{ "description": "KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates API.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "spec is the desired state of KubeadmConfigTemplate.", "properties": { "template": { "description": "template defines the desired state of KubeadmConfigTemplate.", "minProperties": 1, "properties": { "metadata": { "description": "metadata is the standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "minProperties": 1, "properties": { "annotations": { "additionalProperties": { "type": "string" }, "description": "annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", "type": "object" }, "labels": { "additionalProperties": { "type": "string" }, "description": "labels is a map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels", "type": "object" } }, "type": "object", "additionalProperties": false }, "spec": { "description": "spec is the desired state of KubeadmConfig.", "minProperties": 1, "properties": { "bootCommands": { "description": "bootCommands specifies extra commands to run very early in the boot process via the cloud-init bootcmd\nmodule. bootcmd will run on every boot, 'cloud-init-per' command can be used to make bootcmd run exactly\nonce. This is typically run in the cloud-init.service systemd unit. This has no effect in Ignition.", "items": { "maxLength": 10240, "minLength": 1, "type": "string" }, "maxItems": 1000, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "clusterConfiguration": { "description": "clusterConfiguration along with InitConfiguration are the configurations necessary for the init command", "minProperties": 1, "properties": { "apiServer": { "description": "apiServer contains extra settings for the API server control plane component", "minProperties": 1, "properties": { "certSANs": { "description": "certSANs sets extra Subject Alternative Names for the API Server signing cert.", "items": { "maxLength": 253, "minLength": 1, "type": "string" }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "extraArgs": { "description": "extraArgs is a list of args to pass to the control plane component.\nThe arg name must match the command line flag name except without leading dash(es).\nExtra arguments will override existing default arguments set by kubeadm.", "items": { "description": "Arg represents an argument with a name and a value.", "properties": { "name": { "description": "name is the Name of the extraArg.", "maxLength": 256, "minLength": 1, "type": "string" }, "value": { "description": "value is the Value of the extraArg.", "maxLength": 1024, "minLength": 0, "type": "string" } }, "required": [ "name", "value" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-map-keys": [ "name", "value" ], "x-kubernetes-list-type": "map", "x-kubernetes-validations": [ { "message": "extraArgs name must be unique", "rule": "self.all(x, self.exists_one(y, x.name == y.name))" } ] }, "extraEnvs": { "description": "extraEnvs is an extra set of environment variables to pass to the control plane component.\nEnvironment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.\nThis option takes effect only on Kubernetes >=1.31.0.", "items": { "description": "EnvVar represents an environment variable present in a Container.", "properties": { "name": { "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", "type": "string" }, "valueFrom": { "description": "Source for the environment variable's value. Cannot be used if value is not empty.", "properties": { "configMapKeyRef": { "description": "Selects a key of a ConfigMap.", "properties": { "key": { "description": "The key to select.", "type": "string" }, "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, "required": [ "key" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "fieldRef": { "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "properties": { "apiVersion": { "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { "description": "Path of the field to select in the specified API version.", "type": "string" } }, "required": [ "fieldPath" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "resourceFieldRef": { "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "properties": { "containerName": { "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { "description": "Required: resource to select", "type": "string" } }, "required": [ "resource" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "secretKeyRef": { "description": "Selects a key of a secret in the pod's namespace", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, "required": [ "key" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "extraVolumes": { "description": "extraVolumes is an extra set of host volumes, mounted to the control plane component.", "items": { "description": "HostPathMount contains elements describing volumes that are mounted from the\nhost.", "properties": { "hostPath": { "description": "hostPath is the path in the host that will be mounted inside\nthe pod.", "maxLength": 512, "minLength": 1, "type": "string" }, "mountPath": { "description": "mountPath is the path inside the pod where hostPath will be mounted.", "maxLength": 512, "minLength": 1, "type": "string" }, "name": { "description": "name of the volume inside the pod template.", "maxLength": 512, "minLength": 1, "type": "string" }, "pathType": { "description": "pathType is the type of the HostPath.", "type": "string" }, "readOnly": { "description": "readOnly controls write access to the volume", "type": "boolean" } }, "required": [ "hostPath", "mountPath", "name" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" } }, "type": "object", "additionalProperties": false }, "caCertificateValidityPeriodDays": { "description": "caCertificateValidityPeriodDays specifies the validity period for CA certificates generated by Cluster API.\nIf not specified, Cluster API will use a default of 3650 days (10 years).\nThis field cannot be modified.", "format": "int32", "maximum": 36500, "minimum": 1, "type": "integer" }, "certificateValidityPeriodDays": { "description": "certificateValidityPeriodDays specifies the validity period for non-CA certificates generated by kubeadm.\nIf not specified, kubeadm will use a default of 365 days (1 year).\nThis field is only supported with Kubernetes v1.31 or above.", "format": "int32", "maximum": 1095, "minimum": 1, "type": "integer" }, "certificatesDir": { "description": "certificatesDir specifies where to store or look for all required certificates.\nNB: if not provided, this will default to `/etc/kubernetes/pki`", "maxLength": 512, "minLength": 1, "type": "string" }, "controlPlaneEndpoint": { "description": "controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it\ncan be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.\nIn case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort\nare used; in case the ControlPlaneEndpoint is specified but without a TCP port,\nthe BindPort is used.\nPossible usages are:\ne.g. In a cluster with more than one control plane instances, this field should be\nassigned the address of the external load balancer in front of the\ncontrol plane instances.