airship/airshipctl
Code Issues Proposed changes
airshipctl/manifests/function/cabpk/v0.3.3/crd/bases/bootstrap.cluster.x-k8s.io_kubeadmconfigs.yaml
Sreejith Punnapuzha f95da5a56c Enhance target node deployment on gates 
* Add script to install clusterctl
  * Add controlplane yamls for target node
  * Add script to perform cluster move
  * Add script to zuul jobs

Closes: #288
Change-Id: Ia6891df9c9b1da333396e76f11332deeb17ab807
Signed-off-by: Sreejith Punnapuzha <sreejith.punnapuzha@outlook.com>
2020-08-27 11:12:05 -05:00

1659 lines
88 KiB
YAML
Raw Blame History

---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
clusterctl.cluster.x-k8s.io: ""
annotations:
controller-gen.kubebuilder.io/version: v0.2.8
creationTimestamp: null
name: kubeadmconfigs.bootstrap.cluster.x-k8s.io
spec:
group: bootstrap.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: KubeadmConfig
listKind: KubeadmConfigList
plural: kubeadmconfigs
singular: kubeadmconfig
scope: Namespaced
versions:
- name: v1alpha2
schema:
openAPIV3Schema:
description: KubeadmConfig is the Schema for the kubeadmconfigs API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: KubeadmConfigSpec defines the desired state of KubeadmConfig.
Either ClusterConfiguration and InitConfiguration should be defined
or the JoinConfiguration should be defined.
properties:
clusterConfiguration:
description: ClusterConfiguration along with InitConfiguration are
the configurations necessary for the init command
properties:
apiServer:
description: APIServer contains extra settings for the API server
control plane component
properties:
certSANs:
description: CertSANs sets extra Subject Alternative Names
for the API Server signing cert.
items:
type: string
type: array
extraArgs:
additionalProperties:
type: string
description: 'ExtraArgs is an extra set of flags to pass to
the control plane component. TODO: This is temporary and
ideally we would like to switch all components to use ComponentConfig
+ ConfigMaps.'
type: object
extraVolumes:
description: ExtraVolumes is an extra set of host volumes,
mounted to the control plane component.
items:
description: HostPathMount contains elements describing
volumes that are mounted from the host.
properties:
hostPath:
description: HostPath is the path in the host that will
be mounted inside the pod.
type: string
mountPath:
description: MountPath is the path inside the pod where
hostPath will be mounted.
type: string
name:
description: Name of the volume inside the pod template.
type: string
pathType:
description: PathType is the type of the HostPath.
type: string
readOnly:
description: ReadOnly controls write access to the volume
type: boolean
required:
- hostPath
- mountPath
- name
type: object
type: array
timeoutForControlPlane:
description: TimeoutForControlPlane controls the timeout that
we use for API server to appear
type: string
type: object
apiVersion:
description: 'APIVersion defines the versioned schema of this
representation of an object. Servers should convert recognized
schemas to the latest internal value, and may reject unrecognized
values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
certificatesDir:
description: 'CertificatesDir specifies where to store or look
for all required certificates. NB: if not provided, this will
default to `/etc/kubernetes/pki`'
type: string
clusterName:
description: The cluster name
type: string
controlPlaneEndpoint:
description: 'ControlPlaneEndpoint sets a stable IP address or
DNS name for the control plane; it can be a valid IP address
or a RFC-1123 DNS subdomain, both with optional TCP port. In
case the ControlPlaneEndpoint is not specified, the AdvertiseAddress
+ BindPort are used; in case the ControlPlaneEndpoint is specified
but without a TCP port, the BindPort is used. Possible usages
are: e.g. In a cluster with more than one control plane instances,
this field should be assigned the address of the external load
balancer in front of the control plane instances. e.g. in environments
with enforced node recycling, the ControlPlaneEndpoint could
be used for assigning a stable DNS to the control plane. NB:
This value defaults to the first value in the Cluster object
status.apiEndpoints array.'
type: string
controllerManager:
description: ControllerManager contains extra settings for the
controller manager control plane component
properties:
extraArgs:
additionalProperties:
type: string
description: 'ExtraArgs is an extra set of flags to pass to
the control plane component. TODO: This is temporary and
ideally we would like to switch all components to use ComponentConfig
+ ConfigMaps.'
type: object
extraVolumes:
description: ExtraVolumes is an extra set of host volumes,
mounted to the control plane component.
items:
description: HostPathMount contains elements describing
volumes that are mounted from the host.
properties:
hostPath:
description: HostPath is the path in the host that will
be mounted inside the pod.
type: string
mountPath:
description: MountPath is the path inside the pod where
hostPath will be mounted.
type: string
name:
description: Name of the volume inside the pod template.
type: string
pathType:
description: PathType is the type of the HostPath.
type: string
readOnly:
description: ReadOnly controls write access to the volume
type: boolean
required:
- hostPath
- mountPath
- name
type: object
type: array
type: object
dns:
description: DNS defines the options for the DNS add-on installed
in the cluster.
properties:
imageRepository:
description: ImageRepository sets the container registry to
pull images from. if not set, the ImageRepository defined
in ClusterConfiguration will be used instead.
type: string
imageTag:
description: ImageTag allows to specify a tag for the image.
