airship/airshipctl
Code Issues Proposed changes

Add Cluster API Bootstrap Provider Kubeadm

Browse Source 
Cluster API bootstrap provider Kubeadm (CABPK) is a component of
Cluster API that is responsible of generating a cloud-init script to
turn a Machine into a Kubernetes Node

Change-Id: Iba71be2bae90c2bb19a52624329ff841717fc349
This commit is contained in:
Nikolay Fedorov 2020-01-31 17:43:18 +04:00
parent 0f21921065
commit 674f8109ca
13 changed files with 1895 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
manifests/function/kubeadm/kustomization.yaml Normal file
View File

@ -0,0 +1,18 @@
resources:
- ../../global/crd/kubeadm
- rbac
- provider.yaml
- namespace.yaml
commonLabels:
# NOTE We can't use airshipit.org/clustertype
# bacause a label can't consists of multiple values
airshipit.org/ephemeral: "true"
airshipit.org/target: "true"
namespace: capbk
#vars:
# $(IMAGE_PULL_POLICY)
# The image pull policy by default should be "IfNotPresent",
# it should be globally defined for all images

4
manifests/function/kubeadm/namespace.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: capbk

58
manifests/function/kubeadm/provider.yaml Normal file
View File

@ -0,0 +1,58 @@
---
apiVersion: v1
kind: Service
metadata:
annotations:
prometheus.io/port: "8443"
prometheus.io/scheme: https
prometheus.io/scrape: "true"
labels:
control-plane: cabpk-controller-manager
name: cabpk-controller-manager-metrics-service
spec:
ports:
- name: https
port: 8443
targetPort: https
selector:
control-plane: cabpk-controller-manager
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
control-plane: cabpk-controller-manager
name: cabpk-controller-manager
spec:
replicas: 1
selector:
matchLabels:
control-plane: cabpk-controller-manager
template:
metadata:
labels:
control-plane: cabpk-controller-manager
spec:
containers:
- args:
- --secure-listen-address=0.0.0.0:8443
- --upstream=http://127.0.0.1:8080/
- --logtostderr=true
- --v=10
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0
imagePullPolicy: $(IMAGE_PULL_POLICY)
name: kube-rbac-proxy
ports:
- containerPort: 8443
name: https
- args:
- --metrics-addr=127.0.0.1:8080
- --v=4
- --enable-leader-election
image: gcr.io/k8s-staging-capi-kubeadm/cluster-api-kubeadm-controller:latest
imagePullPolicy: $(IMAGE_PULL_POLICY)
name: manager
terminationGracePeriodSeconds: 10
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master

26
manifests/function/kubeadm/rbac/cabpk-leader-election-role.yaml Normal file
View File

@ -0,0 +1,26 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: cabpk-leader-election-role
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch

12
manifests/function/kubeadm/rbac/cabpk-leader-election-rolebinding.yaml Normal file
View File

@ -0,0 +1,12 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: cabpk-leader-election-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: cabpk-leader-election-role
subjects:
- kind: ServiceAccount
name: default

45
manifests/function/kubeadm/rbac/cabpk-manager-role.yaml Normal file
View File

@ -0,0 +1,45 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: cabpk-manager-role
rules:
- apiGroups:
- ""
resources:
- configmaps
- events
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- bootstrap.cluster.x-k8s.io
resources:
- kubeadmconfigs
- kubeadmconfigs/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters
- clusters/status
- machines
- machines/status
verbs:
- get
- list
- watch

12
manifests/function/kubeadm/rbac/cabpk-manager-rolebinding.yaml Normal file
View File

@ -0,0 +1,12 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cabpk-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cabpk-manager-role
subjects:
- kind: ServiceAccount
name: default

18
manifests/function/kubeadm/rbac/cabpk-proxy-role.yaml Normal file
View File

@ -0,0 +1,18 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cabpk-proxy-role
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create

12
manifests/function/kubeadm/rbac/cabpk-proxy-rolebinding.yaml Normal file
View File

@ -0,0 +1,12 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cabpk-proxy-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cabpk-proxy-role
subjects:
- kind: ServiceAccount
name: default

7
manifests/function/kubeadm/rbac/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
resources:
- cabpk-leader-election-rolebinding.yaml
- cabpk-leader-election-role.yaml
- cabpk-manager-rolebinding.yaml
- cabpk-manager-role.yaml
- cabpk-proxy-rolebinding.yaml
- cabpk-proxy-role.yaml

821
manifests/global/crd/kubeadm/kubeadmconfigs.bootstrap.cluster.x-k8s.io.yaml Normal file
View File