\ne.g. in environments with enforced node recycling, the ControlPlaneEndpoint\ncould be used for assigning a stable DNS to the control plane.\nNB: This value defaults to the first value in the Cluster object status.apiEndpoints array.", "maxLength": 512, "minLength": 1, "type": "string" }, "controllerManager": { "description": "controllerManager contains extra settings for the controller manager control plane component", "minProperties": 1, "properties": { "extraArgs": { "description": "extraArgs is a list of args to pass to the control plane component.\nThe arg name must match the command line flag name except without leading dash(es).\nExtra arguments will override existing default arguments set by kubeadm.", "items": { "description": "Arg represents an argument with a name and a value.", "properties": { "name": { "description": "name is the Name of the extraArg.", "maxLength": 256, "minLength": 1, "type": "string" }, "value": { "description": "value is the Value of the extraArg.", "maxLength": 1024, "minLength": 0, "type": "string" } }, "required": [ "name", "value" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-map-keys": [ "name", "value" ], "x-kubernetes-list-type": "map", "x-kubernetes-validations": [ { "message": "extraArgs name must be unique", "rule": "self.all(x, self.exists_one(y, x.name == y.name))" } ] }, "extraEnvs": { "description": "extraEnvs is an extra set of environment variables to pass to the control plane component.\nEnvironment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.\nThis option takes effect only on Kubernetes >=1.31.0.", "items": { "description": "EnvVar represents an environment variable present in a Container.", "properties": { "name": { "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", "type": "string" }, "valueFrom": { "description": "Source for the environment variable's value. Cannot be used if value is not empty.", "properties": { "configMapKeyRef": { "description": "Selects a key of a ConfigMap.", "properties": { "key": { "description": "The key to select.", "type": "string" }, "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, "required": [ "key" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "fieldRef": { "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "properties": { "apiVersion": { "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { "description": "Path of the field to select in the specified API version.", "type": "string" } }, "required": [ "fieldPath" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "resourceFieldRef": { "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "properties": { "containerName": { "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { "description": "Required: resource to select", "type": "string" } }, "required": [ "resource" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "secretKeyRef": { "description": "Selects a key of a secret in the pod's namespace", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, "required": [ "key" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "extraVolumes": { "description": "extraVolumes is an extra set of host volumes, mounted to the control plane component.", "items": { "description": "HostPathMount contains elements describing volumes that are mounted from the\nhost.", "properties": { "hostPath": { "description": "hostPath is the path in the host that will be mounted inside\nthe pod.", "maxLength": 512, "minLength": 1, "type": "string" }, "mountPath": { "description": "mountPath is the path inside the pod where hostPath will be mounted.", "maxLength": 512, "minLength": 1, "type": "string" }, "name": { "description": "name of the volume inside the pod template.", "maxLength": 512, "minLength": 1, "type": "string" }, "pathType": { "description": "pathType is the type of the HostPath.", "type": "string" }, "readOnly": { "description": "readOnly controls write access to the volume", "type": "boolean" } }, "required": [ "hostPath", "mountPath", "name" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" } }, "type": "object", "additionalProperties": false }, "dns": { "description": "dns defines the options for the DNS add-on installed in the cluster.", "minProperties": 1, "properties": { "imageRepository": { "description": "imageRepository sets the container registry to pull images from.\nif not set, the ImageRepository defined in ClusterConfiguration will be used instead.", "maxLength": 512, "minLength": 1, "type": "string" }, "imageTag": { "description": "imageTag allows to specify a tag for the image.\nIn case this value is set, kubeadm does not change automatically the version of the above components during upgrades.", "maxLength": 256, "minLength": 1, "type": "string" } }, "type": "object", "additionalProperties": false }, "etcd": { "description": "etcd holds configuration for etcd.\nNB: This value defaults to a Local (stacked) etcd", "minProperties": 1, "properties": { "external": { "description": "external describes how to connect to an external etcd cluster\nLocal and External are mutually exclusive", "properties": { "caFile": { "description": "caFile is an SSL Certificate Authority file used to secure etcd communication.\nRequired if using a TLS connection.", "maxLength": 512, "minLength": 1, "type": "string" }, "certFile": { "description": "certFile is an SSL certification file used to secure etcd communication.\nRequired if using a TLS connection.", "maxLength": 512, "minLength": 1, "type": "string" }, "endpoints": { "description": "endpoints of etcd members. Required for ExternalEtcd.", "items": { "maxLength": 512, "minLength": 1, "type": "string" }, "maxItems": 50, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "keyFile": { "description": "keyFile is an SSL key file used to secure etcd communication.\nRequired if using a TLS connection.", "maxLength": 512, "minLength": 1, "type": "string" } }, "required": [ "caFile", "certFile", "endpoints", "keyFile" ], "type": "object", "additionalProperties": false }, "local": { "description": "local provides configuration knobs for configuring the local etcd instance\nLocal and External are mutually exclusive", "minProperties": 1, "properties": { "dataDir": { "description": "dataDir is the directory etcd will place its data.\nDefaults to \"/var/lib/etcd\".", "maxLength": 512, "minLength": 1, "type": "string" }, "extraArgs": { "description": "extraArgs is a list of args to pass to etcd.\nThe arg name must match the command line flag name except without leading dash(es).\nExtra arguments will override existing default arguments set by kubeadm.", "items": { "description": "Arg represents an argument with a name and a value.", "properties": { "name": { "description": "name is the Name of the extraArg.", "maxLength": 256, "minLength": 1, "type": "string" }, "value": { "description": "value is the Value of the extraArg.", "maxLength": 1024, "minLength": 0, "type": "string" } }, "required": [ "name", "value" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-map-keys": [ "name", "value" ], "x-kubernetes-list-type": "map", "x-kubernetes-validations": [ { "message": "extraArgs name must be unique", "rule": "self.all(x, self.exists_one(y, x.name == y.name))" } ] }, "extraEnvs": { "description": "extraEnvs is an extra set of environment variables to pass to etcd.