{ "properties": { "adminKubeconfig": { "description": "AdminKubeconfig generated using the certificates part of the spec do not move to status, since it uses on disk ca certs, which causes issues during regeneration", "type": "string" }, "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", "type": "string" }, "caKeyPair": { "description": "CAKeyPair is the key pair for CA certs.", "properties": { "cert": { "description": "base64 encoded cert and key", "format": "byte", "type": "string" }, "key": { "format": "byte", "type": "string" } }, "required": [ "cert", "key" ], "type": "object", "additionalProperties": false }, "clusterConfiguration": { "description": "ClusterConfiguration holds the cluster-wide information used during a kubeadm init call.", "properties": { "apiServer": { "description": "APIServer contains extra settings for the API server control plane component", "properties": { "certSANs": { "description": "CertSANs sets extra Subject Alternative Names for the API Server signing cert.", "items": { "type": "string" }, "type": "array" }, "extraArgs": { "description": "ExtraArgs is an extra set of flags to pass to the control plane component. TODO: This is temporary and ideally we would like to switch all components to use ComponentConfig + ConfigMaps.", "type": "object" }, "extraVolumes": { "description": "ExtraVolumes is an extra set of host volumes, mounted to the control plane component.", "items": { "properties": { "hostPath": { "description": "HostPath is the path in the host that will be mounted inside the pod.", "type": "string" }, "mountPath": { "description": "MountPath is the path inside the pod where hostPath will be mounted.", "type": "string" }, "name": { "description": "Name of the volume inside the pod template.", "type": "string" }, "pathType": { "description": "PathType is the type of the HostPath.", "type": "string" }, "readOnly": { "description": "ReadOnly controls write access to the volume", "type": "boolean" } }, "required": [ "name", "hostPath", "mountPath" ], "type": "object", "additionalProperties": false }, "type": "array" }, "timeoutForControlPlane": { "description": "TimeoutForControlPlane controls the timeout that we use for API server to appear", "type": "string" } }, "type": "object", "additionalProperties": false }, "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", "type": "string" }, "certificatesDir": { "description": "CertificatesDir specifies where to store or look for all required certificates.", "type": "string" }, "clusterName": { "description": "The cluster name", "type": "string" }, "controlPlaneEndpoint": { "description": "ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint is specified but without a TCP port, the BindPort is used. Possible usages are: e.g. In a cluster with more than one control plane instances, this field should be assigned the address of the external load balancer in front of the control plane instances. e.g. in environments with enforced node recycling, the ControlPlaneEndpoint could be used for assigning a stable DNS to the control plane.", "type": "string" }, "controllerManager": { "description": "ControllerManager contains extra settings for the controller manager control plane component", "properties": { "extraArgs": { "description": "ExtraArgs is an extra set of flags to pass to the control plane component. TODO: This is temporary and ideally we would like to switch all components to use ComponentConfig + ConfigMaps.", "type": "object" }, "extraVolumes": { "description": "ExtraVolumes is an extra set of host volumes, mounted to the control plane component.", "items": { "properties": { "hostPath": { "description": "HostPath is the path in the host that will be mounted inside the pod.", "type": "string" }, "mountPath": { "description": "MountPath is the path inside the pod where hostPath will be mounted.", "type": "string" }, "name": { "description": "Name of the volume inside the pod template.", "type": "string" }, "pathType": { "description": "PathType is the type of the HostPath.", "type": "string" }, "readOnly": { "description": "ReadOnly controls write access to the volume", "type": "boolean" } }, "required": [ "name", "hostPath", "mountPath" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "dns": { "description": "DNS defines the options for the DNS add-on installed in the cluster.", "properties": { "imageRepository": { "description": "ImageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead.", "type": "string" }, "imageTag": { "description": "ImageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.", "type": "string" }, "type": { "description": "Type defines the DNS add-on to be used", "type": "string" } }, "required": [ "type" ], "type": "object", "additionalProperties": false }, "etcd": { "description": "Etcd holds configuration for etcd.", "properties": { "external": { "description": "External describes how to connect to an external etcd cluster Local and External are mutually exclusive", "properties": { "caFile": { "description": "CAFile is an SSL Certificate Authority file used to secure etcd communication. Required if using a TLS connection.", "type": "string" }, "certFile": { "description": "CertFile is an SSL certification file used to secure etcd communication. Required if using a TLS connection.", "type": "string" }, "endpoints": { "description": "Endpoints of etcd members. Required for ExternalEtcd.", "items": { "type": "string" }, "type": "array" }, "keyFile": { "description": "KeyFile is an SSL key file used to secure etcd communication. Required if using a TLS connection.", "type": "string" } }, "required": [ "endpoints", "caFile", "certFile", "keyFile" ], "type": "object", "additionalProperties": false }, "local": { "description": "Local provides configuration knobs for configuring the local etcd instance Local and External are mutually exclusive", "properties": { "dataDir": { "description": "DataDir is the directory etcd will place its data. Defaults to \"/var/lib/etcd\".", "type": "string" }, "extraArgs": { "description": "ExtraArgs are extra arguments provided to the etcd binary when run inside a static pod.", "type": "object" }, "imageRepository": { "description": "ImageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead.", "type": "string" }, "imageTag": { "description": "ImageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.", "type": "string" }, "peerCertSANs": { "description": "PeerCertSANs sets extra Subject Alternative Names for the etcd peer signing cert.", "items": { "type": "string" }, "type": "array" }, "serverCertSANs": { "description": "ServerCertSANs sets extra Subject Alternative Names for the etcd server signing cert.", "items": { "type": "string" }, "type": "array" } }, "required": [ "dataDir" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "featureGates": { "description": "FeatureGates enabled by the user.", "type": "object" }, "imageRepository": { "description": "ImageRepository sets the container registry to pull images from. If empty, `k8s.gcr.