@ -0,0 +1,821 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
name: kubeadmconfigs.bootstrap.cluster.x-k8s.io
spec:
group: bootstrap.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: KubeadmConfig
listKind: KubeadmConfigList
plural: kubeadmconfigs
singular: kubeadmconfig
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
description: KubeadmConfig is the Schema for the kubeadmconfigs API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: KubeadmConfigSpec defines the desired state of KubeadmConfig.
Either ClusterConfiguration and InitConfiguration should be defined or
the JoinConfiguration should be defined.
properties:
clusterConfiguration:
description: ClusterConfiguration along with InitConfiguration are the
configurations necessary for the init command
properties:
apiServer:
description: APIServer contains extra settings for the API server
control plane component
properties:
certSANs:
description: CertSANs sets extra Subject Alternative Names for
the API Server signing cert.
items:
type: string
type: array
extraArgs:
additionalProperties:
type: string
description: 'ExtraArgs is an extra set of flags to pass to
the control plane component. TODO: This is temporary and ideally
we would like to switch all components to use ComponentConfig
+ ConfigMaps.'
type: object
extraVolumes:
description: ExtraVolumes is an extra set of host volumes, mounted
to the control plane component.
items:
description: HostPathMount contains elements describing volumes
that are mounted from the host.
properties:
hostPath:
description: HostPath is the path in the host that will
be mounted inside the pod.
type: string
mountPath:
description: MountPath is the path inside the pod where
hostPath will be mounted.
type: string
name:
description: Name of the volume inside the pod template.
type: string
pathType:
description: PathType is the type of the HostPath.
type: string
readOnly:
description: ReadOnly controls write access to the volume
type: boolean
required:
- hostPath
- mountPath
- name
type: object
type: array
timeoutForControlPlane:
description: TimeoutForControlPlane controls the timeout that
we use for API server to appear
type: string
type: object
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the
latest internal value, and may reject unrecognized values. More
info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
certificatesDir:
description: CertificatesDir specifies where to store or look for
all required certificates.
type: string
clusterName:
description: The cluster name
type: string
controlPlaneEndpoint:
description: 'ControlPlaneEndpoint sets a stable IP address or DNS
name for the control plane; it can be a valid IP address or a
RFC-1123 DNS subdomain, both with optional TCP port. In case the
ControlPlaneEndpoint is not specified, the AdvertiseAddress +
BindPort are used; in case the ControlPlaneEndpoint is specified
but without a TCP port, the BindPort is used. Possible usages
are: e.g. In a cluster with more than one control plane instances,
this field should be assigned the address of the external load
balancer in front of the control plane instances. e.g. in environments
with enforced node recycling, the ControlPlaneEndpoint could be
used for assigning a stable DNS to the control plane. NB: This
value defaults to the first value in the Cluster object status.apiEndpoints
array.'
type: string
controllerManager:
description: ControllerManager contains extra settings for the controller
manager control plane component
properties:
extraArgs:
additionalProperties:
type: string
description: 'ExtraArgs is an extra set of flags to pass to
the control plane component. TODO: This is temporary and ideally
we would like to switch all components to use ComponentConfig
+ ConfigMaps.'
type: object
extraVolumes:
description: ExtraVolumes is an extra set of host volumes, mounted
to the control plane component.
items:
description: HostPathMount contains elements describing volumes
that are mounted from the host.
properties:
hostPath:
description: HostPath is the path in the host that will
be mounted inside the pod.
type: string
mountPath:
description: MountPath is the path inside the pod where
hostPath will be mounted.
type: string
name:
description: Name of the volume inside the pod template.
type: string
pathType:
description: PathType is the type of the HostPath.
type: string
readOnly:
description: ReadOnly controls write access to the volume
type: boolean
required:
- hostPath
- mountPath
- name
type: object
type: array
type: object
dns:
description: DNS defines the options for the DNS add-on installed
in the cluster.
properties:
imageRepository:
description: ImageRepository sets the container registry to
pull images from. if not set, the ImageRepository defined
in ClusterConfiguration will be used instead.
type: string
imageTag:
description: ImageTag allows to specify a tag for the image.
In case this value is set, kubeadm does not change automatically
the version of the above components during upgrades.
type: string
type:
description: Type defines the DNS add-on to be used
type: string
required:
- type
type: object
etcd:
description: Etcd holds configuration for etcd.
properties:
external:
description: External describes how to connect to an external
etcd cluster Local and External are mutually exclusive
properties:
caFile:
description: CAFile is an SSL Certificate Authority file
used to secure etcd communication. Required if using a
TLS connection.
type: string
certFile:
description: CertFile is an SSL certification file used
to secure etcd communication. Required if using a TLS
connection.
type: string
endpoints:
description: Endpoints of etcd members. Required for ExternalEtcd.
items:
type: string
type: array
keyFile:
description: KeyFile is an SSL key file used to secure etcd
communication. Required if using a TLS connection.
type: string
required:
- caFile
- certFile
- endpoints
- keyFile
type: object
local:
description: Local provides configuration knobs for configuring
the local etcd instance Local and External are mutually exclusive
properties:
dataDir:
description: DataDir is the directory etcd will place its
data. Defaults to "/var/lib/etcd".
type: string
extraArgs:
additionalProperties:
type: string
description: ExtraArgs are extra arguments provided to the
etcd binary when run inside a static pod.
type: object
imageRepository:
description: ImageRepository sets the container registry
to pull images from. if not set, the ImageRepository defined
in ClusterConfiguration will be used instead.
type: string
imageTag:
description: ImageTag allows to specify a tag for the image.
In case this value is set, kubeadm does not change automatically
the version of the above components during upgrades.
type: string
peerCertSANs:
description: PeerCertSANs sets extra Subject Alternative
Names for the etcd peer signing cert.
items:
type: string
type: array
serverCertSANs:
description: ServerCertSANs sets extra Subject Alternative
Names for the etcd server signing cert.
items:
type: string
type: array
required:
- dataDir
type: object
type: object
featureGates:
additionalProperties:
type: boolean
description: FeatureGates enabled by the user.
type: object
imageRepository:
description: ImageRepository sets the container registry to pull
images from. If empty, `k8s.gcr.io` will be used by default; in
case of kubernetes version is a CI build (kubernetes version starts
with `ci/` or `ci-cross/`) `gcr.io/kubernetes-ci-images` will
be used as a default for control plane components and for kube-proxy,
while `k8s.gcr.io` will be used for all the other images.
type: string
kind:
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint
the client submits requests to. Cannot be updated. In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
kubernetesVersion:
description: 'KubernetesVersion is the target version of the control
plane. NB: This value defaults to the Machine object spec.kuberentesVersion'
type: string
networking:
