. - This field is copied from the infrastructure provider reference. - items: - description: MachineAddress contains information for the node's - address. - properties: - address: - description: The machine address. - type: string - type: - description: Machine address type, one of Hostname, ExternalIP, - InternalIP, ExternalDNS or InternalDNS. - type: string - required: - - address - - type - type: object - type: array - bootstrapReady: - description: BootstrapReady is the state of the bootstrap provider. - type: boolean - certificatesExpiryDate: - description: |- - CertificatesExpiryDate is the expiry date of the machine certificates. - This value is only set for control plane machines. - format: date-time - type: string - conditions: - description: Conditions defines current service state of the Machine. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureMessage: - description: |- - FailureMessage will be set in the event that there is a terminal problem - reconciling the Machine and will contain a more verbose string suitable - for logging and human consumption. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - failureReason: - description: |- - FailureReason will be set in the event that there is a terminal problem - reconciling the Machine and will contain a succinct value suitable - for machine interpretation. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - infrastructureReady: - description: InfrastructureReady is the state of the infrastructure - provider. - type: boolean - lastUpdated: - description: LastUpdated identifies when the phase of the Machine - last transitioned. - format: date-time - type: string - nodeInfo: - description: |- - NodeInfo is a set of ids/uuids to uniquely identify the node. - More info: https://kubernetes.io/docs/concepts/nodes/node/#info - properties: - architecture: - description: The Architecture reported by the node - type: string - bootID: - description: Boot ID reported by the node. - type: string - containerRuntimeVersion: - description: ContainerRuntime Version reported by the node through - runtime remote API (e.g. containerd://1.4.2). - type: string - kernelVersion: - description: Kernel Version reported by the node from 'uname -r' - (e.g. 3.16.0-0.bpo.4-amd64). - type: string - kubeProxyVersion: - description: KubeProxy Version reported by the node. - type: string - kubeletVersion: - description: Kubelet Version reported by the node. - type: string - machineID: - description: |- - MachineID reported by the node. For unique machine identification - in the cluster this field is preferred. Learn more from man(5) - machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html - type: string - operatingSystem: - description: The Operating System reported by the node - type: string - osImage: - description: OS Image reported by the node from /etc/os-release - (e.g. Debian GNU/Linux 7 (wheezy)). - type: string - systemUUID: - description: |- - SystemUUID reported by the node. For unique machine identification - MachineID is preferred. This field is specific to Red Hat hosts - https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid - type: string - required: - - architecture - - bootID - - containerRuntimeVersion - - kernelVersion - - kubeProxyVersion - - kubeletVersion - - machineID - - operatingSystem - - osImage - - systemUUID - type: object - nodeRef: - description: NodeRef will point to the corresponding Node if it exists. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - phase: - description: |- - Phase represents the current phase of machine actuation. - E.g. Pending, Running, Terminating, Failed etc. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.14.0 - labels: - cluster.x-k8s.io/provider: cluster-api - name: machinesets.cluster.x-k8s.io - spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: cluster.x-k8s.io - names: - categories: - - cluster-api - kind: MachineSet - listKind: MachineSetList - plural: machinesets - shortNames: - - ms - singular: machineset - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Total number of non-terminated machines targeted by this machineset - jsonPath: .status.replicas - name: Replicas - type: integer - - description: Total number of available machines (ready for at least minReadySeconds) - jsonPath: .status.availableReplicas - name: Available - type: integer - - description: Total number of ready machines targeted by this machineset. - jsonPath: .status.readyReplicas - name: Ready - type: integer - deprecated: true - name: v1alpha3 - schema: - openAPIV3Schema: - description: |- - MachineSet is the Schema for the machinesets API. - - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MachineSetSpec defines the desired state of MachineSet. - properties: - clusterName: - description: ClusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - deletePolicy: - description: |- - DeletePolicy defines the policy used to identify nodes to delete when downscaling. - Defaults to "Random". Valid values are "Random, "Newest", "Oldest" - enum: - - Random - - Newest - - Oldest - type: string - minReadySeconds: - description: |- - MinReadySeconds is the minimum number of seconds for which a newly created machine should be ready. - Defaults to 0 (machine will be considered available as soon as it is ready) - format: int32 - type: integer - replicas: - description: |- - Replicas is the number of desired replicas. - This is a pointer to distinguish between explicit zero and unspecified. - Defaults to 1. - format: int32 - type: integer - selector: - description: |- - Selector is a label query over machines that should match the replica count. - Label keys and values that must match in order to be controlled by this MachineSet. - It must match the machine template's labels. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - template: - description: |- - Template is the object that describes the machine that will be created if - insufficient replicas are detected. - Object references to custom resources are treated as templates. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - generateName: - description: |- - GenerateName is an optional prefix, used by the server, to generate a unique - name ONLY IF the Name field has not been provided. - If this field is used, the name returned to the client will be different - than the name passed. This value will also be combined with a unique suffix. - The provided value has the same validation rules as the Name field, - and may be truncated by the length of the suffix required to make the value - unique on the server. - - - If this field is specified and the generated name exists, the server will - NOT return a 409 - instead, it will either return 201 Created or 500 with Reason - ServerTimeout indicating a unique name could not be found in the time allotted, and the client - should retry (optionally after the time indicated in the Retry-After header). - - - Applied only if Name is not specified. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency - - - Deprecated: This field has no function and is going to be removed in a next release. - type: string - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - name: - description: |- - Name must be unique within a namespace. Is required when creating resources, although - some resources may allow a client to request the generation of an appropriate name - automatically. Name is primarily intended for creation idempotence and configuration - definition. - Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names - - - Deprecated: This field has no function and is going to be removed in a next release. - type: string - namespace: - description: |- - Namespace defines the space within each name must be unique. An empty namespace is - equivalent to the "default" namespace, but "default" is the canonical representation. - Not all objects are required to be scoped to a namespace - the value of this field for - those objects will be empty. - - - Must be a DNS_LABEL. - Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces - - - Deprecated: This field has no function and is going to be removed in a next release. - type: string - ownerReferences: - description: |- - List of objects depended by this object. If ALL objects in the list have - been deleted, this object will be garbage collected. If this object is managed by a controller, - then an entry in this list will point to this controller, with the controller field set to true. - There cannot be more than one managing controller. - - - Deprecated: This field has no function and is going to be removed in a next release. - items: - description: |- - OwnerReference contains enough information to let you identify an owning - object. An owning object must be in the same namespace as the dependent, or - be cluster-scoped, so there is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: |- - If true, AND if the owner has the "foregroundDeletion" finalizer, then - the owner cannot be deleted from the key-value store until this - reference is removed. - See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts with this field and enforces the foreground deletion. - Defaults to false. - To set this field, a user needs "delete" permission of the owner, - otherwise 422 (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the managing - controller. - type: boolean - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids - type: string - required: - - apiVersion - - kind - - name - - uid - type: object - x-kubernetes-map-type: atomic - type: array - type: object - spec: - description: |- - Specification of the desired behavior of the machine. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - properties: - bootstrap: - description: |- - Bootstrap is a reference to a local struct which encapsulates - fields to configure the Machine’s bootstrapping mechanism. - properties: - configRef: - description: |- - ConfigRef is a reference to a bootstrap provider-specific resource - that holds configuration details. The reference is optional to - allow users/operators to specify Bootstrap.Data without - the need of a controller. