{ "description": "KubeadmControlPlane is the Schema for the KubeadmControlPlane API.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "spec is the desired state of KubeadmControlPlane.", "properties": { "kubeadmConfigSpec": { "description": "kubeadmConfigSpec is a KubeadmConfigSpec\nto use for initializing and joining machines to the control plane.", "minProperties": 1, "properties": { "bootCommands": { "description": "bootCommands specifies extra commands to run very early in the boot process via the cloud-init bootcmd\nmodule. bootcmd will run on every boot, 'cloud-init-per' command can be used to make bootcmd run exactly\nonce. This is typically run in the cloud-init.service systemd unit. This has no effect in Ignition.", "items": { "maxLength": 10240, "minLength": 1, "type": "string" }, "maxItems": 1000, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "clusterConfiguration": { "description": "clusterConfiguration along with InitConfiguration are the configurations necessary for the init command", "minProperties": 1, "properties": { "apiServer": { "description": "apiServer contains extra settings for the API server control plane component", "minProperties": 1, "properties": { "certSANs": { "description": "certSANs sets extra Subject Alternative Names for the API Server signing cert.", "items": { "maxLength": 253, "minLength": 1, "type": "string" }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "extraArgs": { "description": "extraArgs is a list of args to pass to the control plane component.\nThe arg name must match the command line flag name except without leading dash(es).\nExtra arguments will override existing default arguments set by kubeadm.", "items": { "description": "Arg represents an argument with a name and a value.", "properties": { "name": { "description": "name is the Name of the extraArg.", "maxLength": 256, "minLength": 1, "type": "string" }, "value": { "description": "value is the Value of the extraArg.", "maxLength": 1024, "minLength": 0, "type": "string" } }, "required": [ "name", "value" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-map-keys": [ "name", "value" ], "x-kubernetes-list-type": "map", "x-kubernetes-validations": [ { "message": "extraArgs name must be unique", "rule": "self.all(x, self.exists_one(y, x.name == y.name))" } ] }, "extraEnvs": { "description": "extraEnvs is an extra set of environment variables to pass to the control plane component.\nEnvironment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.\nThis option takes effect only on Kubernetes >=1.31.0.", "items": { "description": "EnvVar represents an environment variable present in a Container.", "properties": { "name": { "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", "type": "string" }, "valueFrom": { "description": "Source for the environment variable's value. Cannot be used if value is not empty.", "properties": { "configMapKeyRef": { "description": "Selects a key of a ConfigMap.", "properties": { "key": { "description": "The key to select.", "type": "string" }, "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, "required": [ "key" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "fieldRef": { "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "properties": { "apiVersion": { "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { "description": "Path of the field to select in the specified API version.", "type": "string" } }, "required": [ "fieldPath" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "resourceFieldRef": { "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "properties": { "containerName": { "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { "description": "Required: resource to select", "type": "string" } }, "required": [ "resource" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "secretKeyRef": { "description": "Selects a key of a secret in the pod's namespace", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, "required": [ "key" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "extraVolumes": { "description": "extraVolumes is an extra set of host volumes, mounted to the control plane component.", "items": { "description": "HostPathMount contains elements describing volumes that are mounted from the\nhost.", "properties": { "hostPath": { "description": "hostPath is the path in the host that will be mounted inside\nthe pod.", "maxLength": 512, "minLength": 1, "type": "string" }, "mountPath": { "description": "mountPath is the path inside the pod where hostPath will be mounted.", "maxLength": 512, "minLength": 1, "type": "string" }, "name": { "description": "name of the volume inside the pod template.", "maxLength": 512, "minLength": 1, "type": "string" }, "pathType": { "description": "pathType is the type of the HostPath.", "type": "string" }, "readOnly": { "description": "readOnly controls write access to the volume", "type": "boolean" } }, "required": [ "hostPath", "mountPath", "name" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" } }, "type": "object", "additionalProperties": false }, "caCertificateValidityPeriodDays": { "description": "caCertificateValidityPeriodDays specifies the validity period for CA certificates generated by Cluster API.\nIf not specified, Cluster API will use a default of 3650 days (10 years).\nThis field cannot be modified.", "format": "int32", "maximum": 36500, "minimum": 1, "type": "integer" }, "certificateValidityPeriodDays": { "description": "certificateValidityPeriodDays specifies the validity period for non-CA certificates generated by kubeadm.\nIf not specified, kubeadm will use a default of 365 days (1 year).\nThis field is only supported with Kubernetes v1.31 or above.", "format": "int32", "maximum": 1095, "minimum": 1, "type": "integer" }, "certificatesDir": { "description": "certificatesDir specifies where to store or look for all required certificates.\nNB: if not provided, this will default to `/etc/kubernetes/pki`", "maxLength": 512, "minLength": 1, "type": "string" }, "controlPlaneEndpoint": { "description": "controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it\ncan be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.\nIn case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort\nare used; in case the ControlPlaneEndpoint is specified but without a TCP port,\nthe BindPort is used.\nPossible usages are:\ne.g. In a cluster with more than one control plane instances, this field should be\nassigned the address of the external load balancer in front of the\ncontrol plane instances.\ne.g. in environments with enforced node recycling, the ControlPlaneEndpoint\ncould be used for assigning a stable DNS to the control plane.\nNB: This value defaults to the first value in the Cluster object status.apiEndpoints array.", "maxLength": 512, "minLength": 1, "type": "string" }, "controllerManager": { "description": "controllerManager contains extra settings for the controller manager control plane component", "minProperties": 1, "properties": { "extraArgs": { "description": "extraArgs is a list of args to pass to the control plane component.\nThe arg name must match the command line flag name except without leading dash(es).\nExtra arguments will override existing default arguments set by kubeadm.", "items": { "description": "Arg represents an argument with a name and a value.", "properties": { "name": { "description": "name is the Name of the extraArg.", "maxLength": 256, "minLength": 1, "type": "string" }, "value": { "description": "value is the Value of the extraArg.", "maxLength": 1024, "minLength": 0, "type": "string" } }, "required": [ "name", "value" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-map-keys": [ "name", "value" ], "x-kubernetes-list-type": "map", "x-kubernetes-validations": [ { "message": "extraArgs name must be unique", "rule": "self.all(x, self.exists_one(y, x.name == y.name))" } ] }, "extraEnvs": { "description": "extraEnvs is an extra set of environment variables to pass to the control plane component.\nEnvironment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.