description: 'Networking holds configuration for the networking
topology of the cluster. NB: This value defaults to the Cluster
object spec.clusterNetwork.'
properties:
dnsDomain:
description: DNSDomain is the dns domain used by k8s services.
Defaults to "cluster.local".
type: string
podSubnet:
description: PodSubnet is the subnet used by pods.
type: string
serviceSubnet:
description: ServiceSubnet is the subnet used by k8s services.
Defaults to "10.96.0.0/12".
type: string
required:
- dnsDomain
- podSubnet
- serviceSubnet
type: object
scheduler:
description: Scheduler contains extra settings for the scheduler
control plane component
properties:
extraArgs:
additionalProperties:
type: string
description: 'ExtraArgs is an extra set of flags to pass to
the control plane component. TODO: This is temporary and ideally
we would like to switch all components to use ComponentConfig
+ ConfigMaps.'
type: object
extraVolumes:
description: ExtraVolumes is an extra set of host volumes, mounted
to the control plane component.
items:
description: HostPathMount contains elements describing volumes
that are mounted from the host.
properties:
hostPath:
description: HostPath is the path in the host that will
be mounted inside the pod.
type: string
mountPath:
description: MountPath is the path inside the pod where
hostPath will be mounted.
type: string
name:
description: Name of the volume inside the pod template.
type: string
pathType:
description: PathType is the type of the HostPath.
type: string
readOnly:
description: ReadOnly controls write access to the volume
type: boolean
required:
- hostPath
- mountPath
- name
type: object
type: array
type: object
useHyperKubeImage:
description: UseHyperKubeImage controls if hyperkube should be used
for Kubernetes components instead of their respective separate
images
type: boolean
type: object
files:
description: Files specifies extra files to be passed to user_data upon
creation.
items:
description: File defines the input for generating write_files in
cloud-init.
properties:
content:
description: Content is the actual content of the file.
type: string
encoding:
description: Encoding specifies the encoding of the file contents.
enum:
- base64
- gzip
- gzip+base64
type: string
owner:
description: Owner specifies the ownership of the file, e.g. "root:root".
type: string
path:
description: Path specifies the full path on disk where to store
the file.
type: string
permissions:
description: Permissions specifies the permissions to assign to
the file, e.g. "0640".
type: string
required:
- content
- path
type: object
type: array
format:
description: Format specifies the output format of the bootstrap data
enum:
- cloud-config
type: string
initConfiguration:
description: InitConfiguration along with ClusterConfiguration are the
configurations necessary for the init command
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the
latest internal value, and may reject unrecognized values. More
info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
bootstrapTokens:
description: BootstrapTokens is respected at `kubeadm init` time
and describes a set of Bootstrap Tokens to create. This information
IS NOT uploaded to the kubeadm cluster configmap, partly because
of its sensitive nature
items:
description: BootstrapToken describes one bootstrap token, stored
as a Secret in the cluster
properties:
description:
description: Description sets a human-friendly message why
this token exists and what it's used for, so other administrators
can know its purpose.
type: string
expires:
description: Expires specifies the timestamp when this token
expires. Defaults to being set dynamically at runtime based
on the TTL. Expires and TTL are mutually exclusive.
format: date-time
type: string
groups:
description: Groups specifies the extra groups that this token
will authenticate as when/if used for authentication
items:
type: string
type: array
token:
description: Token is used for establishing bidirectional
trust between nodes and control-planes. Used for joining
nodes in the cluster.
type: object
ttl:
description: TTL defines the time to live for this token.
Defaults to 24h. Expires and TTL are mutually exclusive.
type: string
usages:
description: Usages describes the ways in which this token
can be used. Can by default be used for establishing bidirectional
trust, but that can be changed here.
items:
type: string
type: array
required:
- token
type: object
type: array
kind:
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint
the client submits requests to. Cannot be updated. In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
localAPIEndpoint:
description: LocalAPIEndpoint represents the endpoint of the API
server instance that's deployed on this control plane node In
HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint
in the sense that ControlPlaneEndpoint is the global endpoint
for the cluster, which then loadbalances the requests to each
individual API server. This configuration object lets you customize
what IP/DNS name and port the local API server advertises it's
accessible on. By default, kubeadm tries to auto-detect the IP
of the default interface and use that, but in case that process
fails you may set the desired value here.
properties:
advertiseAddress:
description: AdvertiseAddress sets the IP address for the API
server to advertise.
type: string
bindPort:
description: BindPort sets the secure port for the API Server
to bind to. Defaults to 6443.
format: int32
type: integer
required:
- advertiseAddress
- bindPort
type: object
nodeRegistration:
description: NodeRegistration holds fields that relate to registering
the new control-plane node to the cluster
properties:
criSocket:
description: CRISocket is used to retrieve container runtime
info. This information will be annotated to the Node API object,
for later re-use
type: string
kubeletExtraArgs:
additionalProperties:
type: string
description: KubeletExtraArgs passes through extra arguments
to the kubelet. The arguments here are passed to the kubelet
command line via the environment file kubeadm writes at runtime
for the kubelet to source. This overrides the generic base-level
configuration in the kubelet-config-1.X ConfigMap Flags have
higher priority when parsing. These values are local and specific
to the node kubeadm is executing on.
type: object
name:
description: Name is the `.Metadata.Name` field of the Node
API object that will be created in this `kubeadm init` or
`kubeadm join` operation. This field is also used in the CommonName
field of the kubelet's client certificate to the API server.
Defaults to the hostname of the node if not provided.
type: string
taints:
description: 'Taints specifies the taints the Node API object
should be registered with. If this field is unset, i.e. nil,
in the `kubeadm init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}.
If you don''t want to taint your control-plane node, set this
field to an empty slice, i.e. `taints: {}` in the YAML file.
This field is solely used for Node registration.'
items:
description: The node this Taint is attached to has the "effect"
on any pod that does not tolerate the Taint.
properties:
effect:
description: Required. The effect of the taint on pods
that do not tolerate the taint. Valid effects are NoSchedule,
PreferNoSchedule and NoExecute.
type: string
key:
description: Required. The taint key to be applied to
a node.
type: string
timeAdded:
description: TimeAdded represents the time at which the
taint was added. It is only written for NoExecute taints.
format: date-time
type: string
value:
description: Required. The taint value corresponding to
the taint key.
type: string
required:
- effect
- key
type: object
type: array
type: object
type: object
joinConfiguration:
description: JoinConfiguration is the kubeadm configuration for the
join command
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the
latest internal value, and may reject unrecognized values. More
info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