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - data: - description: |- - Data contains the bootstrap data, such as cloud-init details scripts. - If nil, the Machine should remain in the Pending state. - - - Deprecated: Switch to DataSecretName. - type: string - dataSecretName: - description: |- - DataSecretName is the name of the secret that stores the bootstrap data script. - If nil, the Machine should remain in the Pending state. - type: string - type: object - clusterName: - description: ClusterName is the name of the Cluster this object - belongs to. - minLength: 1 - type: string - failureDomain: - description: |- - FailureDomain is the failure domain the machine will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - type: string - infrastructureRef: - description: |- - InfrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - providerID: - description: |- - ProviderID is the identification ID of the machine provided by the provider. - This field must match the provider ID as seen on the node object corresponding to this machine. - This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler - with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out - machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a - generic out-of-tree provider for autoscaler, this field is required by autoscaler to be - able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered machines and are marked for delete. - This field will be set by the actuators and consumed by higher level entities like autoscaler that will - be interfacing with cluster-api as generic provider. - type: string - version: - description: |- - Version defines the desired Kubernetes version. - This field is meant to be optionally used by bootstrap providers. - type: string - required: - - bootstrap - - clusterName - - infrastructureRef - type: object - type: object - required: - - clusterName - - selector - type: object - status: - description: MachineSetStatus defines the observed state of MachineSet. - properties: - availableReplicas: - description: The number of available replicas (ready for at least - minReadySeconds) for this MachineSet. - format: int32 - type: integer - failureMessage: - type: string - failureReason: - description: |- - In the event that there is a terminal problem reconciling the - replicas, both FailureReason and FailureMessage will be set. FailureReason - will be populated with a succinct value suitable for machine - interpretation, while FailureMessage will contain a more verbose - string suitable for logging and human consumption. - - - These fields should not be set for transitive errors that a - controller faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the MachineTemplate's spec or the configuration of - the machine controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the machine controller, or the - responsible machine controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the MachineSet object and/or logged in the - controller's output. - type: string - fullyLabeledReplicas: - description: The number of replicas that have labels matching the - labels of the machine template of the MachineSet. - format: int32 - type: integer - observedGeneration: - description: ObservedGeneration reflects the generation of the most - recently observed MachineSet. - format: int64 - type: integer - readyReplicas: - description: The number of ready replicas for this MachineSet. A machine - is considered ready when the node has been created and is "Ready". - format: int32 - type: integer - replicas: - description: Replicas is the most recently observed number of replicas. - format: int32 - type: integer - selector: - description: |- - Selector is the same as the label selector but in the string format to avoid introspection - by clients. The string will be in the same format as the query-param syntax. - More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors - type: string - type: object - type: object - served: false - storage: false - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - - additionalPrinterColumns: - - description: Cluster - jsonPath: .spec.clusterName - name: Cluster - type: string - - description: Time duration since creation of MachineSet - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Total number of non-terminated machines targeted by this machineset - jsonPath: .status.replicas - name: Replicas - type: integer - - description: Total number of available machines (ready for at least minReadySeconds) - jsonPath: .status.availableReplicas - name: Available - type: integer - - description: Total number of ready machines targeted by this machineset. - jsonPath: .status.readyReplicas - name: Ready - type: integer - deprecated: true - name: v1alpha4 - schema: - openAPIV3Schema: - description: |- - MachineSet is the Schema for the machinesets API. - - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MachineSetSpec defines the desired state of MachineSet. - properties: - clusterName: - description: ClusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - deletePolicy: - description: |- - DeletePolicy defines the policy used to identify nodes to delete when downscaling. - Defaults to "Random". Valid values are "Random, "Newest", "Oldest" - enum: - - Random - - Newest - - Oldest - type: string - minReadySeconds: - description: |- - MinReadySeconds is the minimum number of seconds for which a newly created machine should be ready. - Defaults to 0 (machine will be considered available as soon as it is ready) - format: int32 - type: integer - replicas: - default: 1 - description: |- - Replicas is the number of desired replicas. - This is a pointer to distinguish between explicit zero and unspecified. - Defaults to 1. - format: int32 - type: integer - selector: - description: |- - Selector is a label query over machines that should match the replica count. - Label keys and values that must match in order to be controlled by this MachineSet. - It must match the machine template's labels. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - template: - description: |- - Template is the object that describes the machine that will be created if - insufficient replicas are detected. - Object references to custom resources are treated as templates. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - spec: - description: |- - Specification of the desired behavior of the machine. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - properties: - bootstrap: - description: |- - Bootstrap is a reference to a local struct which encapsulates - fields to configure the Machine’s bootstrapping mechanism. - properties: - configRef: - description: |- - ConfigRef is a reference to a bootstrap provider-specific resource - that holds configuration details. The reference is optional to - allow users/operators to specify Bootstrap.DataSecretName without - the need of a controller. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - dataSecretName: - description: |- - DataSecretName is the name of the secret that stores the bootstrap data script. - If nil, the Machine should remain in the Pending state. - type: string - type: object - clusterName: - description: ClusterName is the name of the Cluster this object - belongs to. - minLength: 1 - type: string - failureDomain: - description: |- - FailureDomain is the failure domain the machine will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - type: string - infrastructureRef: - description: |- - InfrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - providerID: - description: |- - ProviderID is the identification ID of the machine provided by the provider. - This field must match the provider ID as seen on the node object corresponding to this machine. - This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler - with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out - machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a - generic out-of-tree provider for autoscaler, this field is required by autoscaler to be - able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered machines and are marked for delete. - This field will be set by the actuators and consumed by higher level entities like autoscaler that will - be interfacing with cluster-api as generic provider. - type: string - version: - description: |- - Version defines the desired Kubernetes version. - This field is meant to be optionally used by bootstrap providers. - type: string - required: - - bootstrap - - clusterName - - infrastructureRef - type: object - type: object - required: - - clusterName - - selector - type: object - status: - description: MachineSetStatus defines the observed state of MachineSet. - properties: - availableReplicas: - description: The number of available replicas (ready for at least - minReadySeconds) for this MachineSet. - format: int32 - type: integer - conditions: - description: Conditions defines current service state of the MachineSet. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - failureMessage: - type: string - failureReason: - description: |- - In the event that there is a terminal problem reconciling the - replicas, both FailureReason and FailureMessage will be set. FailureReason - will be populated with a succinct value suitable for machine - interpretation, while FailureMessage will contain a more verbose - string suitable for logging and human consumption. - - - These fields should not be set for transitive errors that a - controller faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the MachineTemplate's spec or the configuration of - the machine controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the machine controller, or the - responsible machine controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the MachineSet object and/or logged in the - controller's output. - type: string - fullyLabeledReplicas: - description: The number of replicas that have labels matching the - labels of the machine template of the MachineSet. - format: int32 - type: integer - observedGeneration: - description: ObservedGeneration reflects the generation of the most - recently observed MachineSet. - format: int64 - type: integer - readyReplicas: - description: The number of ready replicas for this MachineSet. A machine - is considered ready when the node has been created and is "Ready". - format: int32 - type: integer - replicas: - description: Replicas is the most recently observed number of replicas. - format: int32 - type: integer - selector: - description: |- - Selector is the same as the label selector but in the string format to avoid introspection - by clients. The string will be in the same format as the query-param syntax. - More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors - type: string - type: object - type: object - served: false - storage: false - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - - additionalPrinterColumns: - - description: Cluster - jsonPath: .spec.clusterName - name: Cluster - type: string - - description: Total number of machines desired by this machineset - jsonPath: .spec.replicas - name: Desired - priority: 10 - type: integer - - description: Total number of non-terminated machines targeted by this machineset - jsonPath: .status.replicas - name: Replicas - type: integer - - description: Total number of ready machines targeted by this machineset. - jsonPath: .status.readyReplicas - name: Ready - type: integer - - description: Total number of available machines (ready for at least minReadySeconds) - jsonPath: .status.availableReplicas - name: Available - type: integer - - description: Time duration since creation of MachineSet - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Kubernetes version associated with this MachineSet - jsonPath: .spec.template.spec.version - name: Version - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: MachineSet is the Schema for the machinesets API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MachineSetSpec defines the desired state of MachineSet. - properties: - clusterName: - description: ClusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - deletePolicy: - description: |- - DeletePolicy defines the policy used to identify nodes to delete when downscaling. - Defaults to "Random". Valid values are "Random, "Newest", "Oldest" - enum: - - Random - - Newest - - Oldest - type: string - minReadySeconds: - description: |- - MinReadySeconds is the minimum number of seconds for which a Node for a newly created machine should be ready before considering the replica available. - Defaults to 0 (machine will be considered available as soon as the Node is ready) - format: int32 - type: integer - replicas: - description: |- - Replicas is the number of desired replicas. - This is a pointer to distinguish between explicit zero and unspecified. - - - Defaults to: - * if the Kubernetes autoscaler min size and max size annotations are set: - - if it's a new MachineSet, use min size - - if the replicas field of the old MachineSet is < min size, use min size - - if the replicas field of the old MachineSet is > max size, use max size - - if the replicas field of the old MachineSet is in the (min size, max size) range, keep the value from the oldMS - * otherwise use 1 - Note: Defaulting will be run whenever the replicas field is not set: - * A new MachineSet is created with replicas not set. - * On an existing MachineSet the replicas field was first set and is now unset. - Those cases are especially relevant for the following Kubernetes autoscaler use cases: - * A new MachineSet is created and replicas should be managed by the autoscaler - * An existing MachineSet which initially wasn't controlled by the autoscaler - should be later controlled by the autoscaler - format: int32 - type: integer - selector: - description: |- - Selector is a label query over machines that should match the replica count. - Label keys and values that must match in order to be controlled by this MachineSet. - It must match the machine template's labels. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - template: - description: |- - Template is the object that describes the machine that will be created if - insufficient replicas are detected. - Object references to custom resources are treated as templates. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - spec: - description: |- - Specification of the desired behavior of the machine. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - properties: - bootstrap: - description: |- - Bootstrap is a reference to a local struct which encapsulates - fields to configure the Machine’s bootstrapping mechanism. - properties: - configRef: - description: |- - ConfigRef is a reference to a bootstrap provider-specific resource - that holds configuration details. The reference is optional to - allow users/operators to specify Bootstrap.DataSecretName without - the need of a controller. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - dataSecretName: - description: |- - DataSecretName is the name of the secret that stores the bootstrap data script. - If nil, the Machine should remain in the Pending state. - type: string - type: object - clusterName: - description: ClusterName is the name of the Cluster this object - belongs to. - minLength: 1 - type: string - failureDomain: - description: |- - FailureDomain is the failure domain the machine will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - type: string - infrastructureRef: - description: |- - InfrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - nodeDeletionTimeout: - description: |- - NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine - hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. - Defaults to 10 seconds. - type: string - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - nodeVolumeDetachTimeout: - description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - type: string - providerID: - description: |- - ProviderID is the identification ID of the machine provided by the provider. - This field must match the provider ID as seen on the node object corresponding to this machine. - This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler - with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out - machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a - generic out-of-tree provider for autoscaler, this field is required by autoscaler to be - able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered machines and are marked for delete. - This field will be set by the actuators and consumed by higher level entities like autoscaler that will - be interfacing with cluster-api as generic provider. - type: string - version: - description: |- - Version defines the desired Kubernetes version. - This field is meant to be optionally used by bootstrap providers. - type: string - required: - - bootstrap - - clusterName - - infrastructureRef - type: object - type: object - required: - - clusterName - - selector - type: object - status: - description: MachineSetStatus defines the observed state of MachineSet. - properties: - availableReplicas: - description: The number of available replicas (ready for at least - minReadySeconds) for this MachineSet. - format: int32 - type: integer - conditions: - description: Conditions defines current service state of the MachineSet. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureMessage: - type: string - failureReason: - description: |- - In the event that there is a terminal problem reconciling the - replicas, both FailureReason and FailureMessage will be set. FailureReason - will be populated with a succinct value suitable for machine - interpretation, while FailureMessage will contain a more verbose - string suitable for logging and human consumption. - - - These fields should not be set for transitive errors that a - controller faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the MachineTemplate's spec or the configuration of - the machine controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the machine controller, or the - responsible machine controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the MachineSet object and/or logged in the - controller's output. - type: string - fullyLabeledReplicas: - description: The number of replicas that have labels matching the - labels of the machine template of the MachineSet. - format: int32 - type: integer - observedGeneration: - description: ObservedGeneration reflects the generation of the most - recently observed MachineSet. - format: int64 - type: integer - readyReplicas: - description: The number of ready replicas for this MachineSet. A machine - is considered ready when the node has been created and is "Ready". - format: int32 - type: integer - replicas: - description: Replicas is the most recently observed number of replicas. - format: int32 - type: integer - selector: - description: |- - Selector is the same as the label selector but in the string format to avoid introspection - by clients. The string will be in the same format as the query-param syntax. - More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors - type: string - type: object - type: object - served: true - storage: true - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - --- - apiVersion: v1 - kind: ServiceAccount - metadata: - labels: - cluster.x-k8s.io/provider: cluster-api - name: capi-manager - namespace: capi-system - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - cluster.x-k8s.io/provider: cluster-api - name: capi-leader-election-role - namespace: capi-system - rules: - - apiGroups: - - "" - resources: - - events - verbs: - - create - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - --- - aggregationRule: - clusterRoleSelectors: - - matchLabels: - cluster.x-k8s.io/aggregate-to-manager: "true" - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - labels: - cluster.x-k8s.io/provider: cluster-api - name: capi-aggregated-manager-role - rules: [] - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - labels: - cluster.x-k8s.io/aggregate-to-manager: "true" - cluster.x-k8s.io/provider: cluster-api - name: capi-manager-role - rules: - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch - - apiGroups: - - addons.cluster.x-k8s.io - resources: - - '*' - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - addons.cluster.x-k8s.io - resources: - - clusterresourcesets/finalizers - - clusterresourcesets/status - verbs: - - get - - patch - - update - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - apiGroups: - - bootstrap.cluster.x-k8s.io - - controlplane.cluster.x-k8s.io - - infrastructure.cluster.x-k8s.io - resources: - - '*' - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - bootstrap.cluster.x-k8s.io - - infrastructure.cluster.x-k8s.io - resources: - - '*' - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - clusterclasses - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - clusterclasses - - clusterclasses/status - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - clusters - verbs: - - get - - list - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - clusters - - clusters/finalizers - - clusters/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - clusters - - clusters/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - machinedeployments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - machinedeployments - - machinedeployments/finalizers - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - machinedeployments - - machinedeployments/finalizers - - machinedeployments/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - machinehealthchecks - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - machinehealthchecks - - machinehealthchecks/finalizers - - machinehealthchecks/status - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - machinepools - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - machinepools - - machinepools/finalizers - - machinepools/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - machines - - machines/finalizers - - machines/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - machines - - machines/status - verbs: - - delete - - get - - list - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - machinesets - verbs: - - get - - list - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - machinesets - - machinesets/finalizers - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - machinesets - - machinesets/finalizers - - machinesets/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - patch - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - get - - list - - patch - - watch - - apiGroups: - - "" - resources: - - nodes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - patch - - watch - - apiGroups: - - ipam.cluster.x-k8s.io - resources: - - ipaddressclaims - verbs: - - get - - list - - watch - - apiGroups: - - runtime.cluster.x-k8s.io - resources: - - extensionconfigs - - extensionconfigs/status - verbs: - - get - - list - - patch - - update - - watch - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - cluster.x-k8s.io/provider: cluster-api - name: capi-leader-election-rolebinding - namespace: capi-system - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: capi-leader-election-role - subjects: - - kind: ServiceAccount - name: capi-manager - namespace: capi-system - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - labels: - cluster.x-k8s.io/provider: cluster-api - name: capi-manager-rolebinding - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: capi-aggregated-manager-role - subjects: - - kind: ServiceAccount - name: capi-manager - namespace: capi-system - --- - apiVersion: v1 - kind: Service - metadata: - labels: - cluster.x-k8s.io/provider: cluster-api - name: capi-webhook-service - namespace: capi-system - spec: - ports: - - port: 443 - targetPort: webhook-server - selector: - cluster.x-k8s.io/provider: cluster-api - --- - apiVersion: apps/v1 - kind: Deployment - metadata: - labels: - cluster.x-k8s.io/provider: cluster-api - control-plane: controller-manager - name: capi-controller-manager - namespace: capi-system - spec: - replicas: 1 - selector: - matchLabels: - cluster.x-k8s.io/provider: cluster-api - control-plane: controller-manager - template: - metadata: - labels: - cluster.x-k8s.io/provider: cluster-api - control-plane: controller-manager - spec: - containers: - - args: - - --leader-elect - - --diagnostics-address=${CAPI_DIAGNOSTICS_ADDRESS:=:8443} - - --insecure-diagnostics=${CAPI_INSECURE_DIAGNOSTICS:=false} - - --use-deprecated-infra-machine-naming=${CAPI_USE_DEPRECATED_INFRA_MACHINE_NAMING:=false} - - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=true},ClusterResourceSet=${EXP_CLUSTER_RESOURCE_SET:=true},ClusterTopology=${CLUSTER_TOPOLOGY:=false},RuntimeSDK=${EXP_RUNTIME_SDK:=false},MachineSetPreflightChecks=${EXP_MACHINE_SET_PREFLIGHT_CHECKS:=false} - command: - - /manager - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_UID - valueFrom: - fieldRef: - fieldPath: metadata.uid - image: registry.k8s.io/cluster-api/cluster-api-controller:v1.7.7 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - - containerPort: 8443 - name: metrics - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - runAsGroup: 65532 - runAsUser: 65532 - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: capi-manager - terminationGracePeriodSeconds: 10 - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - volumes: - - name: cert - secret: - secretName: capi-webhook-service-cert - --- - apiVersion: cert-manager.io/v1 - kind: Certificate - metadata: - labels: - cluster.x-k8s.io/provider: cluster-api - name: capi-serving-cert - namespace: capi-system - spec: - dnsNames: - - capi-webhook-service.capi-system.svc - - capi-webhook-service.capi-system.svc.cluster.local - issuerRef: - kind: Issuer - name: capi-selfsigned-issuer - secretName: capi-webhook-service-cert - subject: - organizations: - - k8s-sig-cluster-lifecycle - --- - apiVersion: cert-manager.io/v1 - kind: Issuer - metadata: - labels: - cluster.x-k8s.io/provider: cluster-api - name: capi-selfsigned-issuer - namespace: capi-system - spec: - selfSigned: {} - --- - apiVersion: admissionregistration.k8s.io/v1 - kind: MutatingWebhookConfiguration - metadata: - annotations: - cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - labels: - cluster.x-k8s.io/provider: cluster-api - name: capi-mutating-webhook-configuration - webhooks: - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /mutate-cluster-x-k8s-io-v1beta1-cluster - failurePolicy: Fail - matchPolicy: Equivalent - name: default.cluster.cluster.x-k8s.io - rules: - - apiGroups: - - cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - clusters - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /mutate-cluster-x-k8s-io-v1beta1-clusterclass - failurePolicy: Fail - matchPolicy: Equivalent - name: default.clusterclass.cluster.x-k8s.io - rules: - - apiGroups: - - cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - clusterclasses - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /mutate-cluster-x-k8s-io-v1beta1-machine - failurePolicy: Fail - matchPolicy: Equivalent - name: default.machine.cluster.x-k8s.io - rules: - - apiGroups: - - cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - machines - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /mutate-cluster-x-k8s-io-v1beta1-machinedeployment - failurePolicy: Fail - matchPolicy: Equivalent - name: default.machinedeployment.cluster.x-k8s.io - rules: - - apiGroups: - - cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - machinedeployments - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /mutate-cluster-x-k8s-io-v1beta1-machinehealthcheck - failurePolicy: Fail - matchPolicy: Equivalent - name: default.machinehealthcheck.cluster.x-k8s.io - rules: - - apiGroups: - - cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - machinehealthchecks - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /mutate-cluster-x-k8s-io-v1beta1-machineset - failurePolicy: Fail - matchPolicy: Equivalent - name: default.machineset.cluster.x-k8s.io - rules: - - apiGroups: - - cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - machinesets - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /mutate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig - failurePolicy: Fail - matchPolicy: Equivalent - name: default.extensionconfig.runtime.addons.cluster.x-k8s.io - rules: - - apiGroups: - - runtime.cluster.x-k8s.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - extensionconfigs - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /mutate-cluster-x-k8s-io-v1beta1-machinepool - failurePolicy: Fail - matchPolicy: Equivalent - name: default.machinepool.cluster.x-k8s.io - rules: - - apiGroups: - - cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - machinepools - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /mutate-addons-cluster-x-k8s-io-v1beta1-clusterresourceset - failurePolicy: Fail - matchPolicy: Equivalent - name: default.clusterresourceset.addons.cluster.x-k8s.io - rules: - - apiGroups: - - addons.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - clusterresourcesets - sideEffects: None - --- - apiVersion: admissionregistration.k8s.io/v1 - kind: ValidatingWebhookConfiguration - metadata: - annotations: - cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - labels: - cluster.x-k8s.io/provider: cluster-api - name: capi-validating-webhook-configuration - webhooks: - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /validate-cluster-x-k8s-io-v1beta1-cluster - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.cluster.cluster.x-k8s.io - rules: - - apiGroups: - - cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - clusters - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /validate-cluster-x-k8s-io-v1beta1-clusterclass - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.clusterclass.cluster.x-k8s.io - rules: - - apiGroups: - - cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - clusterclasses - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /validate-cluster-x-k8s-io-v1beta1-machine - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.machine.cluster.x-k8s.io - rules: - - apiGroups: - - cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - machines - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /validate-cluster-x-k8s-io-v1beta1-machinedeployment - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.machinedeployment.cluster.x-k8s.io - rules: - - apiGroups: - - cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - machinedeployments - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /validate-cluster-x-k8s-io-v1beta1-machinehealthcheck - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.machinehealthcheck.cluster.x-k8s.io - rules: - - apiGroups: - - cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - machinehealthchecks - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /validate-cluster-x-k8s-io-v1beta1-machineset - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.machineset.cluster.x-k8s.io - rules: - - apiGroups: - - cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - machinesets - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /validate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.extensionconfig.runtime.cluster.x-k8s.io - rules: - - apiGroups: - - runtime.cluster.x-k8s.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - extensionconfigs - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /validate-cluster-x-k8s-io-v1beta1-machinepool - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.machinepool.cluster.x-k8s.io - rules: - - apiGroups: - - cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - machinepools - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /validate-addons-cluster-x-k8s-io-v1beta1-clusterresourceset - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.clusterresourceset.addons.cluster.x-k8s.io - rules: - - apiGroups: - - addons.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - clusterresourcesets - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /validate-addons-cluster-x-k8s-io-v1beta1-clusterresourcesetbinding - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.clusterresourcesetbinding.addons.cluster.x-k8s.io - rules: - - apiGroups: - - addons.