\nEnvironment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.\nThis option takes effect only on Kubernetes >=1.31.0.", "items": { "description": "EnvVar represents an environment variable present in a Container.", "properties": { "name": { "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", "type": "string" }, "valueFrom": { "description": "Source for the environment variable's value. Cannot be used if value is not empty.", "properties": { "configMapKeyRef": { "description": "Selects a key of a ConfigMap.", "properties": { "key": { "description": "The key to select.", "type": "string" }, "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, "required": [ "key" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "fieldRef": { "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "properties": { "apiVersion": { "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { "description": "Path of the field to select in the specified API version.", "type": "string" } }, "required": [ "fieldPath" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "resourceFieldRef": { "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "properties": { "containerName": { "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { "description": "Required: resource to select", "type": "string" } }, "required": [ "resource" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "secretKeyRef": { "description": "Selects a key of a secret in the pod's namespace", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, "required": [ "key" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "imageRepository": { "description": "imageRepository sets the container registry to pull images from.\nif not set, the ImageRepository defined in ClusterConfiguration will be used instead.", "maxLength": 512, "minLength": 1, "type": "string" }, "imageTag": { "description": "imageTag allows to specify a tag for the image.\nIn case this value is set, kubeadm does not change automatically the version of the above components during upgrades.", "maxLength": 256, "minLength": 1, "type": "string" }, "peerCertSANs": { "description": "peerCertSANs sets extra Subject Alternative Names for the etcd peer signing cert.", "items": { "maxLength": 253, "minLength": 1, "type": "string" }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "serverCertSANs": { "description": "serverCertSANs sets extra Subject Alternative Names for the etcd server signing cert.", "items": { "maxLength": 253, "minLength": 1, "type": "string" }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "featureGates": { "additionalProperties": { "type": "boolean" }, "description": "featureGates enabled by the user.", "type": "object" }, "imageRepository": { "description": "imageRepository sets the container registry to pull images from.\n* If not set, the default registry of kubeadm will be used, i.e.\n * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0\n * k8s.gcr.io (old registry): all older versions\n Please note that when imageRepository is not set we don't allow upgrades to\n versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use\n a newer patch version with the new registry instead (i.e. >= v1.22.17,\n >= v1.23.15, >= v1.24.9, >= v1.25.0).\n* If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)\n `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components\n and for kube-proxy, while `registry.k8s.io` will be used for all the other images.", "maxLength": 512, "minLength": 1, "type": "string" }, "scheduler": { "description": "scheduler contains extra settings for the scheduler control plane component", "minProperties": 1, "properties": { "extraArgs": { "description": "extraArgs is a list of args to pass to the control plane component.\nThe arg name must match the command line flag name except without leading dash(es).\nExtra arguments will override existing default arguments set by kubeadm.", "items": { "description": "Arg represents an argument with a name and a value.", "properties": { "name": { "description": "name is the Name of the extraArg.", "maxLength": 256, "minLength": 1, "type": "string" }, "value": { "description": "value is the Value of the extraArg.", "maxLength": 1024, "minLength": 0, "type": "string" } }, "required": [ "name", "value" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-map-keys": [ "name", "value" ], "x-kubernetes-list-type": "map", "x-kubernetes-validations": [ { "message": "extraArgs name must be unique", "rule": "self.all(x, self.exists_one(y, x.name == y.name))" } ] }, "extraEnvs": { "description": "extraEnvs is an extra set of environment variables to pass to the control plane component.\nEnvironment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.\nThis option takes effect only on Kubernetes >=1.31.0.", "items": { "description": "EnvVar represents an environment variable present in a Container.", "properties": { "name": { "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", "type": "string" }, "valueFrom": { "description": "Source for the environment variable's value. Cannot be used if value is not empty.", "properties": { "configMapKeyRef": { "description": "Selects a key of a ConfigMap.", "properties": { "key": { "description": "The key to select.", "type": "string" }, "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, "required": [ "key" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "fieldRef": { "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "properties": { "apiVersion": { "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { "description": "Path of the field to select in the specified API version.", "type": "string" } }, "required": [ "fieldPath" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "resourceFieldRef": { "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "properties": { "containerName": { "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { "description": "Required: resource to select", "type": "string" } }, "required": [ "resource" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "secretKeyRef": { "description": "Selects a key of a secret in the pod's namespace", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, "required": [ "key" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "extraVolumes": { "description": "extraVolumes is an extra set of host volumes, mounted to the control plane component.", "items": { "description": "HostPathMount contains elements describing volumes that are mounted from the\nhost.", "properties": { "hostPath": { "description": "hostPath is the path in the host that will be mounted inside\nthe pod.", "maxLength": 512, "minLength": 1, "type": "string" }, "mountPath": { "description": "mountPath is the path inside the pod where hostPath will be mounted.", "maxLength": 512, "minLength": 1, "type": "string" }, "name": { "description": "name of the volume inside the pod template.", "maxLength": 512, "minLength": 1, "type": "string" }, "pathType": { "description": "pathType is the type of the HostPath.", "type": "string" }, "readOnly": { "description": "readOnly