\nThis option takes effect only on Kubernetes >=1.31.0.", "items": { "description": "EnvVar represents an environment variable present in a Container.", "properties": { "name": { "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", "type": "string" }, "valueFrom": { "description": "Source for the environment variable's value. Cannot be used if value is not empty.", "properties": { "configMapKeyRef": { "description": "Selects a key of a ConfigMap.", "properties": { "key": { "description": "The key to select.", "type": "string" }, "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, "required": [ "key" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "fieldRef": { "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "properties": { "apiVersion": { "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { "description": "Path of the field to select in the specified API version.", "type": "string" } }, "required": [ "fieldPath" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "resourceFieldRef": { "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "properties": { "containerName": { "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { "description": "Required: resource to select", "type": "string" } }, "required": [ "resource" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "secretKeyRef": { "description": "Selects a key of a secret in the pod's namespace", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, "required": [ "key" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "extraVolumes": { "description": "extraVolumes is an extra set of host volumes, mounted to the control plane component.", "items": { "description": "HostPathMount contains elements describing volumes that are mounted from the\nhost.", "properties": { "hostPath": { "description": "hostPath is the path in the host that will be mounted inside\nthe pod.", "maxLength": 512, "minLength": 1, "type": "string" }, "mountPath": { "description": "mountPath is the path inside the pod where hostPath will be mounted.", "maxLength": 512, "minLength": 1, "type": "string" }, "name": { "description": "name of the volume inside the pod template.", "maxLength": 512, "minLength": 1, "type": "string" }, "pathType": { "description": "pathType is the type of the HostPath.", "type": "string" }, "readOnly": { "description": "readOnly controls write access to the volume", "type": "boolean" } }, "required": [ "hostPath", "mountPath", "name" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" } }, "type": "object", "additionalProperties": false }, "dns": { "description": "dns defines the options for the DNS add-on installed in the cluster.", "minProperties": 1, "properties": { "imageRepository": { "description": "imageRepository sets the container registry to pull images from.\nif not set, the ImageRepository defined in ClusterConfiguration will be used instead.", "maxLength": 512, "minLength": 1, "type": "string" }, "imageTag": { "description": "imageTag allows to specify a tag for the image.\nIn case this value is set, kubeadm does not change automatically the version of the above components during upgrades.", "maxLength": 256, "minLength": 1, "type": "string" } }, "type": "object", "additionalProperties": false }, "etcd": { "description": "etcd holds configuration for etcd.\nNB: This value defaults to a Local (stacked) etcd", "minProperties": 1, "properties": { "external": { "description": "external describes how to connect to an external etcd cluster\nLocal and External are mutually exclusive", "properties": { "caFile": { "description": "caFile is an SSL Certificate Authority file used to secure etcd communication.\nRequired if using a TLS connection.", "maxLength": 512, "minLength": 1, "type": "string" }, "certFile": { "description": "certFile is an SSL certification file used to secure etcd communication.\nRequired if using a TLS connection.", "maxLength": 512, "minLength": 1, "type": "string" }, "endpoints": { "description": "endpoints of etcd members. Required for ExternalEtcd.", "items": { "maxLength": 512, "minLength": 1, "type": "string" }, "maxItems": 50, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "keyFile": { "description": "keyFile is an SSL key file used to secure etcd communication.\nRequired if using a TLS connection.", "maxLength": 512, "minLength": 1, "type": "string" } }, "required": [ "caFile", "certFile", "endpoints", "keyFile" ], "type": "object", "additionalProperties": false }, "local": { "description": "local provides configuration knobs for configuring the local etcd instance\nLocal and External are mutually exclusive", "minProperties": 1, "properties": { "dataDir": { "description": "dataDir is the directory etcd will place its data.\nDefaults to \"/var/lib/etcd\".", "maxLength": 512, "minLength": 1, "type": "string" }, "extraArgs": { "description": "extraArgs is a list of args to pass to etcd.\nThe arg name must match the command line flag name except without leading dash(es).\nExtra arguments will override existing default arguments set by kubeadm.", "items": { "description": "Arg represents an argument with a name and a value.", "properties": { "name": { "description": "name is the Name of the extraArg.", "maxLength": 256, "minLength": 1, "type": "string" }, "value": { "description": "value is the Value of the extraArg.", "maxLength": 1024, "minLength": 0, "type": "string" } }, "required": [ "name", "value" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-map-keys": [ "name", "value" ], "x-kubernetes-list-type": "map", "x-kubernetes-validations": [ { "message": "extraArgs name must be unique", "rule": "self.all(x, self.exists_one(y, x.name == y.name))" } ] }, "extraEnvs": { "description": "extraEnvs is an extra set of environment variables to pass to etcd.\nEnvironment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.\nThis option takes effect only on Kubernetes >=1.31.0.", "items": { "description": "EnvVar represents an environment variable present in a Container.", "properties": { "name": { "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", "type": "string" }, "valueFrom": { "description": "Source for the environment variable's value. Cannot be used if value is not empty.", "properties": { "configMapKeyRef": { "description": "Selects a key of a ConfigMap.", "properties": { "key": { "description": "The key to select.", "type": "string" }, "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, "required": [ "key" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "fieldRef": { "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "properties": { "apiVersion": { "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { "description": "Path of the field to select in the specified API version.", "type": "string" } }, "required": [ "fieldPath" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "resourceFieldRef": { "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "properties": { "containerName": { "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { "description": "Required: resource to select", "type": "string" } }, "required": [ "resource" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "secretKeyRef": { "description": "Selects a key of a secret in the pod's namespace", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, "required": [ "key" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "imageRepository": { "description": "imageRepository sets the container registry to pull images from.\nif not set, the ImageRepository defined in ClusterConfiguration will be used instead.", "maxLength": 512, "minLength": 1, "type": "string" }, "imageTag": { "description": "imageTag allows to specify a tag for the image.\nIn case this value is set, kubeadm does not change automatically the version of the above components during upgrades.", "maxLength": 256, "minLength": 1, "type": "string" }, "peerCertSANs": { "description": "peerCertSANs sets extra Subject Alternative Names for the etcd peer signing cert.", "items": { "maxLength": 253, "minLength": 1, "type": "string" }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "serverCertSANs": { "description": "serverCertSANs sets extra Subject Alternative Names for the etcd server signing cert.", "items": { "maxLength": 253, "minLength": 1, "type": "string" }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "featureGates": { "additionalProperties": { "type": "boolean" }, "description": "featureGates enabled by the user.", "type": "object" }, "imageRepository": { "description": "imageRepository sets the container registry to pull images from.\n* If not set, the default registry of kubeadm will be used, i.e.\n * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0\n * k8s.gcr.io (old registry): all older versions\n Please note that when imageRepository is not set we don't allow upgrades to\n versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use\n a newer patch version with the new registry instead (i.e. >= v1.22.17,\n >= v1.23.15, >= v1.24.9, >= v1.25.0).\n* If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)\n `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components\n and for kube-proxy, while `registry.k8s.io` will be used for all the other images.", "maxLength": 512, "minLength": 1, "type": "string" }, "scheduler": { "description": "scheduler contains extra settings for the scheduler control plane component", "minProperties": 1, "properties": { "extraArgs": { "description": "extraArgs is a list of args to pass to the control plane component.\nThe arg name must match the command line flag name except without leading dash(es).\nExtra arguments will override existing default arguments set by kubeadm.", "items": { "description": "Arg represents an argument with a name and a value.", "properties": { "name": { "description": "name is the Name of the extraArg.", "maxLength": 256, "minLength": 1, "type": "string" }, "value": { "description": "value is the Value of the extraArg.", "maxLength": 1024, "minLength": 0, "type": "string" } }, "required": [ "name", "value" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-map-keys": [ "name", "value" ], "x-kubernetes-list-type": "map", "x-kubernetes-validations": [ { "message": "extraArgs name must be unique", "rule": "self.all(x, self.exists_one(y, x.name == y.name))" } ] }, "extraEnvs": { "description": "extraEnvs is an extra set of environment variables to pass to the control plane component.\nEnvironment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.