In case this value is set, kubeadm does not change automatically
the version of the above components during upgrades.
type: string
type:
description: Type defines the DNS add-on to be used
type: string
type: object
etcd:
description: 'Etcd holds configuration for etcd. NB: This value
defaults to a Local (stacked) etcd'
properties:
external:
description: External describes how to connect to an external
etcd cluster Local and External are mutually exclusive
properties:
caFile:
description: CAFile is an SSL Certificate Authority file
used to secure etcd communication. Required if using
a TLS connection.
type: string
certFile:
description: CertFile is an SSL certification file used
to secure etcd communication. Required if using a TLS
connection.
type: string
endpoints:
description: Endpoints of etcd members. Required for ExternalEtcd.
items:
type: string
type: array
keyFile:
description: KeyFile is an SSL key file used to secure
etcd communication. Required if using a TLS connection.
type: string
required:
- caFile
- certFile
- endpoints
- keyFile
type: object
local:
description: Local provides configuration knobs for configuring
the local etcd instance Local and External are mutually
exclusive
properties:
dataDir:
description: DataDir is the directory etcd will place
its data. Defaults to "/var/lib/etcd".
type: string
extraArgs:
additionalProperties:
type: string
description: ExtraArgs are extra arguments provided to
the etcd binary when run inside a static pod.
type: object
imageRepository:
description: ImageRepository sets the container registry
to pull images from. if not set, the ImageRepository
defined in ClusterConfiguration will be used instead.
type: string
imageTag:
description: ImageTag allows to specify a tag for the
image. In case this value is set, kubeadm does not change
automatically the version of the above components during
upgrades.
type: string
peerCertSANs:
description: PeerCertSANs sets extra Subject Alternative
Names for the etcd peer signing cert.
items:
type: string
type: array
serverCertSANs:
description: ServerCertSANs sets extra Subject Alternative
Names for the etcd server signing cert.
items:
type: string
type: array
type: object
type: object
featureGates:
additionalProperties:
type: boolean
description: FeatureGates enabled by the user.
type: object
imageRepository:
description: ImageRepository sets the container registry to pull
images from. If empty, `k8s.gcr.io` will be used by default;
in case of kubernetes version is a CI build (kubernetes version
starts with `ci/` or `ci-cross/`) `gcr.io/kubernetes-ci-images`
will be used as a default for control plane components and for
kube-proxy, while `k8s.gcr.io` will be used for all the other
images.
type: string
kind:
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint
the client submits requests to. Cannot be updated. In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
kubernetesVersion:
description: 'KubernetesVersion is the target version of the control
plane. NB: This value defaults to the Machine object spec.kuberentesVersion'
type: string
networking:
description: 'Networking holds configuration for the networking
topology of the cluster. NB: This value defaults to the Cluster
object spec.clusterNetwork.'
properties:
dnsDomain:
description: DNSDomain is the dns domain used by k8s services.
Defaults to "cluster.local".
type: string
podSubnet:
description: PodSubnet is the subnet used by pods. If unset,
the API server will not allocate CIDR ranges for every node.
Defaults to the first element of the Cluster object's spec.clusterNetwork.services.cidrBlocks
if that is set
type: string
serviceSubnet:
description: ServiceSubnet is the subnet used by k8s services.
Defaults to the first element of the Cluster object's spec.clusterNetwork.pods.cidrBlocks
field, or to "10.96.0.0/12" if that's unset.
type: string
type: object
scheduler:
description: Scheduler contains extra settings for the scheduler
control plane component
properties:
extraArgs:
additionalProperties:
type: string
description: 'ExtraArgs is an extra set of flags to pass to
the control plane component. TODO: This is temporary and
ideally we would like to switch all components to use ComponentConfig
+ ConfigMaps.'
type: object
extraVolumes:
description: ExtraVolumes is an extra set of host volumes,
mounted to the control plane component.
items:
description: HostPathMount contains elements describing
volumes that are mounted from the host.
properties:
hostPath:
description: HostPath is the path in the host that will
be mounted inside the pod.
type: string
mountPath:
description: MountPath is the path inside the pod where
hostPath will be mounted.
type: string
name:
description: Name of the volume inside the pod template.
type: string
pathType:
description: PathType is the type of the HostPath.
type: string
readOnly:
description: ReadOnly controls write access to the volume
type: boolean
required:
- hostPath
- mountPath
- name
type: object
type: array
type: object
useHyperKubeImage:
description: UseHyperKubeImage controls if hyperkube should be
used for Kubernetes components instead of their respective separate
images
type: boolean
type: object
files:
description: Files specifies extra files to be passed to user_data
upon creation.
items:
description: File defines the input for generating write_files in
cloud-init.
properties:
content:
description: Content is the actual content of the file.
type: string
encoding:
description: Encoding specifies the encoding of the file contents.
enum:
- base64
- gzip
- gzip+base64
type: string
owner:
description: Owner specifies the ownership of the file, e.g.