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - clusterresourcesetbindings - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /validate-ipam-cluster-x-k8s-io-v1beta1-ipaddress - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.ipaddress.ipam.cluster.x-k8s.io - rules: - - apiGroups: - - ipam.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - ipaddresses - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /validate-ipam-cluster-x-k8s-io-v1beta1-ipaddressclaim - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.ipaddressclaim.ipam.cluster.x-k8s.io - rules: - - apiGroups: - - ipam.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - ipaddressclaims - sideEffects: None - metadata: | - # maps release series of major.minor to cluster-api contract version - # the contract version may change between minor or major versions, but *not* - # between patch versions. - # - # update this file only when a new major or minor version is released - apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 - kind: Metadata - releaseSeries: - - major: 1 - minor: 7 - contract: v1beta1 - - major: 1 - minor: 6 - contract: v1beta1 - - major: 1 - minor: 5 - contract: v1beta1 - - major: 1 - minor: 4 - contract: v1beta1 - - major: 1 - minor: 3 - contract: v1beta1 - - major: 1 - minor: 2 - contract: v1beta1 - - major: 1 - minor: 1 - contract: v1beta1 - - major: 1 - minor: 0 - contract: v1beta1 - - major: 0 - minor: 4 - contract: v1alpha4 - - major: 0 - minor: 3 - contract: v1alpha3 -kind: ConfigMap -metadata: - labels: - provider.cluster.x-k8s.io/name: cluster-api - provider.cluster.x-k8s.io/type: core - provider.cluster.x-k8s.io/version: v1.7.7 - name: core-cluster-api-v1.7.7 - namespace: capi-system diff --git a/test/e2e/resources/full-chart-install.yaml b/test/e2e/resources/full-chart-install.yaml index 9e60afc64..f094ff605 100644 --- a/test/e2e/resources/full-chart-install.yaml +++ b/test/e2e/resources/full-chart-install.yaml @@ -371,7 +371,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -386,7 +385,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -554,7 +552,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -569,7 +566,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -735,7 +731,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -750,7 +745,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -918,7 +912,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -933,7 +926,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1842,7 +1834,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1857,7 +1848,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2024,7 +2014,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2039,7 +2028,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2204,7 +2192,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2219,7 +2206,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2386,7 +2372,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2401,7 +2386,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -3068,51 +3052,56 @@ spec: conditions: description: Conditions define the current service state of the provider. items: - description: Condition defines an observation of a Cluster API resource - operational state. + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. - This field may be empty. - maxLength: 10240 - minLength: 1 + This may be an empty string. + maxLength: 32768 type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer reason: description: |- - reason is the reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - maxLength: 256 + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 minLength: 1 - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - maxLength: 32 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - maxLength: 256 - minLength: 1 + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime + - message + - reason - status - type type: object @@ -3501,7 +3490,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -3516,7 +3504,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -3684,7 +3671,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -3699,7 +3685,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -3865,7 +3850,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -3880,7 +3864,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -4048,7 +4031,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -4063,7 +4045,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -4972,7 +4953,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -4987,7 +4967,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -5154,7 +5133,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -5169,7 +5147,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -5334,7 +5311,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -5349,7 +5325,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -5516,7 +5491,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -5531,7 +5505,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6198,51 +6171,56 @@ spec: conditions: description: Conditions define the current service state of the provider. items: - description: Condition defines an observation of a Cluster API resource - operational state. + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. - This field may be empty. - maxLength: 10240 - minLength: 1 + This may be an empty string. + maxLength: 32768 type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer reason: description: |- - reason is the reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - maxLength: 256 + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 minLength: 1 - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - maxLength: 32 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - maxLength: 256 - minLength: 1 + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime + - message + - reason - status - type type: object @@ -6632,7 +6610,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6647,7 +6624,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6815,7 +6791,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6830,7 +6805,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6996,7 +6970,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -7011,7 +6984,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -7179,7 +7151,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -7194,7 +7165,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -8103,7 +8073,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -8118,7 +8087,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -8285,7 +8253,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -8300,7 +8267,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -8465,7 +8431,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -8480,7 +8445,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -8647,7 +8611,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -8662,7 +8625,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -9330,51 +9292,56 @@ spec: conditions: description: Conditions define the current service state of the provider. items: - description: Condition defines an observation of a Cluster API resource - operational state. + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. - This field may be empty. - maxLength: 10240 - minLength: 1 + This may be an empty string. + maxLength: 32768 type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer reason: description: |- - reason is the reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - maxLength: 256 + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 minLength: 1 - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - maxLength: 32 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - maxLength: 256 - minLength: 1 + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime + - message + - reason - status - type type: object @@ -9763,7 +9730,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -9778,7 +9744,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -9946,7 +9911,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -9961,7 +9925,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -10127,7 +10090,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -10142,7 +10104,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -10310,7 +10271,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -10325,7 +10285,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -11234,7 +11193,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -11249,7 +11207,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -11416,7 +11373,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -11431,7 +11387,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -11596,7 +11551,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -11611,7 +11565,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -11778,7 +11731,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -11793,7 +11745,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -12460,51 +12411,56 @@ spec: conditions: description: Conditions define the current service state of the provider. items: - description: Condition defines an observation of a Cluster API resource - operational state. + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. - This field may be empty. - maxLength: 10240 - minLength: 1 + This may be an empty string. + maxLength: 32768 type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer reason: description: |- - reason is the reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - maxLength: 256 + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 minLength: 1 - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - maxLength: 32 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - maxLength: 256 - minLength: 1 + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime + - message + - reason - status - type type: object @@ -12894,7 +12850,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -12909,7 +12864,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -13077,7 +13031,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -13092,7 +13045,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -13258,7 +13210,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -13273,7 +13224,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -13441,7 +13391,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -13456,7 +13405,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -14365,7 +14313,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -14380,7 +14327,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -14547,7 +14493,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -14562,7 +14507,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -14727,7 +14671,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -14742,7 +14685,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -14909,7 +14851,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -14924,7 +14865,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -15592,51 +15532,56 @@ spec: conditions: description: Conditions define the current service state of the provider. items: - description: Condition defines an observation of a Cluster API resource - operational state. + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. - This field may be empty. - maxLength: 10240 - minLength: 1 + This may be an empty string. + maxLength: 32768 type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer reason: description: |- - reason is the reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - maxLength: 256 + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 minLength: 1 - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - maxLength: 32 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - maxLength: 256 - minLength: 1 + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime + - message + - reason - status - type type: object @@ -16025,7 +15970,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -16040,7 +15984,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -16208,7 +16151,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -16223,7 +16165,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -16389,7 +16330,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -16404,7 +16344,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -16572,7 +16511,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -16587,7 +16525,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -17496,7 +17433,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -17511,7 +17447,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -17678,7 +17613,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -17693,7 +17627,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -17858,7 +17791,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -17873,7 +17805,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -18040,7 +17971,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -18055,7 +17985,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -18722,51 +18651,56 @@ spec: conditions: description: Conditions define the current service state of the provider. items: - description: Condition defines an observation of a Cluster API resource - operational state. + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. - This field may be empty. - maxLength: 10240 - minLength: 1 + This may be an empty string. + maxLength: 32768 type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer reason: description: |- - reason is the reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - maxLength: 256 + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 minLength: 1 - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - maxLength: 32 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - maxLength: 256 - minLength: 1 + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime + - message + - reason - status - type type: object @@ -19157,7 +19091,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -19172,7 +19105,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -19340,7 +19272,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -19355,7 +19286,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -19521,7 +19451,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -19536,7 +19465,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -19704,7 +19632,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -19719,7 +19646,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -20628,7 +20554,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -20643,7 +20568,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -20810,7 +20734,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -20825,7 +20748,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -20990,7 +20912,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -21005,7 +20926,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -21172,7 +21092,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -21187,7 +21106,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -21855,51 +21773,56 @@ spec: conditions: description: Conditions define the current service state of the provider. items: - description: Condition defines an observation of a Cluster API resource - operational state. + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. - This field may be empty. - maxLength: 10240 - minLength: 1 + This may be an empty string. + maxLength: 32768 type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer reason: description: |- - reason is the reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - maxLength: 256 + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 minLength: 1 - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - maxLength: 32 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - maxLength: 256 - minLength: 1 + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime + - message + - reason - status - type type: object diff --git a/test/framework/conditions.go b/test/framework/conditions.go index 43988504a..fcfb39dcd 100644 --- a/test/framework/conditions.go +++ b/test/framework/conditions.go @@ -22,11 +22,10 @@ import ( "fmt" . "github.com/onsi/ginkgo/v2" //nolint:staticcheck - clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" capiconditions "sigs.k8s.io/cluster-api/util/conditions" ) -func HaveStatusConditionsTrue(getter capiconditions.Getter, conditions ...clusterv1.ConditionType) Condition { +func HaveStatusConditionsTrue(getter capiconditions.Getter, conditions ...string) Condition { return func() bool { if len(conditions) == 0 { By("Empty condition list provided. Can't be validated...") diff --git a/test/go.mod b/test/go.mod index c9872a8cc..79ad4ebe9 100644 --- a/test/go.mod +++ b/test/go.mod @@ -9,41 +9,36 @@ require ( github.com/onsi/gomega v1.38.2 github.com/opencontainers/image-spec v1.1.1 golang.org/x/tools v0.36.0 - k8s.io/api v0.32.7 - k8s.io/apiextensions-apiserver v0.32.7 - k8s.io/apimachinery v0.32.7 + k8s.io/api v0.33.3 + k8s.io/apiextensions-apiserver v0.33.3 + k8s.io/apimachinery v0.33.3 k8s.io/klog/v2 v2.130.1 k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 oras.land/oras-go/v2 v2.6.0 - sigs.k8s.io/cluster-api v1.10.4 + sigs.k8s.io/cluster-api v1.11.0 sigs.k8s.io/cluster-api-operator v0.0.0-00010101000000-000000000000 - sigs.k8s.io/cluster-api/test v1.10.4 - sigs.k8s.io/controller-runtime v0.20.4 + sigs.k8s.io/cluster-api/test v1.11.0 + sigs.k8s.io/controller-runtime v0.21.0 sigs.k8s.io/yaml v1.6.0 ) require ( al.essio.dev/pkg/shellescape v1.5.1 // indirect - cel.dev/expr v0.18.0 // indirect - dario.cat/mergo v1.0.1 // indirect github.com/BurntSushi/toml v1.4.0 // indirect github.com/MakeNowJust/heredoc v1.0.0 // indirect - github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver/v3 v3.4.0 // indirect - github.com/Masterminds/sprig/v3 v3.3.0 // indirect github.com/Microsoft/go-winio v0.5.0 // indirect github.com/ProtonMail/go-crypto v1.0.0 // indirect github.com/adrg/xdg v0.5.3 // indirect - github.com/antlr4-go/antlr/v4 v4.13.0 // indirect - github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect - github.com/cenkalti/backoff/v4 v4.3.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/cloudflare/circl v1.6.1 // indirect + github.com/containerd/errdefs v1.0.0 // indirect + github.com/containerd/errdefs/pkg v0.3.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/distribution/reference v0.6.0 // indirect - github.com/docker/docker v28.0.2+incompatible // indirect + github.com/docker/docker v28.3.3+incompatible // indirect github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-units v0.4.0 // indirect github.com/drone/envsubst/v2 v2.0.0-20210730161058-179042472c46 // indirect @@ -62,19 +57,13 @@ require ( github.com/go-viper/mapstructure/v2 v2.4.0 // indirect github.com/gobuffalo/flect v1.0.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/protobuf v1.5.4 // indirect github.com/google/btree v1.1.3 // indirect - github.com/google/cel-go v0.22.0 // indirect - github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect + github.com/google/gnostic-models v0.6.9 // indirect github.com/google/go-cmp v0.7.0 // indirect github.com/google/go-github/v53 v53.2.0 // indirect github.com/google/go-querystring v1.1.0 // indirect - github.com/google/gofuzz v1.2.0 // indirect github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 // indirect - github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 // indirect github.com/google/uuid v1.6.0 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect - github.com/huandu/xstrings v1.5.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect @@ -82,9 +71,8 @@ require ( github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-runewidth v0.0.14 // indirect - github.com/mitchellh/copystructure v1.2.0 // indirect - github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/moby/docker-image-spec v1.3.1 // indirect + github.com/moby/sys/sequential v0.6.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect @@ -93,37 +81,30 @@ require ( github.com/pelletier/go-toml v1.9.5 // indirect github.com/pelletier/go-toml/v2 v2.2.3 // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/prometheus/client_golang v1.19.1 // indirect + github.com/prometheus/client_golang v1.22.0 // indirect github.com/prometheus/client_model v0.6.1 // indirect - github.com/prometheus/common v0.55.0 // indirect + github.com/prometheus/common v0.62.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/rivo/uniseg v0.4.2 // indirect github.com/sagikazarmark/locafero v0.7.0 // indirect - github.com/shopspring/decimal v1.4.0 // indirect github.com/sourcegraph/conc v0.3.0 // indirect github.com/spf13/afero v1.12.0 // indirect github.com/spf13/cast v1.7.1 // indirect github.com/spf13/cobra v1.9.1 // indirect github.com/spf13/pflag v1.0.10 // indirect - github.com/spf13/viper v1.20.0 // indirect - github.com/stoewer/go-strcase v1.3.0 // indirect + github.com/spf13/viper v1.20.1 // indirect github.com/subosito/gotenv v1.6.0 // indirect - github.com/valyala/fastjson v1.6.4 // indirect github.com/x448/float16 v0.8.4 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect - go.opentelemetry.io/otel v1.29.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 // indirect - go.opentelemetry.io/otel/metric v1.29.0 // indirect - go.opentelemetry.io/otel/sdk v1.29.0 // indirect - go.opentelemetry.io/otel/trace v1.29.0 // indirect - go.opentelemetry.io/proto/otlp v1.3.1 // indirect + go.opentelemetry.io/auto/sdk v1.1.