\nThis option takes effect only on Kubernetes >=1.31.0.", "items": { "description": "EnvVar represents an environment variable present in a Container.", "properties": { "name": { "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", "type": "string" }, "valueFrom": { "description": "Source for the environment variable's value. Cannot be used if value is not empty.", "properties": { "configMapKeyRef": { "description": "Selects a key of a ConfigMap.", "properties": { "key": { "description": "The key to select.", "type": "string" }, "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, "required": [ "key" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "fieldRef": { "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "properties": { "apiVersion": { "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { "description": "Path of the field to select in the specified API version.", "type": "string" } }, "required": [ "fieldPath" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "resourceFieldRef": { "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "properties": { "containerName": { "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { "description": "Required: resource to select", "type": "string" } }, "required": [ "resource" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "secretKeyRef": { "description": "Selects a key of a secret in the pod's namespace", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, "required": [ "key" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "extraVolumes": { "description": "extraVolumes is an extra set of host volumes, mounted to the control plane component.", "items": { "description": "HostPathMount contains elements describing volumes that are mounted from the\nhost.", "properties": { "hostPath": { "description": "hostPath is the path in the host that will be mounted inside\nthe pod.", "maxLength": 512, "minLength": 1, "type": "string" }, "mountPath": { "description": "mountPath is the path inside the pod where hostPath will be mounted.", "maxLength": 512, "minLength": 1, "type": "string" }, "name": { "description": "name of the volume inside the pod template.", "maxLength": 512, "minLength": 1, "type": "string" }, "pathType": { "description": "pathType is the type of the HostPath.", "type": "string" }, "readOnly": { "description": "readOnly controls write access to the volume", "type": "boolean" } }, "required": [ "hostPath", "mountPath", "name" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "diskSetup": { "description": "diskSetup specifies options for the creation of partition tables and file systems on devices.", "minProperties": 1, "properties": { "filesystems": { "description": "filesystems specifies the list of file systems to setup.", "items": { "description": "Filesystem defines the file systems to be created.", "properties": { "device": { "description": "device specifies the device name", "maxLength": 256, "minLength": 1, "type": "string" }, "extraOpts": { "description": "extraOpts defined extra options to add to the command for creating the file system.", "items": { "maxLength": 256, "minLength": 1, "type": "string" }, "maxItems": 100, "type": "array", "x-kubernetes-list-type": "atomic" }, "filesystem": { "description": "filesystem specifies the file system type.", "maxLength": 128, "minLength": 1, "type": "string" }, "label": { "description": "label specifies the file system label to be used. If set to None, no label is used.", "maxLength": 512, "minLength": 1, "type": "string" }, "overwrite": { "description": "overwrite defines whether or not to overwrite any existing filesystem.\nIf true, any pre-existing file system will be destroyed. Use with Caution.", "type": "boolean" }, "partition": { "description": "partition specifies the partition to use. The valid options are: \"auto|any\", \"auto\", \"any\", \"none\", and , where NUM is the actual partition number.", "maxLength": 128, "minLength": 1, "type": "string" }, "replaceFS": { "description": "replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of .\nNOTE: unless you define a label, this requires the use of the 'any' partition directive.", "maxLength": 128, "minLength": 1, "type": "string" } }, "required": [ "device", "filesystem" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "type": "array", "x-kubernetes-list-type": "atomic" }, "partitions": { "description": "partitions specifies the list of the partitions to setup.", "items": { "description": "Partition defines how to create and layout a partition.", "properties": { "device": { "description": "device is the name of the device.", "maxLength": 256, "minLength": 1, "type": "string" }, "layout": { "description": "layout specifies the device layout.\nIf it is true, a single partition will be created for the entire device.\nWhen layout is false, it means don't partition or ignore existing partitioning.", "type": "boolean" }, "overwrite": { "description": "overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.\nUse with caution. Default is 'false'.", "type": "boolean" }, "tableType": { "description": "tableType specifies the tupe of partition table. The following are supported:\n'mbr': default and setups a MS-DOS partition table\n'gpt': setups a GPT partition table", "enum": [ "mbr", "gpt" ], "type": "string" } }, "required": [ "device", "layout" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "type": "array", "x-kubernetes-list-type": "atomic" } }, "type": "object", "additionalProperties": false }, "files": { "description": "files specifies extra files to be passed to user_data upon creation.", "items": { "description": "File defines the input for generating write_files in cloud-init.", "properties": { "append": { "description": "append specifies whether to append Content to existing file if Path exists.", "type": "boolean" }, "content": { "description": "content is the actual content of the file.", "maxLength": 10240, "minLength": 1, "type": "string" }, "contentFrom": { "description": "contentFrom is a referenced source of content to populate the file.", "properties": { "secret": { "description": "secret represents a secret that should populate this file.", "properties": { "key": { "description": "key is the key in the secret's data map for this value.", "maxLength": 256, "minLength": 1, "type": "string" }, "name": { "description": "name of the secret in the KubeadmBootstrapConfig's namespace to use.", "maxLength": 253, "minLength": 1, "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false } }, "required": [ "secret" ], "type": "object", "additionalProperties": false }, "encoding": { "description": "encoding specifies the encoding of the file contents.", "enum": [ "base64", "gzip", "gzip+base64" ], "type": "string" }, "owner": { "description": "owner specifies the ownership of the file, e.g. \"root:root\".", "maxLength": 256, "minLength": 1, "type": "string" }, "path": { "description": "path specifies the full path on disk where to store the file.", "maxLength": 512, "minLength": 1, "type": "string" }, "permissions": { "description": "permissions specifies the permissions to assign to the file, e.g. \"0640\".", "maxLength": 16, "minLength": 1, "type": "string" } }, "required": [ "path" ], "type": "object", "additionalProperties": false }, "maxItems": 200, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "format": { "description": "format specifies the output format of the bootstrap data.\nDefaults to cloud-config if not set.", "enum": [ "cloud-config", "ignition" ], "type": "string" }, "ignition": { "description": "ignition contains Ignition specific configuration.", "minProperties": 1, "properties": { "containerLinuxConfig": { "description": "containerLinuxConfig contains CLC specific configuration.", "minProperties": 1, "properties": { "additionalConfig": { "description": "additionalConfig contains additional configuration to be merged with the Ignition\nconfiguration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging\n\nThe data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/", "maxLength": 32768, "minLength": 1, "type": "string" }, "strict": { "description": "strict controls if AdditionalConfig should be strictly parsed. If so, warnings are treated as errors.", "type": "boolean" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "initConfiguration": { "description": "initConfiguration along with ClusterConfiguration are the configurations necessary for the init command", "minProperties": 1, "properties": { "bootstrapTokens": { "description": "bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.\nThis information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature", "items": { "description": "BootstrapToken describes one bootstrap token, stored as a Secret in the cluster.", "properties": { "description": { "description": "description sets a human-friendly message why this token exists and what it's used\nfor, so other administrators can know its purpose.", "maxLength": 512, "minLength": 1, "type": "string" }, "expires": { "description": "expires specifies the timestamp when this token expires. Defaults to being set\ndynamically at runtime based on the ttlSeconds. Expires and ttlSeconds are mutually exclusive.", "format": "date-time", "type": "string" }, "groups": { "description": "groups specifies the extra groups that this token will authenticate as when/if\nused for authentication", "items": { "maxLength": 256, "minLength": 1, "type": "string" }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "token": { "description": "token is used for establishing bidirectional trust between nodes and control-planes.\nUsed for joining nodes in the cluster.", "maxLength": 23, "minLength": 1, "type": "string" }, "ttlSeconds": { "description": "ttlSeconds defines the time to live for this token. Defaults to 24h.