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) `gcr.io/kubernetes-ci-images` will be used as a default for control plane components and for kube-proxy, while `k8s.gcr.io` will be used for all the other images.", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", "type": "string" }, "kubernetesVersion": { "description": "KubernetesVersion is the target version of the control plane.", "type": "string" }, "networking": { "description": "Networking holds configuration for the networking topology of the cluster.", "properties": { "dnsDomain": { "description": "DNSDomain is the dns domain used by k8s services. Defaults to \"cluster.local\".", "type": "string" }, "podSubnet": { "description": "PodSubnet is the subnet used by pods.", "type": "string" }, "serviceSubnet": { "description": "ServiceSubnet is the subnet used by k8s services. Defaults to \"10.96.0.0/12\".", "type": "string" } }, "required": [ "serviceSubnet", "podSubnet", "dnsDomain" ], "type": "object", "additionalProperties": false }, "scheduler": { "description": "Scheduler contains extra settings for the scheduler control plane component", "properties": { "extraArgs": { "description": "ExtraArgs is an extra set of flags to pass to the control plane component. TODO: This is temporary and ideally we would like to switch all components to use ComponentConfig + ConfigMaps.", "type": "object" }, "extraVolumes": { "description": "ExtraVolumes is an extra set of host volumes, mounted to the control plane component.", "items": { "properties": { "hostPath": { "description": "HostPath is the path in the host that will be mounted inside the pod.", "type": "string" }, "mountPath": { "description": "MountPath is the path inside the pod where hostPath will be mounted.", "type": "string" }, "name": { "description": "Name of the volume inside the pod template.", "type": "string" }, "pathType": { "description": "PathType is the type of the HostPath.", "type": "string" }, "readOnly": { "description": "ReadOnly controls write access to the volume", "type": "boolean" } }, "required": [ "name", "hostPath", "mountPath" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "useHyperKubeImage": { "description": "UseHyperKubeImage controls if hyperkube should be used for Kubernetes components instead of their respective separate images", "type": "boolean" } }, "required": [ "etcd", "networking", "kubernetesVersion", "controlPlaneEndpoint", "dns", "certificatesDir", "imageRepository" ], "type": "object", "additionalProperties": false }, "discoveryHashes": { "description": "DiscoveryHashes generated using the certificates part of the spec, used by master and nodes bootstrapping this never changes until ca is rotated do not move to status, since it uses on disk ca certs, which causes issues during regeneration", "items": { "type": "string" }, "type": "array" }, "etcdCAKeyPair": { "description": "EtcdCAKeyPair is the key pair for etcd.", "properties": { "cert": { "description": "base64 encoded cert and key", "format": "byte", "type": "string" }, "key": { "format": "byte", "type": "string" } }, "required": [ "cert", "key" ], "type": "object", "additionalProperties": false }, "frontProxyCAKeyPair": { "description": "FrontProxyCAKeyPair is the key pair for the front proxy.", "properties": { "cert": { "description": "base64 encoded cert and key", "format": "byte", "type": "string" }, "key": { "format": "byte", "type": "string" } }, "required": [ "cert", "key" ], "type": "object", "additionalProperties": false }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", "type": "string" }, "location": { "type": "string" }, "metadata": { "type": "object" }, "networkSpec": { "description": "NetworkSpec encapsulates all things related to Azure network.", "properties": { "subnets": { "description": "Subnets configuration.", "items": { "properties": { "cidrBlock": { "description": "CidrBlock is the CIDR block to be used when the provider creates a managed Vnet.", "type": "string" }, "id": { "description": "ID defines a unique identifier to reference this resource.", "type": "string" }, "name": { "description": "Name defines a name for the subnet resource.", "type": "string" }, "securityGroup": { "description": "SecurityGroup defines the NSG (network security group) that should be attached to this subnet.", "properties": { "id": { "type": "string" }, "ingressRule": { "items": { "properties": { "description": { "type": "string" }, "destination": { "description": "Destination - The destination address prefix. CIDR or destination IP range. Asterix '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used.", "type": "string" }, "destinationPorts": { "description": "DestinationPorts - The destination port or range. Integer or range between 0 and 65535. Asterix '*' can also be used to match all ports.", "type": "string" }, "protocol": { "type": "string" }, "source": { "description": "Source - The CIDR or source IP range. Asterix '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from.", "type": "string" }, "sourcePorts": { "description": "SourcePorts - The source port or range. Integer or range between 0 and 65535. Asterix '*' can also be used to match all ports.", "type": "string" } }, "required": [ "description", "protocol" ], "type": "object", "additionalProperties": false }, "type": "array" }, "name": { "type": "string" } }, "required": [ "id", "name", "ingressRule" ], "type": "object", "additionalProperties": false }, "vnetId": { "description": "VnetID defines the ID of the virtual network this subnet should be built in.", "type": "string" } }, "required": [ "name", "vnetId", "securityGroup" ], "type": "object", "additionalProperties": false }, "type": "array" }, "vnet": { "description": "Vnet configuration.", "properties": { "cidrBlock": { "description": "CidrBlock is the CIDR block to be used when the provider creates a managed virtual network.", "type": "string" }, "id": { "description": "ID is the identifier of the virtual network this provider should use to create resources.", "type": "string" }, "name": { "description": "Name defines a name for the virtual network resource.", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "resourceGroup": { "type": "string" }, "saKeyPair": { "description": "SAKeyPair is the service account key pair.", "properties": { "cert": { "description": "base64 encoded cert and key", "format": "byte", "type": "string" }, "key": { "format": "byte", "type": "string" } }, "required": [ "cert", "key" ], "type": "object", "additionalProperties": false } }, "required": [ "resourceGroup", "location" ] }