--- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: creationTimestamp: null name: kubeadmconfigs.bootstrap.cluster.x-k8s.io spec: group: bootstrap.cluster.x-k8s.io names: categories: - cluster-api kind: KubeadmConfig listKind: KubeadmConfigList plural: kubeadmconfigs singular: kubeadmconfig scope: Namespaced subresources: status: {} validation: openAPIV3Schema: description: KubeadmConfig is the Schema for the kubeadmconfigs API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: KubeadmConfigSpec defines the desired state of KubeadmConfig. Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined. properties: clusterConfiguration: description: ClusterConfiguration along with InitConfiguration are the configurations necessary for the init command properties: apiServer: description: APIServer contains extra settings for the API server control plane component properties: certSANs: description: CertSANs sets extra Subject Alternative Names for the API Server signing cert. items: type: string type: array extraArgs: additionalProperties: type: string description: 'ExtraArgs is an extra set of flags to pass to the control plane component. TODO: This is temporary and ideally we would like to switch all components to use ComponentConfig + ConfigMaps.' type: object extraVolumes: description: ExtraVolumes is an extra set of host volumes, mounted to the control plane component. items: description: HostPathMount contains elements describing volumes that are mounted from the host. properties: hostPath: description: HostPath is the path in the host that will be mounted inside the pod. type: string mountPath: description: MountPath is the path inside the pod where hostPath will be mounted. type: string name: description: Name of the volume inside the pod template. type: string pathType: description: PathType is the type of the HostPath. type: string readOnly: description: ReadOnly controls write access to the volume type: boolean required: - hostPath - mountPath - name type: object type: array timeoutForControlPlane: description: TimeoutForControlPlane controls the timeout that we use for API server to appear type: string type: object apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string certificatesDir: description: CertificatesDir specifies where to store or look for all required certificates. type: string clusterName: description: The cluster name type: string controlPlaneEndpoint: description: 'ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint is specified but without a TCP port, the BindPort is used. Possible usages are: e.g. In a cluster with more than one control plane instances, this field should be assigned the address of the external load balancer in front of the control plane instances. e.g. in environments with enforced node recycling, the ControlPlaneEndpoint could be used for assigning a stable DNS to the control plane. NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.' type: string controllerManager: description: ControllerManager contains extra settings for the controller manager control plane component properties: extraArgs: additionalProperties: type: string description: 'ExtraArgs is an extra set of flags to pass to the control plane component. TODO: This is temporary and ideally we would like to switch all components to use ComponentConfig + ConfigMaps.' type: object extraVolumes: description: ExtraVolumes is an extra set of host volumes, mounted to the control plane component. items: description: HostPathMount contains elements describing volumes that are mounted from the host. properties: hostPath: description: HostPath is the path in the host that will be mounted inside the pod. type: string mountPath: description: MountPath is the path inside the pod where hostPath will be mounted. type: string name: description: Name of the volume inside the pod template. type: string pathType: description: PathType is the type of the HostPath. type: string readOnly: description: ReadOnly controls write access to the volume type: boolean required: - hostPath - mountPath - name type: object type: array type: object dns: description: DNS defines the options for the DNS add-on installed in the cluster. properties: imageRepository: description: ImageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead. type: string imageTag: description: ImageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. type: string type: description: Type defines the DNS add-on to be used type: string required: - type type: object etcd: description: Etcd holds configuration for etcd. properties: external: description: External describes how to connect to an external etcd cluster Local and External are mutually exclusive properties: caFile: description: CAFile is an SSL Certificate Authority file used to secure etcd communication. Required if using a TLS connection. type: string certFile: description: CertFile is an SSL certification file used to secure etcd communication. Required if using a TLS connection. type: string endpoints: description: Endpoints of etcd members. Required for ExternalEtcd. items: type: string type: array keyFile: description: KeyFile is an SSL key file used to secure etcd communication. Required if using a TLS connection. type: string required: - caFile - certFile - endpoints - keyFile type: object local: description: Local provides configuration knobs for configuring the local etcd instance Local and External are mutually exclusive properties: dataDir: description: DataDir is the directory etcd will place its data. Defaults to "/var/lib/etcd". type: string extraArgs: additionalProperties: type: string description: ExtraArgs are extra arguments provided to the etcd binary when run inside a static pod. type: object imageRepository: description: ImageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead. type: string imageTag: description: ImageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. type: string peerCertSANs: description: PeerCertSANs sets extra Subject Alternative Names for the etcd peer signing cert. items: type: string type: array serverCertSANs: description: ServerCertSANs sets extra Subject Alternative Names for the etcd server signing cert. items: type: string type: array required: - dataDir type: object type: object featureGates: additionalProperties: type: boolean description: FeatureGates enabled by the user. type: object imageRepository: description: ImageRepository sets the container registry to pull images from. If empty, `k8s.gcr.