controls write access to the volume", "type": "boolean" } }, "required": [ "hostPath", "mountPath", "name" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "diskSetup": { "description": "diskSetup specifies options for the creation of partition tables and file systems on devices.", "minProperties": 1, "properties": { "filesystems": { "description": "filesystems specifies the list of file systems to setup.", "items": { "description": "Filesystem defines the file systems to be created.", "properties": { "device": { "description": "device specifies the device name", "maxLength": 256, "minLength": 1, "type": "string" }, "extraOpts": { "description": "extraOpts defined extra options to add to the command for creating the file system.", "items": { "maxLength": 256, "minLength": 1, "type": "string" }, "maxItems": 100, "type": "array", "x-kubernetes-list-type": "atomic" }, "filesystem": { "description": "filesystem specifies the file system type.", "maxLength": 128, "minLength": 1, "type": "string" }, "label": { "description": "label specifies the file system label to be used. If set to None, no label is used.", "maxLength": 512, "minLength": 1, "type": "string" }, "overwrite": { "description": "overwrite defines whether or not to overwrite any existing filesystem.\nIf true, any pre-existing file system will be destroyed. Use with Caution.", "type": "boolean" }, "partition": { "description": "partition specifies the partition to use. The valid options are: \"auto|any\", \"auto\", \"any\", \"none\", and , where NUM is the actual partition number.", "maxLength": 128, "minLength": 1, "type": "string" }, "replaceFS": { "description": "replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of .\nNOTE: unless you define a label, this requires the use of the 'any' partition directive.", "maxLength": 128, "minLength": 1, "type": "string" } }, "required": [ "device", "filesystem" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "type": "array", "x-kubernetes-list-type": "atomic" }, "partitions": { "description": "partitions specifies the list of the partitions to setup.", "items": { "description": "Partition defines how to create and layout a partition.", "properties": { "device": { "description": "device is the name of the device.", "maxLength": 256, "minLength": 1, "type": "string" }, "layout": { "description": "layout specifies the device layout.\nIf it is true, a single partition will be created for the entire device.\nWhen layout is false, it means don't partition or ignore existing partitioning.", "type": "boolean" }, "overwrite": { "description": "overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.\nUse with caution. Default is 'false'.", "type": "boolean" }, "tableType": { "description": "tableType specifies the tupe of partition table. The following are supported:\n'mbr': default and setups a MS-DOS partition table\n'gpt': setups a GPT partition table", "enum": [ "mbr", "gpt" ], "type": "string" } }, "required": [ "device", "layout" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "type": "array", "x-kubernetes-list-type": "atomic" } }, "type": "object", "additionalProperties": false }, "files": { "description": "files specifies extra files to be passed to user_data upon creation.", "items": { "description": "File defines the input for generating write_files in cloud-init.", "properties": { "append": { "description": "append specifies whether to append Content to existing file if Path exists.", "type": "boolean" }, "content": { "description": "content is the actual content of the file.", "maxLength": 10240, "minLength": 1, "type": "string" }, "contentFrom": { "description": "contentFrom is a referenced source of content to populate the file.", "properties": { "secret": { "description": "secret represents a secret that should populate this file.", "properties": { "key": { "description": "key is the key in the secret's data map for this value.", "maxLength": 256, "minLength": 1, "type": "string" }, "name": { "description": "name of the secret in the KubeadmBootstrapConfig's namespace to use.", "maxLength": 253, "minLength": 1, "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false } }, "required": [ "secret" ], "type": "object", "additionalProperties": false }, "encoding": { "description": "encoding specifies the encoding of the file contents.", "enum": [ "base64", "gzip", "gzip+base64" ], "type": "string" }, "owner": { "description": "owner specifies the ownership of the file, e.g. \"root:root\".", "maxLength": 256, "minLength": 1, "type": "string" }, "path": { "description": "path specifies the full path on disk where to store the file.", "maxLength": 512, "minLength": 1, "type": "string" }, "permissions": { "description": "permissions specifies the permissions to assign to the file, e.g. \"0640\".", "maxLength": 16, "minLength": 1, "type": "string" } }, "required": [ "path" ], "type": "object", "additionalProperties": false }, "maxItems": 200, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "format": { "description": "format specifies the output format of the bootstrap data.\nDefaults to cloud-config if not set.", "enum": [ "cloud-config", "ignition" ], "type": "string" }, "ignition": { "description": "ignition contains Ignition specific configuration.", "minProperties": 1, "properties": { "containerLinuxConfig": { "description": "containerLinuxConfig contains CLC specific configuration.", "minProperties": 1, "properties": { "additionalConfig": { "description": "additionalConfig contains additional configuration to be merged with the Ignition\nconfiguration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging\n\nThe data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/", "maxLength": 32768, "minLength": 1, "type": "string" }, "strict": { "description": "strict controls if AdditionalConfig should be strictly parsed. If so, warnings are treated as errors.", "type": "boolean" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "initConfiguration": { "description": "initConfiguration along with ClusterConfiguration are the configurations necessary for the init command", "minProperties": 1, "properties": { "bootstrapTokens": { "description": "bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.\nThis information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature", "items": { "description": "BootstrapToken describes one bootstrap token, stored as a Secret in the cluster.", "properties": { "description": { "description": "description sets a human-friendly message why this token exists and what it's used\nfor, so other administrators can know its purpose.", "maxLength": 512, "minLength": 1, "type": "string" }, "expires": { "description": "expires specifies the timestamp when this token expires. Defaults to being set\ndynamically at runtime based on the ttlSeconds. Expires and ttlSeconds are mutually exclusive.", "format": "date-time", "type": "string" }, "groups": { "description": "groups specifies the extra groups that this token will authenticate as when/if\nused for authentication", "items": { "maxLength": 256, "minLength": 1, "type": "string" }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "token": { "description": "token is used for establishing bidirectional trust between nodes and control-planes.