"root:root".
type: string
path:
description: Path specifies the full path on disk where to store
the file.
type: string
permissions:
description: Permissions specifies the permissions to assign
to the file, e.g. "0640".
type: string
required:
- content
- path
type: object
type: array
format:
description: Format specifies the output format of the bootstrap data
enum:
- cloud-config
type: string
initConfiguration:
description: InitConfiguration along with ClusterConfiguration are
the configurations necessary for the init command
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this
representation of an object. Servers should convert recognized
schemas to the latest internal value, and may reject unrecognized
values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
bootstrapTokens:
description: BootstrapTokens is respected at `kubeadm init` time
and describes a set of Bootstrap Tokens to create. This information
IS NOT uploaded to the kubeadm cluster configmap, partly because
of its sensitive nature
items:
description: BootstrapToken describes one bootstrap token, stored
as a Secret in the cluster
properties:
description:
description: Description sets a human-friendly message why
this token exists and what it's used for, so other administrators
can know its purpose.
type: string
expires:
description: Expires specifies the timestamp when this token
expires. Defaults to being set dynamically at runtime
based on the TTL. Expires and TTL are mutually exclusive.
format: date-time
type: string
groups:
description: Groups specifies the extra groups that this
token will authenticate as when/if used for authentication
items:
type: string
type: array
token:
description: Token is used for establishing bidirectional
trust between nodes and control-planes. Used for joining
nodes in the cluster.
type: object
ttl:
description: TTL defines the time to live for this token.
Defaults to 24h. Expires and TTL are mutually exclusive.
type: string
usages:
description: Usages describes the ways in which this token
can be used. Can by default be used for establishing bidirectional
trust, but that can be changed here.
items:
type: string
type: array
required:
- token
type: object
type: array
kind:
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint
the client submits requests to. Cannot be updated. In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
localAPIEndpoint:
description: LocalAPIEndpoint represents the endpoint of the API
server instance that's deployed on this control plane node In
HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint
in the sense that ControlPlaneEndpoint is the global endpoint
for the cluster, which then loadbalances the requests to each
individual API server. This configuration object lets you customize
what IP/DNS name and port the local API server advertises it's
accessible on. By default, kubeadm tries to auto-detect the
IP of the default interface and use that, but in case that process
fails you may set the desired value here.
properties:
advertiseAddress:
description: AdvertiseAddress sets the IP address for the
API server to advertise.
type: string
bindPort:
description: BindPort sets the secure port for the API Server
to bind to. Defaults to 6443.
format: int32
type: integer
required:
- advertiseAddress
- bindPort
type: object
nodeRegistration:
description: NodeRegistration holds fields that relate to registering
the new control-plane node to the cluster
properties:
criSocket:
description: CRISocket is used to retrieve container runtime
info. This information will be annotated to the Node API
object, for later re-use
type: string
kubeletExtraArgs:
additionalProperties:
type: string
description: KubeletExtraArgs passes through extra arguments
to the kubelet. The arguments here are passed to the kubelet
command line via the environment file kubeadm writes at
runtime for the kubelet to source. This overrides the generic
base-level configuration in the kubelet-config-1.X ConfigMap
Flags have higher priority when parsing. These values are
local and specific to the node kubeadm is executing on.
type: object
name:
description: Name is the `.Metadata.Name` field of the Node
API object that will be created in this `kubeadm init` or
`kubeadm join` operation. This field is also used in the
CommonName field of the kubelet's client certificate to
the API server. Defaults to the hostname of the node if
not provided.
type: string
taints:
description: 'Taints specifies the taints the Node API object
should be registered with. If this field is unset, i.e.
nil, in the `kubeadm init` process it will be defaulted
to []v1.Taint{''node-role.kubernetes.io/master=""''}. If
you don''t want to taint your control-plane node, set this
field to an empty slice, i.e. `taints: {}` in the YAML file.
This field is solely used for Node registration.'
items:
description: The node this Taint is attached to has the
"effect" on any pod that does not tolerate the Taint.
properties:
effect:
description: Required. The effect of the taint on pods
that do not tolerate the taint. Valid effects are
NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Required. The taint key to be applied to
a node.
type: string
timeAdded:
description: TimeAdded represents the time at which
the taint was added. It is only written for NoExecute
taints.
format: date-time
type: string
value:
description: Required. The taint value corresponding
to the taint key.
type: string
required:
- effect
- key
type: object
type: array
type: object
type: object
joinConfiguration:
description: JoinConfiguration is the kubeadm configuration for the
join command
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this
representation of an object. Servers should convert recognized
schemas to the latest internal value, and may reject unrecognized
values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
caCertPath:
description: 'CACertPath is the path to the SSL certificate authority
used to secure comunications between node and control-plane.
Defaults to "/etc/kubernetes/pki/ca.crt". TODO: revisit when
there is defaulting from k/k'
type: string
controlPlane:
description: ControlPlane defines the additional control plane
instance to be deployed on the joining node. If nil, no additional
control plane instance will be deployed.
properties:
localAPIEndpoint:
description: LocalAPIEndpoint represents the endpoint of the
API server instance to be deployed on this node.
properties:
advertiseAddress:
description: AdvertiseAddress sets the IP address for
the API server to advertise.
type: string
bindPort:
description: BindPort sets the secure port for the API
Server to bind to. Defaults to 6443.
format: int32
type: integer
required:
- advertiseAddress
- bindPort
type: object
type: object
discovery:
description: 'Discovery specifies the options for the kubelet
to use during the TLS Bootstrap process TODO: revisit when there
is defaulting from k/k'
properties:
bootstrapToken:
description: BootstrapToken is used to set the options for
bootstrap token based discovery BootstrapToken and File
are mutually exclusive
properties:
apiServerEndpoint:
description: APIServerEndpoint is an IP or domain name
to the API server from which info will be fetched.
type: string
caCertHashes:
description: 'CACertHashes specifies a set of public key
pins to verify when token-based discovery is used. The
root CA found during discovery must match one of these
values. Specifying an empty set disables root CA pinning,
which can be unsafe. Each hash is specified as "<type>:<value>",
where the only currently supported type is "sha256".