\nExpires and ttlSeconds are mutually exclusive.", "format": "int32", "minimum": 0, "type": "integer" }, "usages": { "description": "usages describes the ways in which this token can be used. Can by default be used\nfor establishing bidirectional trust, but that can be changed here.", "items": { "maxLength": 256, "minLength": 1, "type": "string" }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" } }, "required": [ "token" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "localAPIEndpoint": { "description": "localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node\nIn HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint\nis the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This\nconfiguration object lets you customize what IP/DNS name and port the local API server advertises it's accessible\non. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process\nfails you may set the desired value here.", "minProperties": 1, "properties": { "advertiseAddress": { "description": "advertiseAddress sets the IP address for the API server to advertise.", "maxLength": 39, "minLength": 1, "type": "string" }, "bindPort": { "description": "bindPort sets the secure port for the API Server to bind to.\nDefaults to 6443.", "format": "int32", "minimum": 1, "type": "integer" } }, "type": "object", "additionalProperties": false }, "nodeRegistration": { "description": "nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.\nWhen used in the context of control plane nodes, NodeRegistration should remain consistent\nacross both InitConfiguration and JoinConfiguration", "minProperties": 1, "properties": { "criSocket": { "description": "criSocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use", "maxLength": 512, "minLength": 1, "type": "string" }, "ignorePreflightErrors": { "description": "ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered, e.g. 'IsPrivilegedUser,Swap'.\nValue 'all' ignores errors from all checks.", "items": { "maxLength": 512, "minLength": 1, "type": "string" }, "maxItems": 50, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "imagePullPolicy": { "description": "imagePullPolicy specifies the policy for image pulling\nduring kubeadm \"init\" and \"join\" operations. The value of\nthis field must be one of \"Always\", \"IfNotPresent\" or\n\"Never\". Defaults to \"IfNotPresent\" if not set.", "enum": [ "Always", "IfNotPresent", "Never" ], "type": "string" }, "imagePullSerial": { "description": "imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel.\nThis option takes effect only on Kubernetes >=1.31.0.\nDefault: true (defaulted in kubeadm)", "type": "boolean" }, "kubeletExtraArgs": { "description": "kubeletExtraArgs is a list of args to pass to kubelet.\nThe arg name must match the command line flag name except without leading dash(es).\nExtra arguments will override existing default arguments set by kubeadm.", "items": { "description": "Arg represents an argument with a name and a value.", "properties": { "name": { "description": "name is the Name of the extraArg.", "maxLength": 256, "minLength": 1, "type": "string" }, "value": { "description": "value is the Value of the extraArg.", "maxLength": 1024, "minLength": 0, "type": "string" } }, "required": [ "name", "value" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-map-keys": [ "name", "value" ], "x-kubernetes-list-type": "map", "x-kubernetes-validations": [ { "message": "kubeletExtraArgs name must be unique", "rule": "self.all(x, self.exists_one(y, x.name == y.name))" } ] }, "name": { "description": "name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.\nThis field is also used in the CommonName field of the kubelet's client certificate to the API server.\nDefaults to the hostname of the node if not provided.", "maxLength": 253, "minLength": 1, "type": "string" }, "taints": { "description": "taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process\nit will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=\"\"'}. If you don't want to taint your control-plane node, set this field to an\nempty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.", "items": { "description": "The node this Taint is attached to has the \"effect\" on\nany pod that does not tolerate the Taint.", "properties": { "effect": { "description": "Required. The effect of the taint on pods\nthat do not tolerate the taint.\nValid effects are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { "description": "Required. The taint key to be applied to a node.", "type": "string" }, "timeAdded": { "description": "TimeAdded represents the time at which the taint was added.\nIt is only written for NoExecute taints.", "format": "date-time", "type": "string" }, "value": { "description": "The taint value corresponding to the taint key.", "type": "string" } }, "required": [ "effect", "key" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 0, "type": "array" } }, "type": "object", "additionalProperties": false }, "patches": { "description": "patches contains options related to applying patches to components deployed by kubeadm during\n\"kubeadm init\". The minimum kubernetes version needed to support Patches is v1.22", "minProperties": 1, "properties": { "directory": { "description": "directory is a path to a directory that contains files named \"target[suffix][+patchtype].extension\".\nFor example, \"kube-apiserver0+merge.yaml\" or just \"etcd.json\". \"target\" can be one of\n\"kube-apiserver\", \"kube-controller-manager\", \"kube-scheduler\", \"etcd\". \"patchtype\" can be one\nof \"strategic\" \"merge\" or \"json\" and they match the patch formats supported by kubectl.\nThe default \"patchtype\" is \"strategic\". \"extension\" must be either \"json\" or \"yaml\".\n\"suffix\" is an optional string that can be used to determine which patches are applied\nfirst alpha-numerically.\nThese files can be written into the target directory via KubeadmConfig.Files which\nspecifies additional files to be created on the machine, either with content inline or\nby referencing a secret.", "maxLength": 512, "minLength": 1, "type": "string" } }, "type": "object", "additionalProperties": false }, "skipPhases": { "description": "skipPhases is a list of phases to skip during command execution.\nThe list of phases can be obtained with the \"kubeadm init --help\" command.\nThis option takes effect only on Kubernetes >=1.22.0.", "items": { "maxLength": 256, "minLength": 1, "type": "string" }, "maxItems": 50, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "timeouts": { "description": "timeouts holds various timeouts that apply to kubeadm commands.", "minProperties": 1, "properties": { "controlPlaneComponentHealthCheckSeconds": { "description": "controlPlaneComponentHealthCheckSeconds is the amount of time to wait for a control plane\ncomponent, such as the API server, to be healthy during \"kubeadm init\" and \"kubeadm join\".\nIf not set, it defaults to 4m (240s).", "format": "int32", "minimum": 0, "type": "integer" }, "discoverySeconds": { "description": "discoverySeconds is the amount of time to wait for kubeadm to validate the API server identity\nfor a joining node.\nIf not set, it defaults to 5m (300s).", "format": "int32", "minimum": 0, "type": "integer" }, "etcdAPICallSeconds": { "description": "etcdAPICallSeconds is the amount of time to wait for the kubeadm etcd client to complete a request to\nthe etcd cluster.\nIf not set, it defaults to 2m (120s).", "format": "int32", "minimum": 0, "type": "integer" }, "kubeletHealthCheckSeconds": { "description": "kubeletHealthCheckSeconds is the amount of time to wait for the kubelet to be healthy\nduring \"kubeadm init\" and \"kubeadm join\".\nIf not set, it defaults to 4m (240s).", "format": "int32", "minimum": 0, "type": "integer" }, "kubernetesAPICallSeconds": { "description": "kubernetesAPICallSeconds is the amount of time to wait for the kubeadm client to complete a request to\nthe API server. This applies to all types of methods (GET, POST, etc).\nIf not set, it defaults to 1m (60s).", "format": "int32", "minimum": 0, "type": "integer" }, "tlsBootstrapSeconds": { "description": "tlsBootstrapSeconds is the amount of time to wait for the kubelet to complete TLS bootstrap\nfor a joining node.\nIf not set, it defaults to 5m (300s).", "format": "int32", "minimum": 0, "type": "integer" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "joinConfiguration": { "description": "joinConfiguration is the kubeadm configuration for the join command", "minProperties": 1, "properties": { "caCertPath": { "description": "caCertPath is the path to the SSL certificate authority used to\nsecure communications between node and control-plane.\nDefaults to \"/etc/kubernetes/pki/ca.crt\".", "maxLength": 512, "minLength": 1, "type": "string" }, "controlPlane": { "description": "controlPlane defines the additional control plane instance to be deployed on the joining node.\nIf nil, no additional control plane instance will be deployed.", "properties": { "localAPIEndpoint": { "description": "localAPIEndpoint represents the endpoint of the API server instance to be deployed on this node.", "minProperties": 1, "properties": { "advertiseAddress": { "description": "advertiseAddress sets the IP address for the API server to advertise.", "maxLength": 39, "minLength": 1, "type": "string" }, "bindPort": { "description": "bindPort sets the secure port for the API Server to bind to.