caCertPath:
description: 'CACertPath is the path to the SSL certificate authority
used to secure comunications between node and control-plane. Defaults
to "/etc/kubernetes/pki/ca.crt". TODO: revisit when there is defaulting
from k/k'
type: string
controlPlane:
description: ControlPlane defines the additional control plane instance
to be deployed on the joining node. If nil, no additional control
plane instance will be deployed.
properties:
localAPIEndpoint:
description: LocalAPIEndpoint represents the endpoint of the
API server instance to be deployed on this node.
properties:
advertiseAddress:
description: AdvertiseAddress sets the IP address for the
API server to advertise.
type: string
bindPort:
description: BindPort sets the secure port for the API Server
to bind to. Defaults to 6443.
format: int32
type: integer
required:
- advertiseAddress
- bindPort
type: object
type: object
discovery:
description: 'Discovery specifies the options for the kubelet to
use during the TLS Bootstrap process TODO: revisit when there
is defaulting from k/k'
properties:
bootstrapToken:
description: BootstrapToken is used to set the options for bootstrap
token based discovery BootstrapToken and File are mutually
exclusive
properties:
apiServerEndpoint:
description: APIServerEndpoint is an IP or domain name to
the API server from which info will be fetched.
type: string
caCertHashes:
description: 'CACertHashes specifies a set of public key
pins to verify when token-based discovery is used. The
root CA found during discovery must match one of these
values. Specifying an empty set disables root CA pinning,
which can be unsafe. Each hash is specified as "<type>:<value>",
where the only currently supported type is "sha256". This
is a hex-encoded SHA-256 hash of the Subject Public Key
Info (SPKI) object in DER-encoded ASN.1. These hashes
can be calculated using, for example, OpenSSL: openssl
x509 -pubkey -in ca.crt openssl rsa -pubin -outform der
2>&/dev/null | openssl dgst -sha256 -hex'
items:
type: string
type: array
token:
description: Token is a token used to validate cluster information
fetched from the control-plane.
type: string
unsafeSkipCAVerification:
description: UnsafeSkipCAVerification allows token-based
discovery without CA verification via CACertHashes. This
can weaken the security of kubeadm since other nodes can
impersonate the control-plane.
type: boolean
required:
- token
- unsafeSkipCAVerification
type: object
file:
description: File is used to specify a file or URL to a kubeconfig
file from which to load cluster information BootstrapToken
and File are mutually exclusive
properties:
kubeConfigPath:
description: KubeConfigPath is used to specify the actual
file path or URL to the kubeconfig file from which to
load cluster information
type: string
required:
- kubeConfigPath
type: object
timeout:
description: Timeout modifies the discovery timeout
type: string
tlsBootstrapToken:
description: 'TLSBootstrapToken is a token used for TLS bootstrapping.
If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token,
but can be overridden. If .File is set, this field **must
be set** in case the KubeConfigFile does not contain any other
authentication information TODO: revisit when there is defaulting
from k/k'
type: string
type: object
kind:
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint
the client submits requests to. Cannot be updated. In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
nodeRegistration:
description: NodeRegistration holds fields that relate to registering
the new control-plane node to the cluster
properties:
criSocket:
description: CRISocket is used to retrieve container runtime
info. This information will be annotated to the Node API object,
for later re-use
type: string
kubeletExtraArgs:
additionalProperties:
type: string
description: KubeletExtraArgs passes through extra arguments
to the kubelet. The arguments here are passed to the kubelet
command line via the environment file kubeadm writes at runtime
for the kubelet to source. This overrides the generic base-level
configuration in the kubelet-config-1.X ConfigMap Flags have
higher priority when parsing. These values are local and specific
to the node kubeadm is executing on.
type: object
name:
description: Name is the `.Metadata.Name` field of the Node
API object that will be created in this `kubeadm init` or
`kubeadm join` operation. This field is also used in the CommonName
field of the kubelet's client certificate to the API server.
Defaults to the hostname of the node if not provided.
type: string
taints:
description: 'Taints specifies the taints the Node API object
should be registered with. If this field is unset, i.e. nil,
in the `kubeadm init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}.
If you don''t want to taint your control-plane node, set this
field to an empty slice, i.e. `taints: {}` in the YAML file.
This field is solely used for Node registration.'
items:
description: The node this Taint is attached to has the "effect"
on any pod that does not tolerate the Taint.
properties:
effect:
description: Required. The effect of the taint on pods
that do not tolerate the taint. Valid effects are NoSchedule,
PreferNoSchedule and NoExecute.
type: string
key:
description: Required. The taint key to be applied to
a node.
type: string
timeAdded:
description: TimeAdded represents the time at which the
taint was added. It is only written for NoExecute taints.
format: date-time
type: string
value:
description: Required. The taint value corresponding to
the taint key.
type: string
required:
- effect
- key
type: object
type: array
type: object
required:
- nodeRegistration
type: object
ntp:
description: NTP specifies NTP configuration
properties:
enabled:
description: Enabled specifies whether NTP should be enabled
type: boolean
servers:
description: Servers specifies which NTP servers to use
items:
type: string
type: array
type: object
postKubeadmCommands:
description: PostKubeadmCommands specifies extra commands to run after
kubeadm runs
items:
type: string
type: array
preKubeadmCommands:
description: PreKubeadmCommands specifies extra commands to run before
kubeadm runs
items:
type: string
type: array
users:
description: Users specifies extra users to add
items:
description: User defines the input for a generated user in cloud-init.
properties:
gecos:
description: Gecos specifies the gecos to use for the user
type: string
groups:
description: Groups specifies the additional groups for the user
type: string
homeDir:
description: HomeDir specifies the home directory to use for the
user
type: string
inactive:
description: Inactive specifies whether to mark the user as inactive
type: boolean
lockPassword:
description: LockPassword specifies if password login should be
disabled
type: boolean
name:
description: Name specifies the user name
type: string
passwd:
description: Passwd specifies a hashed password for the user
type: string
primaryGroup:
description: PrimaryGroup specifies the primary group for the
user
type: string
shell:
description: Shell specifies the user's shell
type: string
sshAuthorizedKeys:
description: SSHAuthorizedKeys specifies a list of ssh authorized
keys for the user
items:
type: string
type: array
sudo:
description: Sudo specifies a sudo role for the user
type: string
required:
- name
type: object
type: array
type: object
status:
description: KubeadmConfigStatus defines the observed state of KubeadmConfig
properties:
bootstrapData:
description: BootstrapData will be a cloud-init script for now
format: byte
type: string
errorMessage:
description: ErrorMessage will be set on non-retryable errors
type: string
errorReason:
description: ErrorReason will be set on non-retryable errors
type: string
ready:
description: Ready indicates the BootstrapData field is ready to be
consumed
type: boolean
type: object
type: object
version: v1alpha2
versions:
- name: v1alpha2
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