This is a hex-encoded SHA-256 hash of the Subject Public
Key Info (SPKI) object in DER-encoded ASN.1. These hashes
can be calculated using, for example, OpenSSL: openssl
x509 -pubkey -in ca.crt openssl rsa -pubin -outform
der 2>&/dev/null | openssl dgst -sha256 -hex'
items:
type: string
type: array
token:
description: Token is a token used to validate cluster
information fetched from the control-plane.
type: string
unsafeSkipCAVerification:
description: UnsafeSkipCAVerification allows token-based
discovery without CA verification via CACertHashes.
This can weaken the security of kubeadm since other
nodes can impersonate the control-plane.
type: boolean
required:
- token
- unsafeSkipCAVerification
type: object
file:
description: File is used to specify a file or URL to a kubeconfig
file from which to load cluster information BootstrapToken
and File are mutually exclusive
properties:
kubeConfigPath:
description: KubeConfigPath is used to specify the actual
file path or URL to the kubeconfig file from which to
load cluster information
type: string
required:
- kubeConfigPath
type: object
timeout:
description: Timeout modifies the discovery timeout
type: string
tlsBootstrapToken:
description: 'TLSBootstrapToken is a token used for TLS bootstrapping.
If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token,
but can be overridden. If .File is set, this field **must
be set** in case the KubeConfigFile does not contain any
other authentication information TODO: revisit when there
is defaulting from k/k'
type: string
type: object
kind:
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint
the client submits requests to. Cannot be updated. In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
nodeRegistration:
description: NodeRegistration holds fields that relate to registering
the new control-plane node to the cluster
properties:
criSocket:
description: CRISocket is used to retrieve container runtime
info. This information will be annotated to the Node API
object, for later re-use
type: string
kubeletExtraArgs:
additionalProperties:
type: string
description: KubeletExtraArgs passes through extra arguments
to the kubelet. The arguments here are passed to the kubelet
command line via the environment file kubeadm writes at
runtime for the kubelet to source. This overrides the generic
base-level configuration in the kubelet-config-1.X ConfigMap
Flags have higher priority when parsing. These values are
local and specific to the node kubeadm is executing on.
type: object
name:
description: Name is the `.Metadata.Name` field of the Node
API object that will be created in this `kubeadm init` or
`kubeadm join` operation. This field is also used in the
CommonName field of the kubelet's client certificate to
the API server. Defaults to the hostname of the node if
not provided.
type: string
taints:
description: 'Taints specifies the taints the Node API object
should be registered with. If this field is unset, i.e.
nil, in the `kubeadm init` process it will be defaulted
to []v1.Taint{''node-role.kubernetes.io/master=""''}. If
you don''t want to taint your control-plane node, set this
field to an empty slice, i.e. `taints: {}` in the YAML file.
This field is solely used for Node registration.'
items:
description: The node this Taint is attached to has the
"effect" on any pod that does not tolerate the Taint.
properties:
effect:
description: Required. The effect of the taint on pods
that do not tolerate the taint. Valid effects are
NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Required. The taint key to be applied to
a node.
type: string
timeAdded:
description: TimeAdded represents the time at which
the taint was added. It is only written for NoExecute
taints.
format: date-time
type: string
value:
description: Required. The taint value corresponding
to the taint key.
type: string
required:
- effect
- key
type: object
type: array
type: object
type: object
ntp:
description: NTP specifies NTP configuration
properties:
enabled:
description: Enabled specifies whether NTP should be enabled
type: boolean
servers:
description: Servers specifies which NTP servers to use
items:
type: string
type: array
type: object
postKubeadmCommands:
description: PostKubeadmCommands specifies extra commands to run after
kubeadm runs
items:
type: string
type: array
preKubeadmCommands:
description: PreKubeadmCommands specifies extra commands to run before
kubeadm runs
items:
type: string
type: array
users:
description: Users specifies extra users to add
items:
description: User defines the input for a generated user in cloud-init.
properties:
gecos:
description: Gecos specifies the gecos to use for the user
type: string
groups:
description: Groups specifies the additional groups for the
user
type: string
homeDir:
description: HomeDir specifies the home directory to use for
the user
type: string
inactive:
description: Inactive specifies whether to mark the user as
inactive
type: boolean
lockPassword:
description: LockPassword specifies if password login should
be disabled
type: boolean
name:
description: Name specifies the user name
type: string
passwd:
description: Passwd specifies a hashed password for the user
type: string
primaryGroup:
description: PrimaryGroup specifies the primary group for the
user
type: string
shell:
description: Shell specifies the user's shell
type: string
sshAuthorizedKeys:
description: SSHAuthorizedKeys specifies a list of ssh authorized
keys for the user
items:
type: string
type: array
sudo:
description: Sudo specifies a sudo role for the user
type: string
required:
- name
type: object
type: array
type: object
status:
description: KubeadmConfigStatus defines the observed state of KubeadmConfig
properties:
bootstrapData:
description: BootstrapData will be a cloud-init script for now
format: byte
type: string
errorMessage:
description: ErrorMessage will be set on non-retryable errors
type: string
errorReason:
description: ErrorReason will be set on non-retryable errors
type: string
ready:
description: Ready indicates the BootstrapData field is ready to be
consumed
type: boolean
type: object
type: object
served: true
storage: false
subresources:
status: {}
- name: v1alpha3
schema:
openAPIV3Schema:
description: KubeadmConfig is the Schema for the kubeadmconfigs API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: KubeadmConfigSpec defines the desired state of KubeadmConfig.