\nDefaults to 6443.", "format": "int32", "minimum": 1, "type": "integer" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "discovery": { "description": "discovery specifies the options for the kubelet to use during the TLS Bootstrap process", "minProperties": 1, "properties": { "bootstrapToken": { "description": "bootstrapToken is used to set the options for bootstrap token based discovery\nBootstrapToken and File are mutually exclusive", "minProperties": 1, "properties": { "apiServerEndpoint": { "description": "apiServerEndpoint is an IP or domain name to the API server from which info will be fetched.", "maxLength": 512, "minLength": 1, "type": "string" }, "caCertHashes": { "description": "caCertHashes specifies a set of public key pins to verify\nwhen token-based discovery is used. The root CA found during discovery\nmust match one of these values. Specifying an empty set disables root CA\npinning, which can be unsafe. Each hash is specified as \":\",\nwhere the only currently supported type is \"sha256\". This is a hex-encoded\nSHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded\nASN.1. These hashes can be calculated using, for example, OpenSSL:\nopenssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex", "items": { "maxLength": 512, "minLength": 1, "type": "string" }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "token": { "description": "token is a token used to validate cluster information\nfetched from the control-plane.", "maxLength": 512, "minLength": 1, "type": "string" }, "unsafeSkipCAVerification": { "description": "unsafeSkipCAVerification allows token-based discovery\nwithout CA verification via CACertHashes. This can weaken\nthe security of kubeadm since other nodes can impersonate the control-plane.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "file": { "description": "file is used to specify a file or URL to a kubeconfig file from which to load cluster information\nBootstrapToken and File are mutually exclusive", "properties": { "kubeConfig": { "description": "kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information.\nThe file is generated at the path specified in KubeConfigPath.\n\nHost address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint.\nCertificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret.", "properties": { "cluster": { "description": "cluster contains information about how to communicate with the kubernetes cluster.\n\nBy default the following fields are automatically populated:\n- Server with the Cluster's ControlPlaneEndpoint.\n- CertificateAuthorityData with the Cluster's CA certificate.", "minProperties": 1, "properties": { "certificateAuthorityData": { "description": "certificateAuthorityData contains PEM-encoded certificate authority certificates.\n\nDefaults to the Cluster's CA certificate if empty.", "format": "byte", "maxLength": 51200, "minLength": 1, "type": "string" }, "insecureSkipTLSVerify": { "description": "insecureSkipTLSVerify skips the validity check for the server's certificate. This will make your HTTPS connections insecure.", "type": "boolean" }, "proxyURL": { "description": "proxyURL is the URL to the proxy to be used for all requests made by this\nclient. URLs with \"http\", \"https\", and \"socks5\" schemes are supported. If\nthis configuration is not provided or the empty string, the client\nattempts to construct a proxy configuration from http_proxy and\nhttps_proxy environment variables. If these environment variables are not\nset, the client does not attempt to proxy requests.\n\nsocks5 proxying does not currently support spdy streaming endpoints (exec,\nattach, port forward).", "maxLength": 512, "minLength": 1, "type": "string" }, "server": { "description": "server is the address of the kubernetes cluster (https://hostname:port).\n\nDefaults to https:// + Cluster.Spec.ControlPlaneEndpoint.", "maxLength": 512, "minLength": 1, "type": "string" }, "tlsServerName": { "description": "tlsServerName is used to check server certificate. If TLSServerName is empty, the hostname used to contact the server is used.", "maxLength": 512, "minLength": 1, "type": "string" } }, "type": "object", "additionalProperties": false }, "user": { "description": "user contains information that describes identity information.\nThis is used to tell the kubernetes cluster who you are.", "minProperties": 1, "properties": { "authProvider": { "description": "authProvider specifies a custom authentication plugin for the kubernetes cluster.", "properties": { "config": { "additionalProperties": { "type": "string" }, "description": "config holds the parameters for the authentication plugin.", "type": "object" }, "name": { "description": "name is the name of the authentication plugin.", "maxLength": 256, "minLength": 1, "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "exec": { "description": "exec specifies a custom exec-based authentication plugin for the kubernetes cluster.", "properties": { "apiVersion": { "description": "apiVersion is preferred input version of the ExecInfo. The returned ExecCredentials MUST use\nthe same encoding version as the input.\nDefaults to client.authentication.k8s.io/v1 if not set.", "maxLength": 512, "minLength": 1, "type": "string" }, "args": { "description": "args is the arguments to pass to the command when executing it.", "items": { "maxLength": 512, "minLength": 1, "type": "string" }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "command": { "description": "command to execute.", "maxLength": 1024, "minLength": 1, "type": "string" }, "env": { "description": "env defines additional environment variables to expose to the process. These\nare unioned with the host's environment, as well as variables client-go uses\nto pass argument to the plugin.", "items": { "description": "KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based\ncredential plugin.", "properties": { "name": { "description": "name of the environment variable", "maxLength": 512, "minLength": 1, "type": "string" }, "value": { "description": "value of the environment variable", "maxLength": 512, "minLength": 1, "type": "string" } }, "required": [ "name", "value" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "provideClusterInfo": { "description": "provideClusterInfo determines whether or not to provide cluster information,\nwhich could potentially contain very large CA data, to this exec plugin as a\npart of the KUBERNETES_EXEC_INFO environment variable. By default, it is set\nto false. Package k8s.io/client-go/tools/auth/exec provides helper methods for\nreading this environment variable.", "type": "boolean" } }, "required": [ "command" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "required": [ "user" ], "type": "object", "additionalProperties": false }, "kubeConfigPath": { "description": "kubeConfigPath is used to specify the actual file path or URL to the kubeconfig file from which to load cluster information", "maxLength": 512, "minLength": 1, "type": "string" } }, "required": [ "kubeConfigPath" ], "type": "object", "additionalProperties": false }, "tlsBootstrapToken": { "description": "tlsBootstrapToken is a token used for TLS bootstrapping.\nIf .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.\nIf .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information", "maxLength": 512, "minLength": 1, "type": "string" } }, "type": "object", "additionalProperties": false }, "nodeRegistration": { "description": "nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.\nWhen used in the context of control plane nodes, NodeRegistration should remain consistent\nacross both InitConfiguration and JoinConfiguration", "minProperties": 1, "properties": { "criSocket": { "description": "criSocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use", "maxLength": 512, "minLength": 1, "type": "string" }, "ignorePreflightErrors": { "description": "ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered, e.g. 'IsPrivilegedUser,Swap'.\nValue 'all' ignores errors from all checks.", "items": { "maxLength": 512, "minLength": 1, "type": "string" }, "maxItems": 50, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "imagePullPolicy": { "description": "imagePullPolicy specifies the policy for image pulling\nduring kubeadm \"init\" and \"join\" operations. The value of\nthis field must be one of \"Always\", \"IfNotPresent\" or\n\"Never\". Defaults to \"IfNotPresent\" if not set.", "enum": [ "Always", "IfNotPresent", "Never" ], "type": "string" }, "imagePullSerial": { "description": "imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel.\nThis option takes effect only on Kubernetes >=1.31.0.\nDefault: true (defaulted in kubeadm)", "type": "boolean" }, "kubeletExtraArgs": { "description": "kubeletExtraArgs is a list of args to pass to kubelet.\nThe arg name must match the command line flag name except without leading dash(es).\nExtra arguments will override existing default arguments set by kubeadm.", "items": { "description": "Arg represents an argument with a name and a value.", "properties": { "name": { "description": "name is the Name of the extraArg.", "maxLength": 256, "minLength": 1, "type": "string" }, "value": { "description": "value is the Value of the extraArg.", "maxLength": 1024, "minLength": 0, "type": "string" } }, "required": [ "name", "value" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-map-keys": [ "name", "value" ], "x-kubernetes-list-type": "map", "x-kubernetes-validations": [ { "message": "kubeletExtraArgs name must be unique", "rule": "self.all(x, self.exists_one(y, x.name == y.name))" } ] }, "name": { "description": "name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.