859
manifests/global/crd/kubeadm/kubeadmconfigtemplates.bootstrap.cluster.x-k8s.io.yaml Normal file
View File

@ -0,0 +1,859 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
name: kubeadmconfigtemplates.bootstrap.cluster.x-k8s.io
spec:
group: bootstrap.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: KubeadmConfigTemplate
listKind: KubeadmConfigTemplateList
plural: kubeadmconfigtemplates
singular: kubeadmconfigtemplate
scope: Namespaced
validation:
openAPIV3Schema:
description: KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate
properties:
template:
description: KubeadmConfigTemplateResource defines the Template structure
properties:
spec:
description: KubeadmConfigSpec defines the desired state of KubeadmConfig.
Either ClusterConfiguration and InitConfiguration should be defined
or the JoinConfiguration should be defined.
properties:
clusterConfiguration:
description: ClusterConfiguration along with InitConfiguration
are the configurations necessary for the init command
properties:
apiServer:
description: APIServer contains extra settings for the API
server control plane component
properties:
certSANs:
description: CertSANs sets extra Subject Alternative
Names for the API Server signing cert.
items:
type: string
type: array
extraArgs:
additionalProperties:
type: string
description: 'ExtraArgs is an extra set of flags to
pass to the control plane component. TODO: This is
temporary and ideally we would like to switch all
components to use ComponentConfig + ConfigMaps.'
type: object
extraVolumes:
description: ExtraVolumes is an extra set of host volumes,
mounted to the control plane component.
items:
description: HostPathMount contains elements describing
volumes that are mounted from the host.
properties:
hostPath:
description: HostPath is the path in the host
that will be mounted inside the pod.
type: string
mountPath:
description: MountPath is the path inside the
pod where hostPath will be mounted.
type: string
name:
description: Name of the volume inside the pod
template.
type: string
pathType:
description: PathType is the type of the HostPath.
type: string
readOnly:
description: ReadOnly controls write access to
the volume
type: boolean
required:
- hostPath
- mountPath
- name
type: object
type: array
timeoutForControlPlane:
description: TimeoutForControlPlane controls the timeout
that we use for API server to appear
type: string
type: object
apiVersion:
description: 'APIVersion defines the versioned schema of
this representation of an object. Servers should convert
recognized schemas to the latest internal value, and may
reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
certificatesDir:
description: CertificatesDir specifies where to store or
look for all required certificates.
type: string
clusterName:
description: The cluster name
type: string
controlPlaneEndpoint:
description: 'ControlPlaneEndpoint sets a stable IP address
or DNS name for the control plane; it can be a valid IP
address or a RFC-1123 DNS subdomain, both with optional
TCP port. In case the ControlPlaneEndpoint is not specified,
the AdvertiseAddress + BindPort are used; in case the
ControlPlaneEndpoint is specified but without a TCP port,
the BindPort is used. Possible usages are: e.g. In a cluster
with more than one control plane instances, this field
should be assigned the address of the external load balancer
in front of the control plane instances. e.g. in environments
with enforced node recycling, the ControlPlaneEndpoint
could be used for assigning a stable DNS to the control
plane. NB: This value defaults to the first value in the
Cluster object status.apiEndpoints array.'
type: string
controllerManager:
description: ControllerManager contains extra settings for
the controller manager control plane component
properties:
extraArgs:
additionalProperties:
type: string
description: 'ExtraArgs is an extra set of flags to
pass to the control plane component. TODO: This is
temporary and ideally we would like to switch all
components to use ComponentConfig + ConfigMaps.'
type: object
extraVolumes:
description: ExtraVolumes is an extra set of host volumes,
mounted to the control plane component.
items:
description: HostPathMount contains elements describing
volumes that are mounted from the host.
properties:
hostPath:
description: HostPath is the path in the host
that will be mounted inside the pod.
type: string
mountPath:
description: MountPath is the path inside the
pod where hostPath will be mounted.
type: string
name:
description: Name of the volume inside the pod
template.
type: string
pathType:
description: PathType is the type of the HostPath.
type: string
readOnly:
description: ReadOnly controls write access to
the volume
type: boolean
required:
- hostPath
- mountPath
- name
type: object
type: array
type: object
dns:
description: DNS defines the options for the DNS add-on
installed in the cluster.
properties:
imageRepository:
description: ImageRepository sets the container registry
to pull images from. if not set, the ImageRepository
defined in ClusterConfiguration will be used instead.
type: string
imageTag:
description: ImageTag allows to specify a tag for the
image. In case this value is set, kubeadm does not
change automatically the version of the above components
during upgrades.
type: string
type:
description: Type defines the DNS add-on to be used
type: string
required:
- type
type: object
etcd:
description: Etcd holds configuration for etcd.
properties:
external:
description: External describes how to connect to an
external etcd cluster Local and External are mutually
exclusive
properties:
caFile:
description: CAFile is an SSL Certificate Authority
file used to secure etcd communication. Required
if using a TLS connection.
type: string
certFile:
description: CertFile is an SSL certification file
used to secure etcd communication. Required if
using a TLS connection.
type: string
endpoints:
description: Endpoints of etcd members. Required
for ExternalEtcd.
items:
type: string
type: array
keyFile:
description: KeyFile is an SSL key file used to