Either ClusterConfiguration and InitConfiguration should be defined
or the JoinConfiguration should be defined.
properties:
clusterConfiguration:
description: ClusterConfiguration along with InitConfiguration are
the configurations necessary for the init command
properties:
apiServer:
description: APIServer contains extra settings for the API server
control plane component
properties:
certSANs:
description: CertSANs sets extra Subject Alternative Names
for the API Server signing cert.
items:
type: string
type: array
extraArgs:
additionalProperties:
type: string
description: 'ExtraArgs is an extra set of flags to pass to
the control plane component. TODO: This is temporary and
ideally we would like to switch all components to use ComponentConfig
+ ConfigMaps.'
type: object
extraVolumes:
description: ExtraVolumes is an extra set of host volumes,
mounted to the control plane component.
items:
description: HostPathMount contains elements describing
volumes that are mounted from the host.
properties:
hostPath:
description: HostPath is the path in the host that will
be mounted inside the pod.
type: string
mountPath:
description: MountPath is the path inside the pod where
hostPath will be mounted.
type: string
name:
description: Name of the volume inside the pod template.
type: string
pathType:
description: PathType is the type of the HostPath.
type: string
readOnly:
description: ReadOnly controls write access to the volume
type: boolean
required:
- hostPath
- mountPath
- name
type: object
type: array
timeoutForControlPlane:
description: TimeoutForControlPlane controls the timeout that
we use for API server to appear
type: string
type: object
apiVersion:
description: 'APIVersion defines the versioned schema of this
representation of an object. Servers should convert recognized
schemas to the latest internal value, and may reject unrecognized
values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
certificatesDir:
description: 'CertificatesDir specifies where to store or look
for all required certificates. NB: if not provided, this will
default to `/etc/kubernetes/pki`'
type: string
clusterName:
description: The cluster name
type: string
controlPlaneEndpoint:
description: 'ControlPlaneEndpoint sets a stable IP address or
DNS name for the control plane; it can be a valid IP address
or a RFC-1123 DNS subdomain, both with optional TCP port. In
case the ControlPlaneEndpoint is not specified, the AdvertiseAddress
+ BindPort are used; in case the ControlPlaneEndpoint is specified
but without a TCP port, the BindPort is used. Possible usages
are: e.g. In a cluster with more than one control plane instances,
this field should be assigned the address of the external load
balancer in front of the control plane instances. e.g. in environments
with enforced node recycling, the ControlPlaneEndpoint could
be used for assigning a stable DNS to the control plane. NB:
This value defaults to the first value in the Cluster object
status.apiEndpoints array.'
type: string
controllerManager:
description: ControllerManager contains extra settings for the
controller manager control plane component
properties:
extraArgs:
additionalProperties:
type: string
description: 'ExtraArgs is an extra set of flags to pass to
the control plane component. TODO: This is temporary and
ideally we would like to switch all components to use ComponentConfig
+ ConfigMaps.'
type: object
extraVolumes:
description: ExtraVolumes is an extra set of host volumes,
mounted to the control plane component.
items:
description: HostPathMount contains elements describing
volumes that are mounted from the host.
properties:
hostPath:
description: HostPath is the path in the host that will
be mounted inside the pod.
type: string
mountPath:
description: MountPath is the path inside the pod where
hostPath will be mounted.
type: string
name:
description: Name of the volume inside the pod template.
type: string
pathType:
description: PathType is the type of the HostPath.
type: string
readOnly:
description: ReadOnly controls write access to the volume
type: boolean
required:
- hostPath
- mountPath
- name
type: object
type: array
type: object
dns:
description: DNS defines the options for the DNS add-on installed
in the cluster.
properties:
imageRepository:
description: ImageRepository sets the container registry to
pull images from. if not set, the ImageRepository defined
in ClusterConfiguration will be used instead.
type: string
imageTag:
description: ImageTag allows to specify a tag for the image.
In case this value is set, kubeadm does not change automatically
the version of the above components during upgrades.
type: string
type:
description: Type defines the DNS add-on to be used
type: string
type: object
etcd:
description: 'Etcd holds configuration for etcd. NB: This value
defaults to a Local (stacked) etcd'
properties:
external:
description: External describes how to connect to an external
etcd cluster Local and External are mutually exclusive
properties:
caFile:
description: CAFile is an SSL Certificate Authority file
used to secure etcd communication. Required if using
a TLS connection.
type: string
certFile:
description: CertFile is an SSL certification file used
to secure etcd communication. Required if using a TLS
connection.
type: string
endpoints:
description: Endpoints of etcd members. Required for ExternalEtcd.
items:
type: string
type: array
keyFile:
description: KeyFile is an SSL key file used to secure
etcd communication. Required if using a TLS connection.
type: string
required:
- caFile
- certFile
- endpoints
- keyFile
type: object
local:
description: Local provides configuration knobs for configuring
the local etcd instance Local and External are mutually
exclusive
properties:
dataDir:
description: DataDir is the directory etcd will place
its data. Defaults to "/var/lib/etcd".