\nUsed for joining nodes in the cluster.", "maxLength": 23, "minLength": 1, "type": "string" }, "ttlSeconds": { "description": "ttlSeconds defines the time to live for this token. Defaults to 24h.\nExpires and ttlSeconds are mutually exclusive.", "format": "int32", "minimum": 0, "type": "integer" }, "usages": { "description": "usages describes the ways in which this token can be used. Can by default be used\nfor establishing bidirectional trust, but that can be changed here.", "items": { "maxLength": 256, "minLength": 1, "type": "string" }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" } }, "required": [ "token" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "localAPIEndpoint": { "description": "localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node\nIn HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint\nis the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This\nconfiguration object lets you customize what IP/DNS name and port the local API server advertises it's accessible\non. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process\nfails you may set the desired value here.", "minProperties": 1, "properties": { "advertiseAddress": { "description": "advertiseAddress sets the IP address for the API server to advertise.", "maxLength": 39, "minLength": 1, "type": "string" }, "bindPort": { "description": "bindPort sets the secure port for the API Server to bind to.\nDefaults to 6443.", "format": "int32", "minimum": 1, "type": "integer" } }, "type": "object", "additionalProperties": false }, "nodeRegistration": { "description": "nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.\nWhen used in the context of control plane nodes, NodeRegistration should remain consistent\nacross both InitConfiguration and JoinConfiguration", "minProperties": 1, "properties": { "criSocket": { "description": "criSocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use", "maxLength": 512, "minLength": 1, "type": "string" }, "ignorePreflightErrors": { "description": "ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered, e.g. 'IsPrivilegedUser,Swap'.\nValue 'all' ignores errors from all checks.", "items": { "maxLength": 512, "minLength": 1, "type": "string" }, "maxItems": 50, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "imagePullPolicy": { "description": "imagePullPolicy specifies the policy for image pulling\nduring kubeadm \"init\" and \"join\" operations. The value of\nthis field must be one of \"Always\", \"IfNotPresent\" or\n\"Never\". Defaults to \"IfNotPresent\" if not set.", "enum": [ "Always", "IfNotPresent", "Never" ], "type": "string" }, "imagePullSerial": { "description": "imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel.\nThis option takes effect only on Kubernetes >=1.31.0.\nDefault: true (defaulted in kubeadm)", "type": "boolean" }, "kubeletExtraArgs": { "description": "kubeletExtraArgs is a list of args to pass to kubelet.\nThe arg name must match the command line flag name except without leading dash(es).\nExtra arguments will override existing default arguments set by kubeadm.", "items": { "description": "Arg represents an argument with a name and a value.", "properties": { "name": { "description": "name is the Name of the extraArg.", "maxLength": 256, "minLength": 1, "type": "string" }, "value": { "description": "value is the Value of the extraArg.", "maxLength": 1024, "minLength": 0, "type": "string" } }, "required": [ "name", "value" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-map-keys": [ "name", "value" ], "x-kubernetes-list-type": "map", "x-kubernetes-validations": [ { "message": "kubeletExtraArgs name must be unique", "rule": "self.all(x, self.exists_one(y, x.name == y.name))" } ] }, "name": { "description": "name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.\nThis field is also used in the CommonName field of the kubelet's client certificate to the API server.\nDefaults to the hostname of the node if not provided.", "maxLength": 253, "minLength": 1, "type": "string" }, "taints": { "description": "taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process\nit will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=\"\"'}. If you don't want to taint your control-plane node, set this field to an\nempty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.", "items": { "description": "The node this Taint is attached to has the \"effect\" on\nany pod that does not tolerate the Taint.", "properties": { "effect": { "description": "Required. The effect of the taint on pods\nthat do not tolerate the taint.\nValid effects are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { "description": "Required. The taint key to be applied to a node.", "type": "string" }, "timeAdded": { "description": "TimeAdded represents the time at which the taint was added.\nIt is only written for NoExecute taints.", "format": "date-time", "type": "string" }, "value": { "description": "The taint value corresponding to the taint key.", "type": "string" } }, "required": [ "effect", "key" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 0, "type": "array" } }, "type": "object", "additionalProperties": false }, "patches": { "description": "patches contains options related to applying patches to components deployed by kubeadm during\n\"kubeadm init\". The minimum kubernetes version needed to support Patches is v1.22", "minProperties": 1, "properties": { "directory": { "description": "directory is a path to a directory that contains files named \"target[suffix][+patchtype].extension\".\nFor example, \"kube-apiserver0+merge.yaml\" or just \"etcd.json\". \"target\" can be one of\n\"kube-apiserver\", \"kube-controller-manager\", \"kube-scheduler\", \"etcd\". \"patchtype\" can be one\nof \"strategic\" \"merge\" or \"json\" and they match the patch formats supported by kubectl.\nThe default \"patchtype\" is \"strategic\". \"extension\" must be either \"json\" or \"yaml\".\n\"suffix\" is an optional string that can be used to determine which patches are applied\nfirst alpha-numerically.\nThese files can be written into the target directory via KubeadmConfig.Files which\nspecifies additional files to be created on the machine, either with content inline or\nby referencing a secret.", "maxLength": 512, "minLength": 1, "type": "string" } }, "type": "object", "additionalProperties": false }, "skipPhases": { "description": "skipPhases is a list of phases to skip during command execution.\nThe list of phases can be obtained with the \"kubeadm init --help\" command.\nThis option takes effect only on Kubernetes >=1.22.0.", "items": { "maxLength": 256, "minLength": 1, "type": "string" }, "maxItems": 50, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "timeouts": { "description": "timeouts holds various timeouts that apply to kubeadm commands.", "minProperties": 1, "properties": { "controlPlaneComponentHealthCheckSeconds": { "description": "controlPlaneComponentHealthCheckSeconds is the amount of time to wait for a control plane\ncomponent, such as the API server, to be healthy during \"kubeadm init\" and \"kubeadm join\".