secure etcd communication. Required if using a
TLS connection.
type: string
required:
- caFile
- certFile
- endpoints
- keyFile
type: object
local:
description: Local provides configuration knobs for
configuring the local etcd instance Local and External
are mutually exclusive
properties:
dataDir:
description: DataDir is the directory etcd will
place its data. Defaults to "/var/lib/etcd".
type: string
extraArgs:
additionalProperties:
type: string
description: ExtraArgs are extra arguments provided
to the etcd binary when run inside a static pod.
type: object
imageRepository:
description: ImageRepository sets the container
registry to pull images from. if not set, the
ImageRepository defined in ClusterConfiguration
will be used instead.
type: string
imageTag:
description: ImageTag allows to specify a tag for
the image. In case this value is set, kubeadm
does not change automatically the version of the
above components during upgrades.
type: string
peerCertSANs:
description: PeerCertSANs sets extra Subject Alternative
Names for the etcd peer signing cert.
items:
type: string
type: array
serverCertSANs:
description: ServerCertSANs sets extra Subject Alternative
Names for the etcd server signing cert.
items:
type: string
type: array
required:
- dataDir
type: object
type: object
featureGates:
additionalProperties:
type: boolean
description: FeatureGates enabled by the user.
type: object
imageRepository:
description: ImageRepository sets the container registry
to pull images from. If empty, `k8s.gcr.io` will be used
by default; in case of kubernetes version is a CI build
(kubernetes version starts with `ci/` or `ci-cross/`)
`gcr.io/kubernetes-ci-images` will be used as a default
for control plane components and for kube-proxy, while
`k8s.gcr.io` will be used for all the other images.
type: string
kind:
description: 'Kind is a string value representing the REST
resource this object represents. Servers may infer this
from the endpoint the client submits requests to. Cannot
be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
kubernetesVersion:
description: 'KubernetesVersion is the target version of
the control plane. NB: This value defaults to the Machine
object spec.kuberentesVersion'
type: string
networking:
description: 'Networking holds configuration for the networking
topology of the cluster. NB: This value defaults to the
Cluster object spec.clusterNetwork.'
properties:
dnsDomain:
description: DNSDomain is the dns domain used by k8s
services. Defaults to "cluster.local".
type: string
podSubnet:
description: PodSubnet is the subnet used by pods.
type: string
serviceSubnet:
description: ServiceSubnet is the subnet used by k8s
services. Defaults to "10.96.0.0/12".
type: string
required:
- dnsDomain
- podSubnet
- serviceSubnet
type: object
scheduler:
description: Scheduler contains extra settings for the scheduler
control plane component
properties:
extraArgs:
additionalProperties:
type: string
description: 'ExtraArgs is an extra set of flags to
pass to the control plane component. TODO: This is
temporary and ideally we would like to switch all
components to use ComponentConfig + ConfigMaps.'
type: object
extraVolumes:
description: ExtraVolumes is an extra set of host volumes,
mounted to the control plane component.
items:
description: HostPathMount contains elements describing
volumes that are mounted from the host.
properties:
hostPath:
description: HostPath is the path in the host
that will be mounted inside the pod.
type: string
mountPath:
description: MountPath is the path inside the
pod where hostPath will be mounted.
type: string
name:
description: Name of the volume inside the pod
template.
type: string
pathType:
description: PathType is the type of the HostPath.
type: string
readOnly:
description: ReadOnly controls write access to
the volume
type: boolean
required:
- hostPath
- mountPath
- name
type: object
type: array
type: object
useHyperKubeImage:
description: UseHyperKubeImage controls if hyperkube should
be used for Kubernetes components instead of their respective
separate images
type: boolean
type: object
files:
description: Files specifies extra files to be passed to user_data
upon creation.
items:
description: File defines the input for generating write_files
in cloud-init.
properties:
content:
description: Content is the actual content of the file.
type: string
encoding:
description: Encoding specifies the encoding of the file
contents.
enum:
- base64
- gzip
- gzip+base64
type: string
owner:
description: Owner specifies the ownership of the file,
e.g. "root:root".
type: string
path:
description: Path specifies the full path on disk where
to store the file.
type: string
permissions:
description: Permissions specifies the permissions to
assign to the file, e.g. "0640".
type: string
required:
- content
- path
type: object
type: array
format:
description: Format specifies the output format of the bootstrap
data
enum:
- cloud-config
type: string
initConfiguration:
description: InitConfiguration along with ClusterConfiguration
are the configurations necessary for the init command
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of
this representation of an object. Servers should convert
recognized schemas to the latest internal value, and may
reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
bootstrapTokens:
description: BootstrapTokens is respected at `kubeadm init`
time and describes a set of Bootstrap Tokens to create.
This information IS NOT uploaded to the kubeadm cluster
configmap, partly because of its sensitive nature
items:
description: BootstrapToken describes one bootstrap token,
stored as a Secret in the cluster
properties:
description:
description: Description sets a human-friendly message
why this token exists and what it's used for, so
other administrators can know its purpose.
type: string
expires:
description: Expires specifies the timestamp when
this token expires. Defaults to being set dynamically
at runtime based on the TTL. Expires and TTL are
mutually exclusive.
format: date-time
type: string
groups:
description: Groups specifies the extra groups that