\nThis field is also used in the CommonName field of the kubelet's client certificate to the API server.\nDefaults to the hostname of the node if not provided.", "maxLength": 253, "minLength": 1, "type": "string" }, "taints": { "description": "taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process\nit will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=\"\"'}. If you don't want to taint your control-plane node, set this field to an\nempty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.", "items": { "description": "The node this Taint is attached to has the \"effect\" on\nany pod that does not tolerate the Taint.", "properties": { "effect": { "description": "Required. The effect of the taint on pods\nthat do not tolerate the taint.\nValid effects are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { "description": "Required. The taint key to be applied to a node.", "type": "string" }, "timeAdded": { "description": "TimeAdded represents the time at which the taint was added.\nIt is only written for NoExecute taints.", "format": "date-time", "type": "string" }, "value": { "description": "The taint value corresponding to the taint key.", "type": "string" } }, "required": [ "effect", "key" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 0, "type": "array" } }, "type": "object", "additionalProperties": false }, "patches": { "description": "patches contains options related to applying patches to components deployed by kubeadm during\n\"kubeadm join\". The minimum kubernetes version needed to support Patches is v1.22", "minProperties": 1, "properties": { "directory": { "description": "directory is a path to a directory that contains files named \"target[suffix][+patchtype].extension\".\nFor example, \"kube-apiserver0+merge.yaml\" or just \"etcd.json\". \"target\" can be one of\n\"kube-apiserver\", \"kube-controller-manager\", \"kube-scheduler\", \"etcd\". \"patchtype\" can be one\nof \"strategic\" \"merge\" or \"json\" and they match the patch formats supported by kubectl.\nThe default \"patchtype\" is \"strategic\". \"extension\" must be either \"json\" or \"yaml\".\n\"suffix\" is an optional string that can be used to determine which patches are applied\nfirst alpha-numerically.\nThese files can be written into the target directory via KubeadmConfig.Files which\nspecifies additional files to be created on the machine, either with content inline or\nby referencing a secret.", "maxLength": 512, "minLength": 1, "type": "string" } }, "type": "object", "additionalProperties": false }, "skipPhases": { "description": "skipPhases is a list of phases to skip during command execution.\nThe list of phases can be obtained with the \"kubeadm init --help\" command.\nThis option takes effect only on Kubernetes >=1.22.0.", "items": { "maxLength": 256, "minLength": 1, "type": "string" }, "maxItems": 50, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "timeouts": { "description": "timeouts holds various timeouts that apply to kubeadm commands.", "minProperties": 1, "properties": { "controlPlaneComponentHealthCheckSeconds": { "description": "controlPlaneComponentHealthCheckSeconds is the amount of time to wait for a control plane\ncomponent, such as the API server, to be healthy during \"kubeadm init\" and \"kubeadm join\".\nIf not set, it defaults to 4m (240s).", "format": "int32", "minimum": 0, "type": "integer" }, "discoverySeconds": { "description": "discoverySeconds is the amount of time to wait for kubeadm to validate the API server identity\nfor a joining node.\nIf not set, it defaults to 5m (300s).", "format": "int32", "minimum": 0, "type": "integer" }, "etcdAPICallSeconds": { "description": "etcdAPICallSeconds is the amount of time to wait for the kubeadm etcd client to complete a request to\nthe etcd cluster.\nIf not set, it defaults to 2m (120s).", "format": "int32", "minimum": 0, "type": "integer" }, "kubeletHealthCheckSeconds": { "description": "kubeletHealthCheckSeconds is the amount of time to wait for the kubelet to be healthy\nduring \"kubeadm init\" and \"kubeadm join\".\nIf not set, it defaults to 4m (240s).", "format": "int32", "minimum": 0, "type": "integer" }, "kubernetesAPICallSeconds": { "description": "kubernetesAPICallSeconds is the amount of time to wait for the kubeadm client to complete a request to\nthe API server. This applies to all types of methods (GET, POST, etc).\nIf not set, it defaults to 1m (60s).", "format": "int32", "minimum": 0, "type": "integer" }, "tlsBootstrapSeconds": { "description": "tlsBootstrapSeconds is the amount of time to wait for the kubelet to complete TLS bootstrap\nfor a joining node.\nIf not set, it defaults to 5m (300s).", "format": "int32", "minimum": 0, "type": "integer" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "mounts": { "description": "mounts specifies a list of mount points to be setup.", "items": { "description": "MountPoints defines input for generated mounts in cloud-init.", "items": { "maxLength": 512, "minLength": 1, "type": "string" }, "maxItems": 100, "minItems": 1, "type": "array" }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "ntp": { "description": "ntp specifies NTP configuration", "minProperties": 1, "properties": { "enabled": { "description": "enabled specifies whether NTP should be enabled", "type": "boolean" }, "servers": { "description": "servers specifies which NTP servers to use", "items": { "maxLength": 512, "minLength": 1, "type": "string" }, "maxItems": 100, "type": "array", "x-kubernetes-list-type": "atomic" } }, "type": "object", "additionalProperties": false }, "postKubeadmCommands": { "description": "postKubeadmCommands specifies extra commands to run after kubeadm runs.\nWith cloud-init, this is appended to the runcmd module configuration, and is typically executed in\nthe cloud-final.service systemd unit. In Ignition, this is appended to /etc/kubeadm.sh.", "items": { "maxLength": 10240, "minLength": 1, "type": "string" }, "maxItems": 1000, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "preKubeadmCommands": { "description": "preKubeadmCommands specifies extra commands to run before kubeadm runs.\nWith cloud-init, this is prepended to the runcmd module configuration, and is typically executed in\nthe cloud-final.service systemd unit. In Ignition, this is prepended to /etc/kubeadm.sh.", "items": { "maxLength": 10240, "minLength": 1, "type": "string" }, "maxItems": 1000, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "users": { "description": "users specifies extra users to add", "items": { "description": "User defines the input for a generated user in cloud-init.", "properties": { "gecos": { "description": "gecos specifies the gecos to use for the user", "maxLength": 256, "minLength": 1, "type": "string" }, "groups": { "description": "groups specifies the additional groups for the user", "maxLength": 256, "minLength": 1, "type": "string" }, "homeDir": { "description": "homeDir specifies the home directory to use for the user", "maxLength": 256, "minLength": 1, "type": "string" }, "inactive": { "description": "inactive specifies whether to mark the user as inactive", "type": "boolean" }, "lockPassword": { "description": "lockPassword specifies if password login should be disabled", "type": "boolean" }, "name": { "description": "name specifies the user name", "maxLength": 256, "minLength": 1, "type": "string" }, "passwd": { "description": "passwd specifies a hashed password for the user", "maxLength": 256, "minLength": 1, "type": "string" }, "passwdFrom": { "description": "passwdFrom is a referenced source of passwd to populate the passwd.", "properties": { "secret": { "description": "secret represents a secret that should populate this password.", "properties": { "key": { "description": "key is the key in the secret's data map for this value.", "maxLength": 256, "minLength": 1, "type": "string" }, "name": { "description": "name of the secret in the KubeadmBootstrapConfig's namespace to use.", "maxLength": 253, "minLength": 1, "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false } }, "required": [ "secret" ], "type": "object", "additionalProperties": false }, "primaryGroup": { "description": "primaryGroup specifies the primary group for the user", "maxLength": 256, "minLength": 1, "type": "string" }, "shell": { "description": "shell specifies the user's shell", "maxLength": 256, "minLength": 1, "type": "string" }, "sshAuthorizedKeys": { "description": "sshAuthorizedKeys specifies a list of ssh authorized keys for the user", "items": { "maxLength": 2048, "minLength": 1, "type": "string" }, "maxItems": 100, "type": "array", "x-kubernetes-list-type": "atomic" }, "sudo": { "description": "sudo specifies a sudo role for the user", "maxLength": 256, "minLength": 1, "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "maxItems": 100, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "verbosity": { "description": "verbosity is the number for the kubeadm log level verbosity.\nIt overrides the `--v` flag in kubeadm commands.", "format": "int32", "type": "integer" } }, "type": "object", "additionalProperties": false }, "machineNaming": { "description": "machineNaming allows changing the naming pattern used when creating Machines.