\nIf not set, it defaults to 4m (240s).", "format": "int32", "minimum": 0, "type": "integer" }, "discoverySeconds": { "description": "discoverySeconds is the amount of time to wait for kubeadm to validate the API server identity\nfor a joining node.\nIf not set, it defaults to 5m (300s).", "format": "int32", "minimum": 0, "type": "integer" }, "etcdAPICallSeconds": { "description": "etcdAPICallSeconds is the amount of time to wait for the kubeadm etcd client to complete a request to\nthe etcd cluster.\nIf not set, it defaults to 2m (120s).", "format": "int32", "minimum": 0, "type": "integer" }, "kubeletHealthCheckSeconds": { "description": "kubeletHealthCheckSeconds is the amount of time to wait for the kubelet to be healthy\nduring \"kubeadm init\" and \"kubeadm join\".\nIf not set, it defaults to 4m (240s).", "format": "int32", "minimum": 0, "type": "integer" }, "kubernetesAPICallSeconds": { "description": "kubernetesAPICallSeconds is the amount of time to wait for the kubeadm client to complete a request to\nthe API server. This applies to all types of methods (GET, POST, etc).\nIf not set, it defaults to 1m (60s).", "format": "int32", "minimum": 0, "type": "integer" }, "tlsBootstrapSeconds": { "description": "tlsBootstrapSeconds is the amount of time to wait for the kubelet to complete TLS bootstrap\nfor a joining node.\nIf not set, it defaults to 5m (300s).", "format": "int32", "minimum": 0, "type": "integer" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "joinConfiguration": { "description": "joinConfiguration is the kubeadm configuration for the join command", "minProperties": 1, "properties": { "caCertPath": { "description": "caCertPath is the path to the SSL certificate authority used to\nsecure communications between node and control-plane.\nDefaults to \"/etc/kubernetes/pki/ca.crt\".", "maxLength": 512, "minLength": 1, "type": "string" }, "controlPlane": { "description": "controlPlane defines the additional control plane instance to be deployed on the joining node.\nIf nil, no additional control plane instance will be deployed.", "properties": { "localAPIEndpoint": { "description": "localAPIEndpoint represents the endpoint of the API server instance to be deployed on this node.", "minProperties": 1, "properties": { "advertiseAddress": { "description": "advertiseAddress sets the IP address for the API server to advertise.", "maxLength": 39, "minLength": 1, "type": "string" }, "bindPort": { "description": "bindPort sets the secure port for the API Server to bind to.\nDefaults to 6443.", "format": "int32", "minimum": 1, "type": "integer" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "discovery": { "description": "discovery specifies the options for the kubelet to use during the TLS Bootstrap process", "minProperties": 1, "properties": { "bootstrapToken": { "description": "bootstrapToken is used to set the options for bootstrap token based discovery\nBootstrapToken and File are mutually exclusive", "minProperties": 1, "properties": { "apiServerEndpoint": { "description": "apiServerEndpoint is an IP or domain name to the API server from which info will be fetched.", "maxLength": 512, "minLength": 1, "type": "string" }, "caCertHashes": { "description": "caCertHashes specifies a set of public key pins to verify\nwhen token-based discovery is used. The root CA found during discovery\nmust match one of these values. Specifying an empty set disables root CA\npinning, which can be unsafe. Each hash is specified as \":\",\nwhere the only currently supported type is \"sha256\". This is a hex-encoded\nSHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded\nASN.1. These hashes can be calculated using, for example, OpenSSL:\nopenssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex", "items": { "maxLength": 512, "minLength": 1, "type": "string" }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "token": { "description": "token is a token used to validate cluster information\nfetched from the control-plane.", "maxLength": 512, "minLength": 1, "type": "string" }, "unsafeSkipCAVerification": { "description": "unsafeSkipCAVerification allows token-based discovery\nwithout CA verification via CACertHashes. This can weaken\nthe security of kubeadm since other nodes can impersonate the control-plane.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "file": { "description": "file is used to specify a file or URL to a kubeconfig file from which to load cluster information\nBootstrapToken and File are mutually exclusive", "properties": { "kubeConfig": { "description": "kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information.\nThe file is generated at the path specified in KubeConfigPath.\n\nHost address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint.\nCertificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret.", "properties": { "cluster": { "description": "cluster contains information about how to communicate with the kubernetes cluster.\n\nBy default the following fields are automatically populated:\n- Server with the Cluster's ControlPlaneEndpoint.\n- CertificateAuthorityData with the Cluster's CA certificate.", "minProperties": 1, "properties": { "certificateAuthorityData": { "description": "certificateAuthorityData contains PEM-encoded certificate authority certificates.\n\nDefaults to the Cluster's CA certificate if empty.", "format": "byte", "maxLength": 51200, "minLength": 1, "type": "string" }, "insecureSkipTLSVerify": { "description": "insecureSkipTLSVerify skips the validity check for the server's certificate. This will make your HTTPS connections insecure.", "type": "boolean" }, "proxyURL": { "description": "proxyURL is the URL to the proxy to be used for all requests made by this\nclient. URLs with \"http\", \"https\", and \"socks5\" schemes are supported. If\nthis configuration is not provided or the empty string, the client\nattempts to construct a proxy configuration from http_proxy and\nhttps_proxy environment variables. If these environment variables are not\nset, the client does not attempt to proxy requests.\n\nsocks5 proxying does not currently support spdy streaming endpoints (exec,\nattach, port forward).", "maxLength": 512, "minLength": 1, "type": "string" }, "server": { "description": "server is the address of the kubernetes cluster (https://hostname:port).\n\nDefaults to https:// + Cluster.Spec.ControlPlaneEndpoint.", "maxLength": 512, "minLength": 1, "type": "string" }, "tlsServerName": { "description": "tlsServerName is used to check server certificate. If TLSServerName is empty, the hostname used to contact the server is used.", "maxLength": 512, "minLength": 1, "type": "string" } }, "type": "object", "additionalProperties": false }, "user": { "description": "user contains information that describes identity information.