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect + go.opentelemetry.io/otel v1.34.0 // indirect + go.opentelemetry.io/otel/metric v1.34.0 // indirect + go.opentelemetry.io/otel/trace v1.34.0 // indirect go.uber.org/automaxprocs v1.6.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.yaml.in/yaml/v2 v2.4.2 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect golang.org/x/crypto v0.41.0 // indirect - golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect golang.org/x/mod v0.27.0 // indirect golang.org/x/net v0.43.0 // indirect golang.org/x/oauth2 v0.30.0 // indirect @@ -131,22 +112,19 @@ require ( golang.org/x/sys v0.35.0 // indirect golang.org/x/term v0.34.0 // indirect golang.org/x/text v0.28.0 // indirect - golang.org/x/time v0.8.0 // indirect + golang.org/x/time v0.9.0 // indirect gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241223144023-3abc09e42ca8 // indirect - google.golang.org/grpc v1.67.3 // indirect google.golang.org/protobuf v1.36.7 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiserver v0.32.7 // indirect - k8s.io/client-go v0.32.7 // indirect - k8s.io/cluster-bootstrap v0.32.3 // indirect - k8s.io/component-base v0.32.7 // indirect - k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect - sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.0 // indirect + k8s.io/apiserver v0.33.3 // indirect + k8s.io/client-go v0.33.3 // indirect + k8s.io/cluster-bootstrap v0.33.3 // indirect + k8s.io/component-base v0.33.3 // indirect + k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect - sigs.k8s.io/kind v0.27.0 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect + sigs.k8s.io/kind v0.29.0 // indirect + sigs.k8s.io/randfill v1.0.0 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect ) diff --git a/test/go.sum b/test/go.sum index 31653cef4..940d82caa 100644 --- a/test/go.sum +++ b/test/go.sum @@ -1,7 +1,7 @@ al.essio.dev/pkg/shellescape v1.5.1 h1:86HrALUujYS/h+GtqoB26SBEdkWfmMI6FubjXlsXyho= al.essio.dev/pkg/shellescape v1.5.1/go.mod h1:6sIqp7X2P6mThCQ7twERpZTuigpr6KbZWtls1U8I890= -cel.dev/expr v0.18.0 h1:CJ6drgk+Hf96lkLikr4rFf19WrU0BOWEihyZnI2TAzo= -cel.dev/expr v0.18.0/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw= +cel.dev/expr v0.19.1 h1:NciYrtDRIR0lNCnH1LFJegdjspNx9fI59O7TWcua/W4= +cel.dev/expr v0.19.1/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw= dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= @@ -24,8 +24,6 @@ github.com/adrg/xdg v0.5.3 h1:xRnxJXne7+oWDatRhR1JLnvuccuIeCoBu2rtuLqQB78= github.com/adrg/xdg v0.5.3/go.mod h1:nlTsY+NNiCBGCK2tpm09vRqfVzrc2fLmXGpBLF0zlTQ= github.com/antlr4-go/antlr/v4 v4.13.0 h1:lxCg3LAv+EUK6t1i0y1V6/SLeUi0eKEKdhQAlS8TVTI= github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g= -github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= -github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= @@ -38,17 +36,16 @@ github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XL github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0= github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= +github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI= +github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= +github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE= +github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/coredns/caddy v1.1.1 h1:2eYKZT7i6yxIfGP3qLJoJ7HAsDJqYB+X68g4NYjSrE0= github.com/coredns/caddy v1.1.1/go.mod h1:A6ntJQlAWuQfFlsd9hvigKbo2WS0VUs2l1e2F+BawD4= -github.com/coredns/corefile-migration v1.0.26 h1:xiiEkVB1Dwolb24pkeDUDBfygV9/XsOSq79yFCrhptY= -github.com/coredns/corefile-migration v1.0.26/go.mod h1:56DPqONc3njpVPsdilEnfijCwNGC3/kTJLl7i7SPavY= -github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4= -github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= -github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf h1:iW4rZ826su+pqaw19uhpSCzhj44qo35pNgKFGqzDKkU= -github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= -github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= +github.com/coredns/corefile-migration v1.0.27 h1:WIIw5sU0LfGgoGnhdrYdVcto/aWmJoGA/C62iwkU0JM= +github.com/coredns/corefile-migration v1.0.27/go.mod h1:56DPqONc3njpVPsdilEnfijCwNGC3/kTJLl7i7SPavY= github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -57,8 +54,8 @@ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/docker/docker v28.0.2+incompatible h1:9BILleFwug5FSSqWBgVevgL3ewDJfWWWyZVqlDMttE8= -github.com/docker/docker v28.0.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v28.3.3+incompatible h1:Dypm25kh4rmk49v1eiVbsAtpAsYURjYkaKubwuBdxEI= +github.com/docker/docker v28.3.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc= github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw= @@ -104,14 +101,12 @@ github.com/gobuffalo/flect v1.0.3 h1:xeWBM2nui+qnVvNM4S3foBhCAL2XgPU+a7FdpelbTq4 github.com/gobuffalo/flect v1.0.3/go.mod h1:A5msMlrHtLqh9umBSnvabjsMrCcCpAyzglnDvkbYKHs= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= -github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= -github.com/google/cel-go v0.22.0 h1:b3FJZxpiv1vTMo2/5RDUqAHPxkT8mmMfJIrq1llbf7g= -github.com/google/cel-go v0.22.0/go.mod h1:BuznPXXfQDpXKWQ9sPW3TzlAJN5zzFe+i9tIs0yC4s8= -github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 h1:0VpGH+cDhbDtdcweoyCVsF3fhN8kejK6rFe/2FFX2nU= -github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49/go.mod h1:BkkQ4L1KS1xMt2aWSPStnn55ChGC0DPOn2FQYj+f25M= +github.com/google/cel-go v0.23.2 h1:UdEe3CvQh3Nv+E/j9r1Y//WO0K0cSyD7/y0bzyLIMI4= +github.com/google/cel-go v0.23.2/go.mod h1:52Pb6QsDbC5kvgxvZhiL9QX1oZEkcUF/ZqaPx1J5Wwo= +github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw= +github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= @@ -126,16 +121,13 @@ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 h1:BHT72Gu3keYf3ZEu2J0b1vyeLSOYI8bm5wbJM/8yDe8= github.com/google/pprof v0.0.0-20250403155104-27863c87afa6/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA= -github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 h1:SJ+NtwL6QaZ21U+IrK7d0gGgpjGGvd2kz+FzTHVzdqI= -github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2/go.mod h1:Tv1PlzqC9t8wNnpPdctvtSUOPUUg4SHeE6vR1Ir2hmg= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho= -github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k= +github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 h1:TmHmbvxPmaegwhDubVz0lICL0J5Ka2vwTzhoePEXsGE= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0/go.mod h1:qztMSjm835F2bXf+5HKAPIS5qsmQDqZna/PgVt4rWtI= github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI= github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= @@ -146,6 +138,8 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo= +github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= @@ -153,6 +147,8 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= +github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= @@ -169,6 +165,10 @@ github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zx github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= +github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw= +github.com/moby/sys/atomicwriter v0.1.0/go.mod h1:Ul8oqv2ZMNHOceF643P6FKPXeCmYtlQMvpizfsSoaWs= +github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU= +github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko= github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -196,24 +196,23 @@ github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNH github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= -github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g= github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U= -github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE= -github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= +github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q= +github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= -github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= -github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= +github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ2Io= +github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.2 h1:YwD0ulJSJytLpiaWua0sBDusfsCZohxjxzVTYjwxfV8= github.com/rivo/uniseg v0.4.2/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= -github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= -github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= +github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= +github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sagikazarmark/locafero v0.7.0 h1:5MqpDsTGNDhY8sGp0Aowyf0qKsPrhewaLSsFaodPcyo= github.com/sagikazarmark/locafero v0.7.0/go.mod h1:2za3Cg5rMaTMoG/2Ulr9AwtFaIppKXTRYnozin4aB5k= @@ -233,13 +232,15 @@ github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wx github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk= github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v1.20.0 h1:zrxIyR3RQIOsarIrgL8+sAvALXul9jeEPa06Y0Ph6vY= -github.com/spf13/viper v1.20.0/go.mod h1:P9Mdzt1zoHIG8m2eZQinpiBjo6kCmZSKBClNNqjJvu4= +github.com/spf13/viper v1.20.1 h1:ZMi+z/lvLyPSCoNtFCpqjy0S4kPbirhpTMwl8BkW9X4= +github.com/spf13/viper v1.20.1/go.mod h1:P9Mdzt1zoHIG8m2eZQinpiBjo6kCmZSKBClNNqjJvu4= github.com/stoewer/go-strcase v1.3.0 h1:g0eASXYtp+yvN9fK8sH94oCIk0fau9uV1/ZdJ0AVEzs= github.com/stoewer/go-strcase v1.3.0/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= @@ -249,39 +250,31 @@ github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOf github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8= github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU= -github.com/valyala/fastjson v1.6.4 h1:uAUNq9Z6ymTgGhcm0UynUAB6tlbakBrz6CQFax3BXVQ= -github.com/valyala/fastjson v1.6.4/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -go.etcd.io/etcd/api/v3 v3.5.20 h1:aKfz3nPZECWoZJXMSH9y6h2adXjtOHaHTGEVCuCmaz0= -go.etcd.io/etcd/api/v3 v3.5.20/go.mod h1:QqKGViq4KTgOG43dr/uH0vmGWIaoJY3ggFi6ZH0TH/U= -go.etcd.io/etcd/client/pkg/v3 v3.5.20 h1:sZIAtra+xCo56gdf6BR62to/hiie5Bwl7hQIqMzVTEM= -go.etcd.io/etcd/client/pkg/v3 v3.5.20/go.mod h1:qaOi1k4ZA9lVLejXNvyPABrVEe7VymMF2433yyRQ7O0= -go.etcd.io/etcd/client/v3 v3.5.20 h1:jMT2MwQEhyvhQg49Cec+1ZHJzfUf6ZgcmV0GjPv0tIQ= -go.etcd.io/etcd/client/v3 v3.5.20/go.mod h1:J5lbzYRMUR20YolS5UjlqqMcu3/wdEvG5VNBhzyo3m0= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 h1:r6I7RJCN86bpD/FQwedZ0vSixDpwuWREjW9oRMsmqDc= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0/go.mod h1:B9yO6b04uB80CzjedvewuqDhxJxi11s7/GtiGa8bAjI= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 