\nInfraMachines & KubeadmConfigs will use the same name as the corresponding Machines.", "minProperties": 1, "properties": { "template": { "description": "template defines the template to use for generating the names of the Machine objects.\nIf not defined, it will fallback to `{{ .kubeadmControlPlane.name }}-{{ .random }}`.\nIf the generated name string exceeds 63 characters, it will be trimmed to 58 characters and will\nget concatenated with a random suffix of length 5.\nLength of the template string must not exceed 256 characters.\nThe template allows the following variables `.cluster.name`, `.kubeadmControlPlane.name` and `.random`.\nThe variable `.cluster.name` retrieves the name of the cluster object that owns the Machines being created.\nThe variable `.kubeadmControlPlane.name` retrieves the name of the KubeadmControlPlane object that owns the Machines being created.\nThe variable `.random` is substituted with random alphanumeric string, without vowels, of length 5. This variable is required\npart of the template. If not provided, validation will fail.", "maxLength": 256, "minLength": 1, "type": "string" } }, "type": "object", "additionalProperties": false }, "machineTemplate": { "description": "machineTemplate contains information about how machines\nshould be shaped when creating or updating a control plane.", "properties": { "metadata": { "description": "metadata is the standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "minProperties": 1, "properties": { "annotations": { "additionalProperties": { "type": "string" }, "description": "annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", "type": "object" }, "labels": { "additionalProperties": { "type": "string" }, "description": "labels is a map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels", "type": "object" } }, "type": "object", "additionalProperties": false }, "spec": { "description": "spec defines the spec for Machines\nin a KubeadmControlPlane object.", "properties": { "deletion": { "description": "deletion contains configuration options for Machine deletion.", "minProperties": 1, "properties": { "nodeDeletionTimeoutSeconds": { "description": "nodeDeletionTimeoutSeconds defines how long the machine controller will attempt to delete the Node that the Machine\nhosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.\nIf no value is provided, the default value for this property of the Machine resource will be used.", "format": "int32", "minimum": 0, "type": "integer" }, "nodeDrainTimeoutSeconds": { "description": "nodeDrainTimeoutSeconds is the total amount of time that the controller will spend on draining a controlplane node\nThe default value is 0, meaning that the node can be drained without any time limitations.\nNOTE: nodeDrainTimeoutSeconds is different from `kubectl drain --timeout`", "format": "int32", "minimum": 0, "type": "integer" }, "nodeVolumeDetachTimeoutSeconds": { "description": "nodeVolumeDetachTimeoutSeconds is the total amount of time that the controller will spend on waiting for all volumes\nto be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.", "format": "int32", "minimum": 0, "type": "integer" } }, "type": "object", "additionalProperties": false }, "infrastructureRef": { "description": "infrastructureRef is a required reference to a custom resource\noffered by an infrastructure provider.", "properties": { "apiGroup": { "description": "apiGroup is the group of the resource being referenced.\napiGroup must be fully qualified domain name.\nThe corresponding version for this reference will be looked up from the contract\nlabels of the corresponding CRD of the resource being referenced.", "maxLength": 253, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { "description": "kind of the resource being referenced.\nkind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character.", "maxLength": 63, "minLength": 1, "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { "description": "name of the resource being referenced.\nname must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", "maxLength": 253, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" } }, "required": [ "apiGroup", "kind", "name" ], "type": "object", "additionalProperties": false }, "readinessGates": { "description": "readinessGates specifies additional conditions to include when evaluating Machine Ready condition;\nKubeadmControlPlane will always add readinessGates for the condition it is setting on the Machine:\nAPIServerPodHealthy, SchedulerPodHealthy, ControllerManagerPodHealthy, and if etcd is managed by CKP also\nEtcdPodHealthy, EtcdMemberHealthy.\n\nThis field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready\ncomputation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine.", "items": { "description": "MachineReadinessGate contains the type of a Machine condition to be used as a readiness gate.", "properties": { "conditionType": { "description": "conditionType refers to a condition with matching type in the Machine's condition list.\nIf the conditions doesn't exist, it will be treated as unknown.\nNote: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates.", "maxLength": 316, "minLength": 1, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", "type": "string" }, "polarity": { "description": "polarity of the conditionType specified in this readinessGate.\nValid values are Positive, Negative and omitted.\nWhen omitted, the default behaviour will be Positive.\nA positive polarity means that the condition should report a true status under normal conditions.\nA negative polarity means that the condition should report a false status under normal conditions.", "enum": [ "Positive", "Negative" ], "type": "string" } }, "required": [ "conditionType" ], "type": "object", "additionalProperties": false }, "maxItems": 32, "minItems": 1, "type": "array", "x-kubernetes-list-map-keys": [ "conditionType" ], "x-kubernetes-list-type": "map" } }, "required": [ "infrastructureRef" ], "type": "object", "additionalProperties": false } }, "required": [ "spec" ], "type": "object", "additionalProperties": false }, "remediation": { "description": "remediation controls how unhealthy Machines are remediated.", "minProperties": 1, "properties": { "maxRetry": { "description": "maxRetry is the Max number of retries while attempting to remediate an unhealthy machine.\nA retry happens when a machine that was created as a replacement for an unhealthy machine also fails.\nFor example, given a control plane with three machines M1, M2, M3:\n\n\tM1 become unhealthy; remediation happens, and M1-1 is created as a replacement.\n\tIf M1-1 (replacement of M1) has problems while bootstrapping it will become unhealthy, and then be\n\tremediated; such operation is considered a retry, remediation-retry #1.\n\tIf M1-2 (replacement of M1-1) becomes unhealthy, remediation-retry #2 will happen, etc.\n\nA retry could happen only after retryPeriodSeconds from the previous retry.\nIf a machine is marked as unhealthy after minHealthyPeriodSeconds from the previous remediation expired,\nthis is not considered a retry anymore because the new issue is assumed unrelated from the previous one.\n\nIf not set, the remedation will be retried infinitely.", "format": "int32", "type": "integer" }, "minHealthyPeriodSeconds": { "description": "minHealthyPeriodSeconds defines the duration after which KCP will consider any failure to a machine unrelated\nfrom the previous one. In this case the remediation is not considered a retry anymore, and thus the retry\ncounter restarts from 0. For example, assuming minHealthyPeriodSeconds is set to 1h (default)\n\n\tM1 become unhealthy; remediation happens, and M1-1 is created as a replacement.\n\tIf M1-1 (replacement of M1) has problems within the 1hr after the creation, also\n\tthis machine will be remediated and this operation is considered a retry - a problem related\n\tto the original issue happened to M1 -.\n\n\tIf instead the problem on M1-1 is happening after minHealthyPeriodSeconds expired, e.g. four days after\n\tm1-1 has been created as a remediation of M1, the problem on M1-1 is considered unrelated to\n\tthe original issue happened to M1.\n\nIf not set, this value is defaulted to 1h.", "format": "int32", "minimum": 0, "type": "integer" }, "retryPeriodSeconds": { "description": "retryPeriodSeconds is the duration that KCP should wait before remediating a machine being created as a replacement\nfor an unhealthy machine (a retry).\n\nIf not set, a retry will happen immediately.", "format": "int32", "minimum": 0, "type": "integer" } }, "type": "object", "additionalProperties": false }, "replicas": { "description": "replicas is the number of desired machines. Defaults to 1. When stacked etcd is used only\nodd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members).\nThis is a pointer to distinguish between explicit zero and not specified.", "format": "int32", "type": "integer" }, "rollout": { "description": "rollout allows you to configure the behaviour of rolling updates to the control plane Machines.\nIt allows you to require that all Machines are replaced before or after a certain time,\nand allows you to define the strategy used during rolling replacements.", "minProperties": 1, "properties": { "after": { "description": "after is a field to indicate a rollout should be performed\nafter the specified time even if no changes have been made to the\nKubeadmControlPlane.\nExample: In the YAML the time can be specified in the RFC3339 format.