type: string
extraArgs:
additionalProperties:
type: string
description: ExtraArgs are extra arguments provided to
the etcd binary when run inside a static pod.
type: object
imageRepository:
description: ImageRepository sets the container registry
to pull images from. if not set, the ImageRepository
defined in ClusterConfiguration will be used instead.
type: string
imageTag:
description: ImageTag allows to specify a tag for the
image. In case this value is set, kubeadm does not change
automatically the version of the above components during
upgrades.
type: string
peerCertSANs:
description: PeerCertSANs sets extra Subject Alternative
Names for the etcd peer signing cert.
items:
type: string
type: array
serverCertSANs:
description: ServerCertSANs sets extra Subject Alternative
Names for the etcd server signing cert.
items:
type: string
type: array
type: object
type: object
featureGates:
additionalProperties:
type: boolean
description: FeatureGates enabled by the user.
type: object
imageRepository:
description: ImageRepository sets the container registry to pull
images from. If empty, `k8s.gcr.io` will be used by default;
in case of kubernetes version is a CI build (kubernetes version
starts with `ci/` or `ci-cross/`) `gcr.io/kubernetes-ci-images`
will be used as a default for control plane components and for
kube-proxy, while `k8s.gcr.io` will be used for all the other
images.
type: string
kind:
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint
the client submits requests to. Cannot be updated. In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
kubernetesVersion:
description: 'KubernetesVersion is the target version of the control
plane. NB: This value defaults to the Machine object spec.kuberentesVersion'
type: string
networking:
description: 'Networking holds configuration for the networking
topology of the cluster. NB: This value defaults to the Cluster
object spec.clusterNetwork.'
properties:
dnsDomain:
description: DNSDomain is the dns domain used by k8s services.
Defaults to "cluster.local".
type: string
podSubnet:
description: PodSubnet is the subnet used by pods. If unset,
the API server will not allocate CIDR ranges for every node.
Defaults to the first element of the Cluster object's spec.clusterNetwork.services.cidrBlocks
if that is set
type: string
serviceSubnet:
description: ServiceSubnet is the subnet used by k8s services.
Defaults to the first element of the Cluster object's spec.clusterNetwork.pods.cidrBlocks
field, or to "10.96.0.0/12" if that's unset.
type: string
type: object
scheduler:
description: Scheduler contains extra settings for the scheduler
control plane component
properties:
extraArgs:
additionalProperties:
type: string
description: 'ExtraArgs is an extra set of flags to pass to
the control plane component. TODO: This is temporary and
ideally we would like to switch all components to use ComponentConfig
+ ConfigMaps.'
type: object
extraVolumes:
description: ExtraVolumes is an extra set of host volumes,
mounted to the control plane component.
items:
description: HostPathMount contains elements describing
volumes that are mounted from the host.
properties:
hostPath:
description: HostPath is the path in the host that will
be mounted inside the pod.
type: string
mountPath:
description: MountPath is the path inside the pod where
hostPath will be mounted.
type: string
name:
description: Name of the volume inside the pod template.
type: string
pathType:
description: PathType is the type of the HostPath.
type: string
readOnly:
description: ReadOnly controls write access to the volume
type: boolean
required:
- hostPath
- mountPath
- name
type: object
type: array
type: object
useHyperKubeImage:
description: UseHyperKubeImage controls if hyperkube should be
used for Kubernetes components instead of their respective separate
images
type: boolean
type: object
files:
description: Files specifies extra files to be passed to user_data
upon creation.
items:
description: File defines the input for generating write_files in
cloud-init.
properties:
content:
description: Content is the actual content of the file.
type: string
encoding:
description: Encoding specifies the encoding of the file contents.
enum:
- base64
- gzip
- gzip+base64
type: string
owner:
description: Owner specifies the ownership of the file, e.g.
"root:root".
type: string
path:
description: Path specifies the full path on disk where to store
the file.
type: string
permissions:
description: Permissions specifies the permissions to assign
to the file, e.g. "0640".
type: string
required:
- content
- path
type: object
type: array
format:
description: Format specifies the output format of the bootstrap data
enum:
- cloud-config
type: string
initConfiguration:
description: InitConfiguration along with ClusterConfiguration are
the configurations necessary for the init command
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this
representation of an object. Servers should convert recognized
schemas to the latest internal value, and may reject unrecognized
values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
bootstrapTokens:
description: BootstrapTokens is respected at `kubeadm init` time
and describes a set of Bootstrap Tokens to create. This information
IS NOT uploaded to the kubeadm cluster configmap, partly because
of its sensitive nature
items:
description: BootstrapToken describes one bootstrap token, stored
as a Secret in the cluster
properties:
description:
description: Description sets a human-friendly message why
this token exists and what it's used for, so other administrators
can know its purpose.
type: string
expires:
description: Expires specifies the timestamp when this token
expires. Defaults to being set dynamically at runtime
based on the TTL. Expires and TTL are mutually exclusive.
format: date-time
type: string
groups:
description: Groups specifies the extra groups that this
token will authenticate as when/if used for authentication
items:
type: string
type: array
token:
description: Token is used for establishing bidirectional
trust between nodes and control-planes. Used for joining
nodes in the cluster.
type: object
ttl:
description: TTL defines the time to live for this token.