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) `gcr.io/kubernetes-ci-images` will be used as a default for control plane components and for kube-proxy, while `k8s.gcr.io` will be used for all the other images. type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string kubernetesVersion: description: 'KubernetesVersion is the target version of the control plane. NB: This value defaults to the Machine object spec.kuberentesVersion' type: string networking: description: 'Networking holds configuration for the networking topology of the cluster. NB: This value defaults to the Cluster object spec.clusterNetwork.' properties: dnsDomain: description: DNSDomain is the dns domain used by k8s services. Defaults to "cluster.local". type: string podSubnet: description: PodSubnet is the subnet used by pods. type: string serviceSubnet: description: ServiceSubnet is the subnet used by k8s services. Defaults to "10.96.0.0/12". type: string required: - dnsDomain - podSubnet - serviceSubnet type: object scheduler: description: Scheduler contains extra settings for the scheduler control plane component properties: extraArgs: additionalProperties: type: string description: 'ExtraArgs is an extra set of flags to pass to the control plane component. TODO: This is temporary and ideally we would like to switch all components to use ComponentConfig + ConfigMaps.' type: object extraVolumes: description: ExtraVolumes is an extra set of host volumes, mounted to the control plane component. items: description: HostPathMount contains elements describing volumes that are mounted from the host. properties: hostPath: description: HostPath is the path in the host that will be mounted inside the pod. type: string mountPath: description: MountPath is the path inside the pod where hostPath will be mounted. type: string name: description: Name of the volume inside the pod template. type: string pathType: description: PathType is the type of the HostPath. type: string readOnly: description: ReadOnly controls write access to the volume type: boolean required: - hostPath - mountPath - name type: object type: array type: object useHyperKubeImage: description: UseHyperKubeImage controls if hyperkube should be used for Kubernetes components instead of their respective separate images type: boolean type: object files: description: Files specifies extra files to be passed to user_data upon creation. items: description: File defines the input for generating write_files in cloud-init. properties: content: description: Content is the actual content of the file. type: string encoding: description: Encoding specifies the encoding of the file contents. enum: - base64 - gzip - gzip+base64 type: string owner: description: Owner specifies the ownership of the file, e.g. "root:root". type: string path: description: Path specifies the full path on disk where to store the file. type: string permissions: description: Permissions specifies the permissions to assign to the file, e.g. "0640". type: string required: - content - path type: object type: array format: description: Format specifies the output format of the bootstrap data enum: - cloud-config type: string initConfiguration: description: InitConfiguration along with ClusterConfiguration are the configurations necessary for the init command properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string bootstrapTokens: description: BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature items: description: BootstrapToken describes one bootstrap token, stored as a Secret in the cluster properties: description: description: Description sets a human-friendly message why this token exists and what it's used for, so other administrators can know its purpose. type: string expires: description: Expires specifies the timestamp when this token expires. Defaults to being set dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. format: date-time type: string groups: description: Groups specifies the extra groups that this token will authenticate as when/if used for authentication items: type: string type: array token: description: Token is used for establishing bidirectional trust between nodes and control-planes. Used for joining nodes in the cluster. type: object ttl: description: TTL defines the time to live for this token. Defaults to 24h. Expires and TTL are mutually exclusive. type: string usages: description: Usages describes the ways in which this token can be used. Can by default be used for establishing bidirectional trust, but that can be changed here. items: type: string type: array required: - token type: object type: array kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string localAPIEndpoint: description: LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process fails you may set the desired value here. properties: advertiseAddress: description: AdvertiseAddress sets the IP address for the API server to advertise. type: string bindPort: description: BindPort sets the secure port for the API Server to bind to. Defaults to 6443. format: int32 type: integer required: - advertiseAddress - bindPort type: object nodeRegistration: description: NodeRegistration holds fields that relate to registering the new control-plane node to the cluster properties: criSocket: description: CRISocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use type: string kubeletExtraArgs: additionalProperties: type: string description: KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. type: object name: description: Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. This field is also used in the CommonName field of the kubelet's client certificate to the API server. Defaults to the hostname of the node if not provided. type: string taints: description: 'Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. If you don''t want to taint your control-plane node, set this field to an empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.' items: description: The node this Taint is attached to has the "effect" on any pod that does not tolerate the Taint. properties: effect: description: Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute. type: string key: description: Required. The taint key to be applied to a node. type: string timeAdded: description: TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints. format: date-time type: string value: description: Required. The taint value corresponding to the taint key. type: string required: - effect - key type: object type: array type: object type: object joinConfiguration: description: JoinConfiguration is the kubeadm configuration for the join command properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string caCertPath: description: 'CACertPath is the path to the SSL certificate authority used to secure comunications between node and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". TODO: revisit when there is defaulting from k/k' type: string controlPlane: description: ControlPlane defines the additional control plane instance to be deployed on the joining node. If nil, no additional control plane instance will be deployed. properties: localAPIEndpoint: description: LocalAPIEndpoint represents the endpoint of the API server instance to be deployed on this node. properties: advertiseAddress: description: AdvertiseAddress sets the IP address for the API server to advertise. type: string bindPort: description: BindPort sets the secure port for the API Server to bind to. Defaults to 6443. format: int32 type: integer required: - advertiseAddress - bindPort type: object type: object discovery: description: 'Discovery specifies the options for the kubelet to use during the TLS Bootstrap process TODO: revisit when there is defaulting from k/k' properties: bootstrapToken: description: BootstrapToken is used to set the options for bootstrap token based discovery BootstrapToken and File are mutually exclusive properties: apiServerEndpoint: description: APIServerEndpoint is an IP or domain name to the API server from which info will be fetched. type: string caCertHashes: description: 'CACertHashes specifies a set of public key pins to verify when token-based discovery is used. The root CA found during discovery must match one of these values. Specifying an empty set disables root CA pinning, which can be unsafe. Each hash is specified as ":", where the only currently supported type is "sha256". This is a hex-encoded SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded ASN.1. These hashes can be calculated using, for example, OpenSSL: openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex' items: type: string type: array token: description: Token is a token used to validate cluster information fetched from the control-plane. type: string unsafeSkipCAVerification: description: UnsafeSkipCAVerification allows token-based discovery without CA verification via CACertHashes. This can weaken the security of kubeadm since other nodes can impersonate the control-plane. type: boolean required: - token - unsafeSkipCAVerification type: object file: description: File is used to specify a file or URL to a kubeconfig file from which to load cluster information BootstrapToken and File are mutually exclusive properties: kubeConfigPath: description: KubeConfigPath is used to specify the actual file path or URL to the kubeconfig file from which to load cluster information type: string required: - kubeConfigPath type: object timeout: description: Timeout modifies the discovery timeout type: string tlsBootstrapToken: description: 'TLSBootstrapToken is a token used for TLS bootstrapping. If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information TODO: revisit when there is defaulting from k/k' type: string type: object kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string nodeRegistration: description: NodeRegistration holds fields that relate to registering the new control-plane node to the cluster properties: criSocket: description: CRISocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use type: string kubeletExtraArgs: additionalProperties: type: string description: KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. type: object name: description: Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. This field is also used in the CommonName field of the kubelet's client certificate to the API server. Defaults to the hostname of the node if not provided. type: string taints: description: 'Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. If you don''t want to taint your control-plane node, set this field to an empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.' items: description: The node this Taint is attached to has the "effect" on any pod that does not tolerate the Taint. properties: effect: description: Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute. type: string key: description: Required. The taint key to be applied to a node. type: string timeAdded: description: TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints. format: date-time type: string value: description: Required. The taint value corresponding to the taint key. type: string required: - effect - key type: object type: array type: object required: - nodeRegistration type: object ntp: description: NTP specifies NTP configuration properties: enabled: description: Enabled specifies whether NTP should be enabled type: boolean servers: description: Servers specifies which NTP servers to use items: type: string type: array type: object postKubeadmCommands: description: PostKubeadmCommands specifies extra commands to run after kubeadm runs items: type: string type: array preKubeadmCommands: description: PreKubeadmCommands specifies extra commands to run before kubeadm runs items: type: string type: array users: description: Users specifies extra users to add items: description: User defines the input for a generated user in cloud-init. properties: gecos: description: Gecos specifies the gecos to use for the user type: string groups: description: Groups specifies the additional groups for the user type: string homeDir: description: HomeDir specifies the home directory to use for the user type: string inactive: description: Inactive specifies whether to mark the user as inactive type: boolean lockPassword: description: LockPassword specifies if password login should be disabled type: boolean name: description: Name specifies the user name type: string passwd: description: Passwd specifies a hashed password for the user type: string primaryGroup: description: PrimaryGroup specifies the primary group for the user type: string shell: description: Shell specifies the user's shell type: string sshAuthorizedKeys: description: SSHAuthorizedKeys specifies a list of ssh authorized keys for the user items: type: string type: array sudo: description: Sudo specifies a sudo role for the user type: string required: - name type: object type: array type: object status: description: KubeadmConfigStatus defines the observed state of KubeadmConfig properties: bootstrapData: description: BootstrapData will be a cloud-init script for now format: byte type: string errorMessage: description: ErrorMessage will be set on non-retryable errors type: string errorReason: description: ErrorReason will be set on non-retryable errors type: string ready: description: Ready indicates the BootstrapData field is ready to be consumed type: boolean type: object type: object version: v1alpha2 versions: - name: v1alpha2 served: true storage: true status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: []