\nThis is used to tell the kubernetes cluster who you are.", "minProperties": 1, "properties": { "authProvider": { "description": "authProvider specifies a custom authentication plugin for the kubernetes cluster.", "properties": { "config": { "additionalProperties": { "type": "string" }, "description": "config holds the parameters for the authentication plugin.", "type": "object" }, "name": { "description": "name is the name of the authentication plugin.", "maxLength": 256, "minLength": 1, "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "exec": { "description": "exec specifies a custom exec-based authentication plugin for the kubernetes cluster.", "properties": { "apiVersion": { "description": "apiVersion is preferred input version of the ExecInfo. The returned ExecCredentials MUST use\nthe same encoding version as the input.\nDefaults to client.authentication.k8s.io/v1 if not set.", "maxLength": 512, "minLength": 1, "type": "string" }, "args": { "description": "args is the arguments to pass to the command when executing it.", "items": { "maxLength": 512, "minLength": 1, "type": "string" }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "command": { "description": "command to execute.", "maxLength": 1024, "minLength": 1, "type": "string" }, "env": { "description": "env defines additional environment variables to expose to the process. These\nare unioned with the host's environment, as well as variables client-go uses\nto pass argument to the plugin.", "items": { "description": "KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based\ncredential plugin.", "properties": { "name": { "description": "name of the environment variable", "maxLength": 512, "minLength": 1, "type": "string" }, "value": { "description": "value of the environment variable", "maxLength": 512, "minLength": 1, "type": "string" } }, "required": [ "name", "value" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "provideClusterInfo": { "description": "provideClusterInfo determines whether or not to provide cluster information,\nwhich could potentially contain very large CA data, to this exec plugin as a\npart of the KUBERNETES_EXEC_INFO environment variable. By default, it is set\nto false. Package k8s.io/client-go/tools/auth/exec provides helper methods for\nreading this environment variable.", "type": "boolean" } }, "required": [ "command" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "required": [ "user" ], "type": "object", "additionalProperties": false }, "kubeConfigPath": { "description": "kubeConfigPath is used to specify the actual file path or URL to the kubeconfig file from which to load cluster information", "maxLength": 512, "minLength": 1, "type": "string" } }, "required": [ "kubeConfigPath" ], "type": "object", "additionalProperties": false }, "tlsBootstrapToken": { "description": "tlsBootstrapToken is a token used for TLS bootstrapping.\nIf .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.\nIf .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information", "maxLength": 512, "minLength": 1, "type": "string" } }, "type": "object", "additionalProperties": false }, "nodeRegistration": { "description": "nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.\nWhen used in the context of control plane nodes, NodeRegistration should remain consistent\nacross both InitConfiguration and JoinConfiguration", "minProperties": 1, "properties": { "criSocket": { "description": "criSocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use", "maxLength": 512, "minLength": 1, "type": "string" }, "ignorePreflightErrors": { "description": "ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered, e.g. 'IsPrivilegedUser,Swap'.\nValue 'all' ignores errors from all checks.", "items": { "maxLength": 512, "minLength": 1, "type": "string" }, "maxItems": 50, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "imagePullPolicy": { "description": "imagePullPolicy specifies the policy for image pulling\nduring kubeadm \"init\" and \"join\" operations. The value of\nthis field must be one of \"Always\", \"IfNotPresent\" or\n\"Never\". Defaults to \"IfNotPresent\" if not set.", "enum": [ "Always", "IfNotPresent", "Never" ], "type": "string" }, "imagePullSerial": { "description": "imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel.\nThis option takes effect only on Kubernetes >=1.31.0.\nDefault: true (defaulted in kubeadm)", "type": "boolean" }, "kubeletExtraArgs": { "description": "kubeletExtraArgs is a list of args to pass to kubelet.\nThe arg name must match the command line flag name except without leading dash(es).\nExtra arguments will override existing default arguments set by kubeadm.", "items": { "description": "Arg represents an argument with a name and a value.", "properties": { "name": { "description": "name is the Name of the extraArg.", "maxLength": 256, "minLength": 1, "type": "string" }, "value": { "description": "value is the Value of the extraArg.", "maxLength": 1024, "minLength": 0, "type": "string" } }, "required": [ "name", "value" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-map-keys": [ "name", "value" ], "x-kubernetes-list-type": "map", "x-kubernetes-validations": [ { "message": "kubeletExtraArgs name must be unique", "rule": "self.all(x, self.exists_one(y, x.name == y.name))" } ] }, "name": { "description": "name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.\nThis field is also used in the CommonName field of the kubelet's client certificate to the API server.\nDefaults to the hostname of the node if not provided.", "maxLength": 253, "minLength": 1, "type": "string" }, "taints": { "description": "taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process\nit will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=\"\"'}. If you don't want to taint your control-plane node, set this field to an\nempty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.", "items": { "description": "The node this Taint is attached to has the \"effect\" on\nany pod that does not tolerate the Taint.", "properties": { "effect": { "description": "Required. The effect of the taint on pods\nthat do not tolerate the taint.\nValid effects are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { "description": "Required. The taint key to be applied to a node.", "type": "string" }, "timeAdded": { "description": "TimeAdded represents the time at which the taint was added.\nIt is only written for NoExecute taints.", "format": "date-time", "type": "string" }, "value": { "description": "The taint value corresponding to the taint key.", "type": "string" } }, "required": [ "effect", "key" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 0, "type": "array" } }, "type": "object", "additionalProperties": false }, "patches": { "description": "patches contains options related to applying patches to components deployed by kubeadm during\n\"kubeadm join\". The minimum kubernetes version needed to support Patches is v1.22", "minProperties": 1, "properties": { "directory": { "description": "directory is a path to a directory that contains files named \"target[suffix][+patchtype].extension\".\nFor example, \"kube-apiserver0+merge.yaml\" or just \"etcd.json\". \"target\" can be one of\n\"kube-apiserver\", \"kube-controller-manager\", \"kube-scheduler\", \"etcd\". \"patchtype\" can be one\nof \"strategic\" \"merge\" or \"json\" and they match the patch formats supported by kubectl.