Defaults to 24h. Expires and TTL are mutually exclusive.
type: string
usages:
description: Usages describes the ways in which this token
can be used. Can by default be used for establishing bidirectional
trust, but that can be changed here.
items:
type: string
type: array
required:
- token
type: object
type: array
kind:
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint
the client submits requests to. Cannot be updated. In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
localAPIEndpoint:
description: LocalAPIEndpoint represents the endpoint of the API
server instance that's deployed on this control plane node In
HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint
in the sense that ControlPlaneEndpoint is the global endpoint
for the cluster, which then loadbalances the requests to each
individual API server. This configuration object lets you customize
what IP/DNS name and port the local API server advertises it's
accessible on. By default, kubeadm tries to auto-detect the
IP of the default interface and use that, but in case that process
fails you may set the desired value here.
properties:
advertiseAddress:
description: AdvertiseAddress sets the IP address for the
API server to advertise.
type: string
bindPort:
description: BindPort sets the secure port for the API Server
to bind to. Defaults to 6443.
format: int32
type: integer
required:
- advertiseAddress
- bindPort
type: object
nodeRegistration:
description: NodeRegistration holds fields that relate to registering
the new control-plane node to the cluster
properties:
criSocket:
description: CRISocket is used to retrieve container runtime
info. This information will be annotated to the Node API
object, for later re-use
type: string
kubeletExtraArgs:
additionalProperties:
type: string
description: KubeletExtraArgs passes through extra arguments
to the kubelet. The arguments here are passed to the kubelet
command line via the environment file kubeadm writes at
runtime for the kubelet to source. This overrides the generic
base-level configuration in the kubelet-config-1.X ConfigMap
Flags have higher priority when parsing. These values are
local and specific to the node kubeadm is executing on.
type: object
name:
description: Name is the `.Metadata.Name` field of the Node
API object that will be created in this `kubeadm init` or
`kubeadm join` operation. This field is also used in the
CommonName field of the kubelet's client certificate to
the API server. Defaults to the hostname of the node if
not provided.
type: string
taints:
description: 'Taints specifies the taints the Node API object
should be registered with. If this field is unset, i.e.
nil, in the `kubeadm init` process it will be defaulted
to []v1.Taint{''node-role.kubernetes.io/master=""''}. If
you don''t want to taint your control-plane node, set this
field to an empty slice, i.e. `taints: {}` in the YAML file.
This field is solely used for Node registration.'
items:
description: The node this Taint is attached to has the
"effect" on any pod that does not tolerate the Taint.
properties:
effect:
description: Required. The effect of the taint on pods
that do not tolerate the taint. Valid effects are
NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Required. The taint key to be applied to
a node.
type: string
timeAdded:
description: TimeAdded represents the time at which
the taint was added. It is only written for NoExecute
taints.
format: date-time
type: string
value:
description: Required. The taint value corresponding
to the taint key.
type: string
required:
- effect
- key
type: object
type: array
type: object
type: object
joinConfiguration:
description: JoinConfiguration is the kubeadm configuration for the
join command
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this
representation of an object. Servers should convert recognized
schemas to the latest internal value, and may reject unrecognized
values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
caCertPath:
description: 'CACertPath is the path to the SSL certificate authority
used to secure comunications between node and control-plane.
Defaults to "/etc/kubernetes/pki/ca.crt". TODO: revisit when
there is defaulting from k/k'
type: string
controlPlane:
description: ControlPlane defines the additional control plane
instance to be deployed on the joining node. If nil, no additional
control plane instance will be deployed.
properties:
localAPIEndpoint:
description: LocalAPIEndpoint represents the endpoint of the
API server instance to be deployed on this node.
properties:
advertiseAddress:
description: AdvertiseAddress sets the IP address for
the API server to advertise.
type: string
bindPort:
description: BindPort sets the secure port for the API
Server to bind to. Defaults to 6443.
format: int32
type: integer
required:
- advertiseAddress
- bindPort
type: object
type: object
discovery:
description: 'Discovery specifies the options for the kubelet
to use during the TLS Bootstrap process TODO: revisit when there
is defaulting from k/k'
properties:
bootstrapToken:
description: BootstrapToken is used to set the options for
bootstrap token based discovery BootstrapToken and File
are mutually exclusive
properties:
apiServerEndpoint:
description: APIServerEndpoint is an IP or domain name
to the API server from which info will be fetched.
type: string
caCertHashes:
description: 'CACertHashes specifies a set of public key
pins to verify when token-based discovery is used. The
root CA found during discovery must match one of these
values. Specifying an empty set disables root CA pinning,
which can be unsafe. Each hash is specified as "<type>:<value>",
where the only currently supported type is "sha256".
This is a hex-encoded SHA-256 hash of the Subject Public
Key Info (SPKI) object in DER-encoded ASN.1. These hashes
can be calculated using, for example, OpenSSL: openssl
x509 -pubkey -in ca.crt openssl rsa -pubin -outform
der 2>&/dev/null | openssl dgst -sha256 -hex'
items:
type: string
type: array
token:
description: Token is a token used to validate cluster
information fetched from the control-plane.
type: string
unsafeSkipCAVerification:
description: UnsafeSkipCAVerification allows token-based
discovery without CA verification via CACertHashes.