h1:TT4fX+nBOA/+LUkobKGW1ydGcn+G3vRw9+g5HwCphpk= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0/go.mod h1:L7UH0GbB0p47T4Rri3uHjbpCFYrVrwc1I25QhNPiGK8= -go.opentelemetry.io/otel v1.29.0 h1:PdomN/Al4q/lN6iBJEN3AwPvUiHPMlt93c8bqTG5Llw= -go.opentelemetry.io/otel v1.29.0/go.mod h1:N/WtXPs1CNCUEx+Agz5uouwCba+i+bJGFicT8SR4NP8= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9ROb4G8qkH90LXEIICcs5zv1OYY= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 h1:qFffATk0X+HD+f1Z8lswGiOQYKHRlzfmdJm0wEaVrFA= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0/go.mod h1:MOiCmryaYtc+V0Ei+Tx9o5S1ZjA7kzLucuVuyzBZloQ= +go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= +go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 h1:yd02MEjBdJkG3uabWP9apV+OuWRIXGDuJEUJbOHmCFU= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0/go.mod h1:umTcuxiv1n/s/S6/c2AT/g2CQ7u5C59sHDNmfSwgz7Q= +go.opentelemetry.io/otel v1.34.0 h1:zRLXxLCgL1WyKsPVrgbSdMN4c0FMkDAskSTQP+0hdUY= +go.opentelemetry.io/otel v1.34.0/go.mod h1:OWFPOQ+h4G8xpyjgqo4SxJYdDQ/qmRH+wivy7zzx9oI= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 h1:Vh5HayB/0HHfOQA7Ctx69E/Y/DcQSMPpKANYVMQ7fBA= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0/go.mod h1:cpgtDBaqD/6ok/UG0jT15/uKjAY8mRA53diogHBg3UI= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0 h1:5pojmb1U1AogINhN3SurB+zm/nIcusopeBNp42f45QM= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0/go.mod h1:57gTHJSE5S1tqg+EKsLPlTWhpHMsWlVmer+LA926XiA= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.22.0 h1:FyjCyI9jVEfqhUh2MoSkmolPjfh5fp2hnV0b0irxH4Q= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.22.0/go.mod h1:hYwym2nDEeZfG/motx0p7L7J1N1vyzIThemQsb4g2qY= -go.opentelemetry.io/otel/metric v1.29.0 h1:vPf/HFWTNkPu1aYeIsc98l4ktOQaL6LeSoeV2g+8YLc= -go.opentelemetry.io/otel/metric v1.29.0/go.mod h1:auu/QWieFVWx+DmQOUMgj0F8LHWdgalxXqvp7BII/W8= -go.opentelemetry.io/otel/sdk v1.29.0 h1:vkqKjk7gwhS8VaWb0POZKmIEDimRCMsopNYnriHyryo= -go.opentelemetry.io/otel/sdk v1.29.0/go.mod h1:pM8Dx5WKnvxLCb+8lG1PRNIDxu9g9b9g59Qr7hfAAok= -go.opentelemetry.io/otel/trace v1.29.0 h1:J/8ZNK4XgR7a21DZUAsbF8pZ5Jcw1VhACmnYt39JTi4= -go.opentelemetry.io/otel/trace v1.29.0/go.mod h1:eHl3w0sp3paPkYstJOmAimxhiFXPg+MMTlEh3nsQgWQ= -go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= -go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= +go.opentelemetry.io/otel/metric v1.34.0 h1:+eTR3U0MyfWjRDhmFMxe2SsW64QrZ84AOhvqS7Y+PoQ= +go.opentelemetry.io/otel/metric v1.34.0/go.mod h1:CEDrp0fy2D0MvkXE+dPV7cMi8tWZwX3dmaIhwPOaqHE= +go.opentelemetry.io/otel/sdk v1.34.0 h1:95zS4k/2GOy069d321O8jWgYsW3MzVV+KuSPKp7Wr1A= +go.opentelemetry.io/otel/sdk v1.34.0/go.mod h1:0e/pNiaMAqaykJGKbi+tSjWfNNHMTxoC9qANsCzbyxU= +go.opentelemetry.io/otel/trace v1.34.0 h1:+ouXS2V8Rd4hp4580a8q23bg0azF2nI8cqLYnC8mh/k= +go.opentelemetry.io/otel/trace v1.34.0/go.mod h1:Svm7lSjQD7kG7KJ/MUHPVXSDGz2OX4h0M2jHBhmSfRE= +go.opentelemetry.io/proto/otlp v1.4.0 h1:TA9WRvW6zMwP+Ssb6fLoUIuirti1gGbP28GcKG1jgeg= +go.opentelemetry.io/proto/otlp v1.4.0/go.mod h1:PPBWZIP98o2ElSqI35IHfu7hIhSwvc5N38Jw8pXuGFY= go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs= go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= @@ -361,8 +354,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng= golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU= -golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg= -golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY= +golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= @@ -377,12 +370,13 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.5.0 h1:JELs8RLM12qJGXU4u/TO3V25KW8GreMKl9pdkk14RM0= gomodules.xyz/jsonpatch/v2 v2.5.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 h1:CkkIfIt50+lT6NHAVoRYEyAvQGFM7xEwXUUywFvEb3Q= -google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576/go.mod h1:1R3kvZ1dtP3+4p4d3G8uJ8rFk/fWlScl38vanWACI08= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241223144023-3abc09e42ca8 h1:TqExAhdPaB60Ux47Cn0oLV07rGnxZzIsaRhQaqS666A= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241223144023-3abc09e42ca8/go.mod h1:lcTa1sDdWEIHMWlITnIczmw5w60CF9ffkb8Z+DVmmjA= -google.golang.org/grpc v1.67.3 h1:OgPcDAFKHnH8X3O4WcO4XUc8GRDeKsKReqbQtiCj7N8= -google.golang.org/grpc v1.67.3/go.mod h1:YGaHCc6Oap+FzBJTZLBzkGSYt/cvGPFTPxkn7QfSU8s= +google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 h1:ToEetK57OidYuqD4Q5w+vfEnPvPpuTwedCNVohYJfNk= +google.golang.org/genproto/googleapis/api v0.0.0-20250106144421-5f5ef82da422 h1:GVIKPyP/kLIyVOgOnTwFOrvQaQUzOzGMCxgFUOEmm24= +google.golang.org/genproto/googleapis/api v0.0.0-20250106144421-5f5ef82da422/go.mod h1:b6h1vNKhxaSoEI+5jc3PJUCustfli/mRab7295pY7rw= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f h1:OxYkA3wjPsZyBylwymxSHa7ViiW1Sml4ToBrncvFehI= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f/go.mod h1:+2Yz8+CLJbIfL9z73EW45avw8Lmge3xVElCP9zEKi50= +google.golang.org/grpc v1.71.3 h1:iEhneYTxOruJyZAxdAv8Y0iRZvsc5M6KoW7UA0/7jn0= +google.golang.org/grpc v1.71.3/go.mod h1:H0GRtasmQOh9LkFoCPDu3ZrwUtD1YGE+b2vYBYd/8Ec= google.golang.org/protobuf v1.36.7 h1:IgrO7UwFQGJdRNXH/sQux4R1Dj1WAKcLElzeeRaXV2A= google.golang.org/protobuf v1.36.7/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -397,42 +391,45 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= -k8s.io/api v0.32.7 h1:CBhHkoi3YJW8QQI6VL/Hu9f1HHVImmuIh513d4H4VfQ= -k8s.io/api v0.32.7/go.mod h1:YEB46LZ/M0/9t0m+R2FxW5fkZAUR/eoS6sZQKS3mBYk= -k8s.io/apiextensions-apiserver v0.32.7 h1:w7IzqA3SZG9KNm5YMtrrqY3ipPgt13rZevDaZSubARA= -k8s.io/apiextensions-apiserver v0.32.7/go.mod h1:CelzsiBUTLZeJ+MxBEcuDEgu9Qr3LQkZqmydvA/W9UA= -k8s.io/apimachinery v0.32.7 h1:1vTegNQIfM7dvZrMV5//6jJv2odKAnadv9Bg+doJmaA= -k8s.io/apimachinery v0.32.7/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= -k8s.io/apiserver v0.32.7 h1:BJADFQpbKM1LC5GTueefdnDjzu5PUXAcEgWZrs2gj18= -k8s.io/apiserver v0.32.7/go.mod h1:a3O36FgT3dQ26oufk9/1VVmWcna/OLQjofirYiocfQI= -k8s.io/client-go v0.32.7 h1:ZDhv3JTaQ/IejnNXRePBZdRecAEvxf8+pFdt/ruuWXc= -k8s.io/client-go v0.32.7/go.mod h1:/he4Akuzee/lTiWmcsrpZfCQ2LPNLTC2qqumLVAw/Fw= -k8s.io/cluster-bootstrap v0.32.3 h1:AqIpsUhB6MUeaAsl1WvaUw54AHRd2hfZrESlKChtd8s= -k8s.io/cluster-bootstrap v0.32.3/go.mod h1:CHbBwgOb6liDV6JFUTkx5t85T2xidy0sChBDoyYw344= -k8s.io/component-base v0.32.7 h1:iXfcDveIsx0CyB0b8qo0/4pfgmhwshaO/u4ij1hZeAM= -k8s.io/component-base v0.32.7/go.mod h1:Qfa6+z8IIyIdyqewerOlWaibCsxKbpBNd3ATNrPKe/A= +k8s.io/api v0.33.3 h1:SRd5t//hhkI1buzxb288fy2xvjubstenEKL9K51KBI8= +k8s.io/api v0.33.3/go.mod h1:01Y/iLUjNBM3TAvypct7DIj0M0NIZc+PzAHCIo0CYGE= +k8s.io/apiextensions-apiserver v0.33.3 h1:qmOcAHN6DjfD0v9kxL5udB27SRP6SG/MTopmge3MwEs= +k8s.io/apiextensions-apiserver v0.33.3/go.mod h1:oROuctgo27mUsyp9+Obahos6CWcMISSAPzQ77CAQGz8= +k8s.io/apimachinery v0.33.3 h1:4ZSrmNa0c/ZpZJhAgRdcsFcZOw1PQU1bALVQ0B3I5LA= +k8s.io/apimachinery v0.33.3/go.mod h1:BHW0YOu7n22fFv/JkYOEfkUYNRN0fj0BlvMFWA7b+SM= +k8s.io/apiserver v0.33.3 h1:Wv0hGc+QFdMJB4ZSiHrCgN3zL3QRatu56+rpccKC3J4= +k8s.io/apiserver v0.33.3/go.mod h1:05632ifFEe6TxwjdAIrwINHWE2hLwyADFk5mBsQa15E= +k8s.io/client-go v0.33.3 h1:M5AfDnKfYmVJif92ngN532gFqakcGi6RvaOF16efrpA= +k8s.io/client-go v0.33.3/go.mod h1:luqKBQggEf3shbxHY4uVENAxrDISLOarxpTKMiUuujg= +k8s.io/cluster-bootstrap v0.33.3 h1:u2NTxJ5CFSBFXaDxLQoOWMly8eni31psVso+caq6uwI= +k8s.io/cluster-bootstrap v0.33.3/go.mod h1:p970f8u8jf273zyQ5raD8WUu2XyAl0SAWOY82o7i/ds= +k8s.io/component-base v0.33.3 h1:mlAuyJqyPlKZM7FyaoM/LcunZaaY353RXiOd2+B5tGA= +k8s.io/component-base v0.33.3/go.mod h1:ktBVsBzkI3imDuxYXmVxZ2zxJnYTZ4HAsVj9iF09qp4= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y= -k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4= +k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff h1:/usPimJzUKKu+m+TE36gUyGcf03XZEP0ZIKgKj35LS4= +k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff/go.mod h1:5jIi+8yX4RIb8wk3XwBo5Pq2ccx4FP10ohkbSKCZoK8= k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro= k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= oras.land/oras-go/v2 v2.6.0 h1:X4ELRsiGkrbeox69+9tzTu492FMUu7zJQW6eJU+I2oc= oras.land/oras-go/v2 v2.6.0/go.mod h1:magiQDfG6H1O9APp+rOsvCPcW1GD2MM7vgnKY0Y+u1o= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.0 h1:CPT0ExVicCzcpeN4baWEV2ko2Z/AsiZgEdwgcfwLgMo= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.0/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= -sigs.k8s.io/cluster-api v1.10.4 h1:5mdyWLGbbwOowWrjqM/J9N600QnxTohu5J1/1YR6g7c= -sigs.k8s.io/cluster-api v1.10.4/go.mod h1:68GJs286ZChsncp+TxYNj/vhy2NWokiPtH4+SA0afs0= -sigs.k8s.io/cluster-api/test v1.10.4 h1:1CJp7yjh2XazaPFtZzxSby9Gip2yjW0dNxyyHR7VjDk= -sigs.k8s.io/cluster-api/test v1.10.4/go.mod h1:n2LsLQxc4RSLDjUXhgzquSTagZTJpUcY7uwtQtCRmaY= -sigs.k8s.io/controller-runtime v0.20.4 h1:X3c+Odnxz+iPTRobG4tp092+CvBU9UK0t/bRf+n0DGU= -sigs.k8s.io/controller-runtime v0.20.4/go.mod h1:xg2XB0K5ShQzAgsoujxuKN4LNXR2LfwwHsPj7Iaw+XY= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2 h1:jpcvIRr3GLoUoEKRkHKSmGjxb6lWwrBlJsXc+eUYQHM= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= +sigs.k8s.io/cluster-api v1.11.0 h1:4ZqKxjhdP3F/vvHMd675rGsDrT/siggnFPt5eKQ8nkI= +sigs.k8s.io/cluster-api v1.11.0/go.mod h1:gGmNlHrtJe3z0YV3J6JRy5Rwh9SfzokjQaS+Fv3DBPE= +sigs.k8s.io/cluster-api/test v1.11.0 h1:dvwMAb5rm4Z7Kj3l9FkeYTWfSthpN0oX3gvUrd8ej24= +sigs.k8s.io/cluster-api/test v1.11.0/go.mod h1:2f489Lp5TKPGVhNL6V3huq8fp6eb23APlY2cLbhuDBU= +sigs.k8s.io/controller-runtime v0.21.0 h1:CYfjpEuicjUecRk+KAeyYh+ouUBn4llGyDYytIGcJS8= +sigs.k8s.io/controller-runtime v0.21.0/go.mod h1:OSg14+F65eWqIu4DceX7k/+QRAbTTvxeQSNSOQpukWM= sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8= sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo= -sigs.k8s.io/kind v0.27.0 h1:PQ3f0iAWNIj66LYkZ1ivhEg/+Zb6UPMbO+qVei/INZA= -sigs.k8s.io/kind v0.27.0/go.mod h1:RZVFmy6qcwlSWwp6xeIUv7kXCPF3i8MXsEXxW/J+gJY= -sigs.k8s.io/structured-merge-diff/v4 v4.4.2 h1:MdmvkGuXi/8io6ixD5wud3vOLwc1rj0aNqRlpuvjmwA= -sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= +sigs.k8s.io/kind v0.29.0 h1:3TpCsyh908IkXXpcSnsMjWdwdWjIl7o9IMZImZCWFnI= +sigs.k8s.io/kind v0.29.0/go.mod h1:ldWQisw2NYyM6k64o/tkZng/1qQW7OlzcN5a8geJX3o= +sigs.k8s.io/randfill v0.0.0-20250304075658-069ef1bbf016/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= +sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= +sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= +sigs.k8s.io/structured-merge-diff/v4 v4.6.0 h1:IUA9nvMmnKWcj5jl84xn+T5MnlZKThmUW1TdblaLVAc= +sigs.k8s.io/structured-merge-diff/v4 v4.6.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4=