this token will authenticate as when/if used for
authentication
items:
type: string
type: array
token:
description: Token is used for establishing bidirectional
trust between nodes and control-planes. Used for
joining nodes in the cluster.
type: object
ttl:
description: TTL defines the time to live for this
token. Defaults to 24h. Expires and TTL are mutually
exclusive.
type: string
usages:
description: Usages describes the ways in which this
token can be used. Can by default be used for establishing
bidirectional trust, but that can be changed here.
items:
type: string
type: array
required:
- token
type: object
type: array
kind:
description: 'Kind is a string value representing the REST
resource this object represents. Servers may infer this
from the endpoint the client submits requests to. Cannot
be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
localAPIEndpoint:
description: LocalAPIEndpoint represents the endpoint of
the API server instance that's deployed on this control
plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint
in the sense that ControlPlaneEndpoint is the global endpoint
for the cluster, which then loadbalances the requests
to each individual API server. This configuration object
lets you customize what IP/DNS name and port the local
API server advertises it's accessible on. By default,
kubeadm tries to auto-detect the IP of the default interface
and use that, but in case that process fails you may set
the desired value here.
properties:
advertiseAddress:
description: AdvertiseAddress sets the IP address for
the API server to advertise.
type: string
bindPort:
description: BindPort sets the secure port for the API
Server to bind to. Defaults to 6443.
format: int32
type: integer
required:
- advertiseAddress
- bindPort
type: object
nodeRegistration:
description: NodeRegistration holds fields that relate to
registering the new control-plane node to the cluster
properties:
criSocket:
description: CRISocket is used to retrieve container
runtime info. This information will be annotated to
the Node API object, for later re-use
type: string
kubeletExtraArgs:
additionalProperties:
type: string
description: KubeletExtraArgs passes through extra arguments
to the kubelet. The arguments here are passed to the
kubelet command line via the environment file kubeadm
writes at runtime for the kubelet to source. This
overrides the generic base-level configuration in
the kubelet-config-1.X ConfigMap Flags have higher
priority when parsing. These values are local and
specific to the node kubeadm is executing on.
type: object
name:
description: Name is the `.Metadata.Name` field of the
Node API object that will be created in this `kubeadm
init` or `kubeadm join` operation. This field is also
used in the CommonName field of the kubelet's client
certificate to the API server. Defaults to the hostname
of the node if not provided.
type: string
taints:
description: 'Taints specifies the taints the Node API
object should be registered with. If this field is
unset, i.e. nil, in the `kubeadm init` process it
will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}.
If you don''t want to taint your control-plane node,
set this field to an empty slice, i.e. `taints: {}`
in the YAML file. This field is solely used for Node
registration.'
items:
description: The node this Taint is attached to has
the "effect" on any pod that does not tolerate the
Taint.
properties:
effect:
description: Required. The effect of the taint
on pods that do not tolerate the taint. Valid
effects are NoSchedule, PreferNoSchedule and
NoExecute.
type: string
key:
description: Required. The taint key to be applied
to a node.
type: string
timeAdded:
description: TimeAdded represents the time at
which the taint was added. It is only written
for NoExecute taints.
format: date-time
type: string
value:
description: Required. The taint value corresponding
to the taint key.
type: string
required:
- effect
- key
type: object
type: array
type: object
type: object
joinConfiguration:
description: JoinConfiguration is the kubeadm configuration
for the join command
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of
this representation of an object. Servers should convert
recognized schemas to the latest internal value, and may
reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
caCertPath:
description: 'CACertPath is the path to the SSL certificate
authority used to secure comunications between node and
control-plane. Defaults to "/etc/kubernetes/pki/ca.crt".
TODO: revisit when there is defaulting from k/k'
type: string
controlPlane:
description: ControlPlane defines the additional control
plane instance to be deployed on the joining node. If
nil, no additional control plane instance will be deployed.
properties:
localAPIEndpoint:
description: LocalAPIEndpoint represents the endpoint
of the API server instance to be deployed on this
node.
properties:
advertiseAddress:
description: AdvertiseAddress sets the IP address
for the API server to advertise.
type: string
bindPort:
description: BindPort sets the secure port for the
API Server to bind to. Defaults to 6443.
format: int32
type: integer
required:
- advertiseAddress
- bindPort
type: object
type: object
discovery:
description: 'Discovery specifies the options for the kubelet
to use during the TLS Bootstrap process TODO: revisit
when there is defaulting from k/k'
properties:
bootstrapToken:
description: BootstrapToken is used to set the options
for bootstrap token based discovery BootstrapToken
and File are mutually exclusive
properties:
apiServerEndpoint:
description: APIServerEndpoint is an IP or domain
name to the API server from which info will be
fetched.
type: string
caCertHashes:
description: 'CACertHashes specifies a set of public
key pins to verify when token-based discovery
is used. The root CA found during discovery must
match one of these values. Specifying an empty
set disables root CA pinning, which can be unsafe.
Each hash is specified as "<type>:<value>", where
the only currently supported type is "sha256".