\nThe default \"patchtype\" is \"strategic\". \"extension\" must be either \"json\" or \"yaml\".\n\"suffix\" is an optional string that can be used to determine which patches are applied\nfirst alpha-numerically.\nThese files can be written into the target directory via KubeadmConfig.Files which\nspecifies additional files to be created on the machine, either with content inline or\nby referencing a secret.", "maxLength": 512, "minLength": 1, "type": "string" } }, "type": "object", "additionalProperties": false }, "skipPhases": { "description": "skipPhases is a list of phases to skip during command execution.\nThe list of phases can be obtained with the \"kubeadm init --help\" command.\nThis option takes effect only on Kubernetes >=1.22.0.", "items": { "maxLength": 256, "minLength": 1, "type": "string" }, "maxItems": 50, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "timeouts": { "description": "timeouts holds various timeouts that apply to kubeadm commands.", "minProperties": 1, "properties": { "controlPlaneComponentHealthCheckSeconds": { "description": "controlPlaneComponentHealthCheckSeconds is the amount of time to wait for a control plane\ncomponent, such as the API server, to be healthy during \"kubeadm init\" and \"kubeadm join\".\nIf not set, it defaults to 4m (240s).", "format": "int32", "minimum": 0, "type": "integer" }, "discoverySeconds": { "description": "discoverySeconds is the amount of time to wait for kubeadm to validate the API server identity\nfor a joining node.\nIf not set, it defaults to 5m (300s).", "format": "int32", "minimum": 0, "type": "integer" }, "etcdAPICallSeconds": { "description": "etcdAPICallSeconds is the amount of time to wait for the kubeadm etcd client to complete a request to\nthe etcd cluster.\nIf not set, it defaults to 2m (120s).", "format": "int32", "minimum": 0, "type": "integer" }, "kubeletHealthCheckSeconds": { "description": "kubeletHealthCheckSeconds is the amount of time to wait for the kubelet to be healthy\nduring \"kubeadm init\" and \"kubeadm join\".\nIf not set, it defaults to 4m (240s).", "format": "int32", "minimum": 0, "type": "integer" }, "kubernetesAPICallSeconds": { "description": "kubernetesAPICallSeconds is the amount of time to wait for the kubeadm client to complete a request to\nthe API server. This applies to all types of methods (GET, POST, etc).\nIf not set, it defaults to 1m (60s).", "format": "int32", "minimum": 0, "type": "integer" }, "tlsBootstrapSeconds": { "description": "tlsBootstrapSeconds is the amount of time to wait for the kubelet to complete TLS bootstrap\nfor a joining node.\nIf not set, it defaults to 5m (300s).", "format": "int32", "minimum": 0, "type": "integer" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "mounts": { "description": "mounts specifies a list of mount points to be setup.", "items": { "description": "MountPoints defines input for generated mounts in cloud-init.", "items": { "maxLength": 512, "minLength": 1, "type": "string" }, "maxItems": 100, "minItems": 1, "type": "array" }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "ntp": { "description": "ntp specifies NTP configuration", "minProperties": 1, "properties": { "enabled": { "description": "enabled specifies whether NTP should be enabled", "type": "boolean" }, "servers": { "description": "servers specifies which NTP servers to use", "items": { "maxLength": 512, "minLength": 1, "type": "string" }, "maxItems": 100, "type": "array", "x-kubernetes-list-type": "atomic" } }, "type": "object", "additionalProperties": false }, "postKubeadmCommands": { "description": "postKubeadmCommands specifies extra commands to run after kubeadm runs.\nWith cloud-init, this is appended to the runcmd module configuration, and is typically executed in\nthe cloud-final.service systemd unit. In Ignition, this is appended to /etc/kubeadm.sh.", "items": { "maxLength": 10240, "minLength": 1, "type": "string" }, "maxItems": 1000, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "preKubeadmCommands": { "description": "preKubeadmCommands specifies extra commands to run before kubeadm runs.\nWith cloud-init, this is prepended to the runcmd module configuration, and is typically executed in\nthe cloud-final.service systemd unit. In Ignition, this is prepended to /etc/kubeadm.sh.", "items": { "maxLength": 10240, "minLength": 1, "type": "string" }, "maxItems": 1000, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "users": { "description": "users specifies extra users to add", "items": { "description": "User defines the input for a generated user in cloud-init.", "properties": { "gecos": { "description": "gecos specifies the gecos to use for the user", "maxLength": 256, "minLength": 1, "type": "string" }, "groups": { "description": "groups specifies the additional groups for the user", "maxLength": 256, "minLength": 1, "type": "string" }, "homeDir": { "description": "homeDir specifies the home directory to use for the user", "maxLength": 256, "minLength": 1, "type": "string" }, "inactive": { "description": "inactive specifies whether to mark the user as inactive", "type": "boolean" }, "lockPassword": { "description": "lockPassword specifies if password login should be disabled", "type": "boolean" }, "name": { "description": "name specifies the user name", "maxLength": 256, "minLength": 1, "type": "string" }, "passwd": { "description": "passwd specifies a hashed password for the user", "maxLength": 256, "minLength": 1, "type": "string" }, "passwdFrom": { "description": "passwdFrom is a referenced source of passwd to populate the passwd.", "properties": { "secret": { "description": "secret represents a secret that should populate this password.", "properties": { "key": { "description": "key is the key in the secret's data map for this value.", "maxLength": 256, "minLength": 1, "type": "string" }, "name": { "description": "name of the secret in the KubeadmBootstrapConfig's namespace to use.", "maxLength": 253, "minLength": 1, "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false } }, "required": [ "secret" ], "type": "object", "additionalProperties": false }, "primaryGroup": { "description": "primaryGroup specifies the primary group for the user", "maxLength": 256, "minLength": 1, "type": "string" }, "shell": { "description": "shell specifies the user's shell", "maxLength": 256, "minLength": 1, "type": "string" }, "sshAuthorizedKeys": { "description": "sshAuthorizedKeys specifies a list of ssh authorized keys for the user", "items": { "maxLength": 2048, "minLength": 1, "type": "string" }, "maxItems": 100, "type": "array", "x-kubernetes-list-type": "atomic" }, "sudo": { "description": "sudo specifies a sudo role for the user", "maxLength": 256, "minLength": 1, "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "verbosity": { "description": "verbosity is the number for the kubeadm log level verbosity.\nIt overrides the `--v` flag in kubeadm commands.", "format": "int32", "type": "integer" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "required": [ "template" ], "type": "object", "additionalProperties": false } }, "type": "object" }