This can weaken the security of kubeadm since other
nodes can impersonate the control-plane.
type: boolean
required:
- token
- unsafeSkipCAVerification
type: object
file:
description: File is used to specify a file or URL to a kubeconfig
file from which to load cluster information BootstrapToken
and File are mutually exclusive
properties:
kubeConfigPath:
description: KubeConfigPath is used to specify the actual
file path or URL to the kubeconfig file from which to
load cluster information
type: string
required:
- kubeConfigPath
type: object
timeout:
description: Timeout modifies the discovery timeout
type: string
tlsBootstrapToken:
description: 'TLSBootstrapToken is a token used for TLS bootstrapping.
If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token,
but can be overridden. If .File is set, this field **must
be set** in case the KubeConfigFile does not contain any
other authentication information TODO: revisit when there
is defaulting from k/k'
type: string
type: object
kind:
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint
the client submits requests to. Cannot be updated. In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
nodeRegistration:
description: NodeRegistration holds fields that relate to registering
the new control-plane node to the cluster
properties:
criSocket:
description: CRISocket is used to retrieve container runtime
info. This information will be annotated to the Node API
object, for later re-use
type: string
kubeletExtraArgs:
additionalProperties:
type: string
description: KubeletExtraArgs passes through extra arguments
to the kubelet. The arguments here are passed to the kubelet
command line via the environment file kubeadm writes at
runtime for the kubelet to source. This overrides the generic
base-level configuration in the kubelet-config-1.X ConfigMap
Flags have higher priority when parsing. These values are
local and specific to the node kubeadm is executing on.
type: object
name:
description: Name is the `.Metadata.Name` field of the Node
API object that will be created in this `kubeadm init` or
`kubeadm join` operation. This field is also used in the
CommonName field of the kubelet's client certificate to
the API server. Defaults to the hostname of the node if
not provided.
type: string
taints:
description: 'Taints specifies the taints the Node API object
should be registered with. If this field is unset, i.e.
nil, in the `kubeadm init` process it will be defaulted
to []v1.Taint{''node-role.kubernetes.io/master=""''}. If
you don''t want to taint your control-plane node, set this
field to an empty slice, i.e. `taints: {}` in the YAML file.
This field is solely used for Node registration.'
items:
description: The node this Taint is attached to has the
"effect" on any pod that does not tolerate the Taint.
properties:
effect:
description: Required. The effect of the taint on pods
that do not tolerate the taint. Valid effects are
NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Required. The taint key to be applied to
a node.
type: string
timeAdded:
description: TimeAdded represents the time at which
the taint was added. It is only written for NoExecute
taints.
format: date-time
type: string
value:
description: Required. The taint value corresponding
to the taint key.
type: string
required:
- effect
- key
type: object
type: array
type: object
type: object
ntp:
description: NTP specifies NTP configuration
properties:
enabled:
description: Enabled specifies whether NTP should be enabled
type: boolean
servers:
description: Servers specifies which NTP servers to use
items:
type: string
type: array
type: object
postKubeadmCommands:
description: PostKubeadmCommands specifies extra commands to run after
kubeadm runs
items:
type: string
type: array
preKubeadmCommands:
description: PreKubeadmCommands specifies extra commands to run before
kubeadm runs
items:
type: string
type: array
useExperimentalRetryJoin:
description: "UseExperimentalRetryJoin replaces a basic kubeadm command
with a shell script with retries for joins. \n This is meant to
be an experimental temporary workaround on some environments where
joins fail due to timing (and other issues). The long term goal
is to add retries to kubeadm proper and use that functionality.
\n This will add about 40KB to userdata \n For more information,
refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055."
type: boolean
users:
description: Users specifies extra users to add
items:
description: User defines the input for a generated user in cloud-init.
properties:
gecos:
description: Gecos specifies the gecos to use for the user
type: string
groups:
description: Groups specifies the additional groups for the
user
type: string
homeDir:
description: HomeDir specifies the home directory to use for
the user
type: string
inactive:
description: Inactive specifies whether to mark the user as
inactive
type: boolean
lockPassword:
description: LockPassword specifies if password login should
be disabled
type: boolean
name:
description: Name specifies the user name
type: string
passwd:
description: Passwd specifies a hashed password for the user
type: string
primaryGroup:
description: PrimaryGroup specifies the primary group for the
user
type: string
shell:
description: Shell specifies the user's shell
type: string
sshAuthorizedKeys:
description: SSHAuthorizedKeys specifies a list of ssh authorized
keys for the user
items:
type: string
type: array
sudo:
description: Sudo specifies a sudo role for the user
type: string
required:
- name
type: object
type: array
verbosity:
description: Verbosity is the number for the kubeadm log level verbosity.
It overrides the `--v` flag in kubeadm commands.
format: int32
type: integer
type: object
status:
description: KubeadmConfigStatus defines the observed state of KubeadmConfig
properties:
bootstrapData:
description: "BootstrapData will be a cloud-init script for now. \n
Deprecated: This field has been deprecated in v1alpha3 and will
be removed in a future version. Switch to DataSecretName."
format: byte
type: string
dataSecretName:
description: DataSecretName is the name of the secret that stores
the bootstrap data script.
type: string
failureMessage:
description: FailureMessage will be set on non-retryable errors
type: string
failureReason:
description: FailureReason will be set on non-retryable errors
type: string
ready:
description: Ready indicates the BootstrapData field is ready to be
consumed
type: boolean
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
View Git Blame Copy Permalink