This is a hex-encoded SHA-256 hash of the Subject
Public Key Info (SPKI) object in DER-encoded ASN.1.
These hashes can be calculated using, for example,
OpenSSL: openssl x509 -pubkey -in ca.crt openssl
rsa -pubin -outform der 2>&/dev/null | openssl
dgst -sha256 -hex'
items:
type: string
type: array
token:
description: Token is a token used to validate cluster
information fetched from the control-plane.
type: string
unsafeSkipCAVerification:
description: UnsafeSkipCAVerification allows token-based
discovery without CA verification via CACertHashes.
This can weaken the security of kubeadm since
other nodes can impersonate the control-plane.
type: boolean
required:
- token
- unsafeSkipCAVerification
type: object
file:
description: File is used to specify a file or URL to
a kubeconfig file from which to load cluster information
BootstrapToken and File are mutually exclusive
properties:
kubeConfigPath:
description: KubeConfigPath is used to specify the
actual file path or URL to the kubeconfig file
from which to load cluster information
type: string
required:
- kubeConfigPath
type: object
timeout:
description: Timeout modifies the discovery timeout
type: string
tlsBootstrapToken:
description: 'TLSBootstrapToken is a token used for
TLS bootstrapping. If .BootstrapToken is set, this
field is defaulted to .BootstrapToken.Token, but can
be overridden. If .File is set, this field **must
be set** in case the KubeConfigFile does not contain
any other authentication information TODO: revisit
when there is defaulting from k/k'
type: string
type: object
kind:
description: 'Kind is a string value representing the REST
resource this object represents. Servers may infer this
from the endpoint the client submits requests to. Cannot
be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
nodeRegistration:
description: NodeRegistration holds fields that relate to
registering the new control-plane node to the cluster
properties:
criSocket:
description: CRISocket is used to retrieve container
runtime info. This information will be annotated to
the Node API object, for later re-use
type: string
kubeletExtraArgs:
additionalProperties:
type: string
description: KubeletExtraArgs passes through extra arguments
to the kubelet. The arguments here are passed to the
kubelet command line via the environment file kubeadm
writes at runtime for the kubelet to source. This
overrides the generic base-level configuration in
the kubelet-config-1.X ConfigMap Flags have higher
priority when parsing. These values are local and
specific to the node kubeadm is executing on.
type: object
name:
description: Name is the `.Metadata.Name` field of the
Node API object that will be created in this `kubeadm
init` or `kubeadm join` operation. This field is also
used in the CommonName field of the kubelet's client
certificate to the API server. Defaults to the hostname
of the node if not provided.
type: string
taints:
description: 'Taints specifies the taints the Node API
object should be registered with. If this field is
unset, i.e. nil, in the `kubeadm init` process it
will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}.
If you don''t want to taint your control-plane node,
set this field to an empty slice, i.e. `taints: {}`
in the YAML file. This field is solely used for Node
registration.'
items:
description: The node this Taint is attached to has
the "effect" on any pod that does not tolerate the
Taint.
properties:
effect:
description: Required. The effect of the taint
on pods that do not tolerate the taint. Valid
effects are NoSchedule, PreferNoSchedule and
NoExecute.
type: string
key:
description: Required. The taint key to be applied
to a node.
type: string
timeAdded:
description: TimeAdded represents the time at
which the taint was added. It is only written
for NoExecute taints.
format: date-time
type: string
value:
description: Required. The taint value corresponding
to the taint key.
type: string
required:
- effect
- key
type: object
type: array
type: object
required:
- nodeRegistration
type: object
ntp:
description: NTP specifies NTP configuration
properties:
enabled:
description: Enabled specifies whether NTP should be enabled
type: boolean
servers:
description: Servers specifies which NTP servers to use
items:
type: string
type: array
type: object
postKubeadmCommands:
description: PostKubeadmCommands specifies extra commands to
run after kubeadm runs
items:
type: string
type: array
preKubeadmCommands:
description: PreKubeadmCommands specifies extra commands to
run before kubeadm runs
items:
type: string
type: array
users:
description: Users specifies extra users to add
items:
description: User defines the input for a generated user in
cloud-init.
properties:
gecos:
description: Gecos specifies the gecos to use for the
user
type: string
groups:
description: Groups specifies the additional groups for
the user
type: string
homeDir:
description: HomeDir specifies the home directory to use
for the user
type: string
inactive:
description: Inactive specifies whether to mark the user
as inactive
type: boolean
lockPassword:
description: LockPassword specifies if password login
should be disabled
type: boolean
name:
description: Name specifies the user name
type: string
passwd:
description: Passwd specifies a hashed password for the
user
type: string
primaryGroup:
description: PrimaryGroup specifies the primary group
for the user
type: string
shell:
description: Shell specifies the user's shell
type: string
sshAuthorizedKeys:
description: SSHAuthorizedKeys specifies a list of ssh
authorized keys for the user
items:
type: string
type: array
sudo:
description: Sudo specifies a sudo role for the user
type: string
required:
- name
type: object
type: array
type: object
type: object
required:
- template
type: object
type: object
version: v1alpha2
versions:
- name: v1alpha2
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

3
manifests/global/crd/kubeadm/kustomization.yaml Normal file
View File

@ -0,0 +1,3 @@
resources:
- kubeadmconfigs.bootstrap.cluster.x-k8s.io.yaml
- kubeadmconfigtemplates.bootstrap.cluster.x-k8s.io.yaml