\nTo specify the rolloutAfter target as March 9, 2023, at 9 am UTC\nuse \"2023-03-09T09:00:00Z\".", "format": "date-time", "type": "string" }, "before": { "description": "before is a field to indicate a rollout should be performed\nif the specified criteria is met.", "minProperties": 1, "properties": { "certificatesExpiryDays": { "description": "certificatesExpiryDays indicates a rollout needs to be performed if the\ncertificates of the machine will expire within the specified days.\nThe minimum for this field is 7.", "format": "int32", "minimum": 7, "type": "integer" } }, "type": "object", "additionalProperties": false }, "strategy": { "description": "strategy specifies how to roll out control plane Machines.", "minProperties": 1, "properties": { "rollingUpdate": { "description": "rollingUpdate is the rolling update config params. Present only if\ntype = RollingUpdate.", "minProperties": 1, "properties": { "maxSurge": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "description": "maxSurge is the maximum number of control planes that can be scheduled above or under the\ndesired number of control planes.\nValue can be an absolute number 1 or 0.\nDefaults to 1.\nExample: when this is set to 1, the control plane can be scaled\nup immediately when the rolling update starts.", "x-kubernetes-int-or-string": true } }, "type": "object", "additionalProperties": false }, "type": { "description": "type of rollout. Currently the only supported strategy is\n\"RollingUpdate\".\nDefault is RollingUpdate.", "enum": [ "RollingUpdate" ], "type": "string" } }, "required": [ "type" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "version": { "description": "version defines the desired Kubernetes version.\nPlease note that if kubeadmConfigSpec.ClusterConfiguration.imageRepository is not set\nwe don't allow upgrades to versions >= v1.22.0 for which kubeadm uses the old registry (k8s.gcr.io).\nPlease use a newer patch version with the new registry instead. The default registries of kubeadm are:\n * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0\n * k8s.gcr.io (old registry): all older versions", "maxLength": 256, "minLength": 1, "type": "string" } }, "required": [ "machineTemplate", "version" ], "type": "object", "additionalProperties": false }, "status": { "description": "status is the observed state of KubeadmControlPlane.", "minProperties": 1, "properties": { "availableReplicas": { "description": "availableReplicas is the number of available replicas targeted by this KubeadmControlPlane. A machine is considered available when Machine's Available condition is true.", "format": "int32", "type": "integer" }, "conditions": { "description": "conditions represents the observations of a KubeadmControlPlane's current state.\nKnown condition types are Available, CertificatesAvailable, EtcdClusterAvailable, MachinesReady, MachinesUpToDate,\nScalingUp, ScalingDown, Remediating, Deleting, Paused.", "items": { "description": "Condition contains details for one aspect of the current state of this API Resource.", "properties": { "lastTransitionTime": { "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "format": "date-time", "type": "string" }, "message": { "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", "maxLength": 32768, "type": "string" }, "observedGeneration": { "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", "format": "int64", "minimum": 0, "type": "integer" }, "reason": { "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", "maxLength": 1024, "minLength": 1, "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", "type": "string" }, "status": { "description": "status of the condition, one of True, False, Unknown.", "enum": [ "True", "False", "Unknown" ], "type": "string" }, "type": { "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", "type": "string" } }, "required": [ "lastTransitionTime", "message", "reason", "status", "type" ], "type": "object", "additionalProperties": false }, "maxItems": 32, "type": "array", "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, "deprecated": { "description": "deprecated groups all the status fields that are deprecated and will be removed when all the nested field are removed.", "properties": { "v1beta1": { "description": "v1beta1 groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped.", "properties": { "conditions": { "description": "conditions defines current service state of the KubeadmControlPlane.\n\nDeprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.", "items": { "description": "Condition defines an observation of a Cluster API resource operational state.", "properties": { "lastTransitionTime": { "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when\nthe API field changed is acceptable.", "format": "date-time", "type": "string" }, "message": { "description": "message is a human readable message indicating details about the transition.\nThis field may be empty.", "maxLength": 10240, "minLength": 1, "type": "string" }, "reason": { "description": "reason is the reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty.", "maxLength": 256, "minLength": 1, "type": "string" }, "severity": { "description": "severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False.", "maxLength": 32, "type": "string" }, "status": { "description": "status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { "description": "type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important.", "maxLength": 256, "minLength": 1, "type": "string" } }, "required": [ "lastTransitionTime", "status", "type" ], "type": "object", "additionalProperties": false }, "type": "array" }, "failureMessage": { "description": "failureMessage indicates that there is a terminal problem reconciling the\nstate, and will be set to a descriptive error message.\n\nDeprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.", "maxLength": 10240, "minLength": 1, "type": "string" }, "failureReason": { "description": "failureReason indicates that there is a terminal problem reconciling the\nstate, and will be set to a token value suitable for\nprogrammatic interpretation.\n\nDeprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.", "type": "string" }, "readyReplicas": { "description": "readyReplicas is the total number of fully running and ready control plane machines.\n\nDeprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.", "format": "int32", "type": "integer" }, "unavailableReplicas": { "description": "unavailableReplicas is the total number of unavailable machines targeted by this control plane.\nThis is the total number of machines that are still required for\nthe deployment to have 100% available capacity. They may either\nbe machines that are running but not yet ready or machines\nthat still have not been created.\n\nDeprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.", "format": "int32", "type": "integer" }, "updatedReplicas": { "description": "updatedReplicas is the total number of non-terminated machines targeted by this control plane\nthat have the desired template spec.\n\nDeprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.", "format": "int32", "type": "integer" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "initialization": { "description": "initialization provides observations of the KubeadmControlPlane initialization process.\nNOTE: Fields in this struct are part of the Cluster API contract and are used to orchestrate initial Machine provisioning.", "minProperties": 1, "properties": { "controlPlaneInitialized": { "description": "controlPlaneInitialized is true when the KubeadmControlPlane provider reports that the Kubernetes control plane is initialized;\nA control plane is considered initialized when it can accept requests, no matter if this happens before\nthe control plane is fully provisioned or not.\nNOTE: this field is part of the Cluster API contract, and it is used to orchestrate initial Machine provisioning.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "lastRemediation": { "description": "lastRemediation stores info about last remediation performed.", "properties": { "machine": { "description": "machine is the machine name of the latest machine being remediated.", "maxLength": 253, "minLength": 1, "type": "string" }, "retryCount": { "description": "retryCount used to keep track of remediation retry for the last remediated machine.\nA retry happens when a machine that was created as a replacement for an unhealthy machine also fails.", "format": "int32", "minimum": 0, "type": "integer" }, "time": { "description": "time is when last remediation happened. It is represented in RFC3339 form and is in UTC.", "format": "date-time", "type": "string" } }, "required": [ "machine", "retryCount", "time" ], "type": "object", "additionalProperties": false }, "observedGeneration": { "description": "observedGeneration is the latest generation observed by the controller.", "format": "int64", "minimum": 1, "type": "integer" }, "readyReplicas": { "description": "readyReplicas is the number of ready replicas for this KubeadmControlPlane. A machine is considered ready when Machine's Ready condition is true.", "format": "int32", "type": "integer" }, "replicas": { "description": "replicas is the total number of non-terminated machines targeted by this control plane\n(their labels match the selector).", "format": "int32", "type": "integer" }, "selector": { "description": "selector is the label selector in string format to avoid introspection\nby clients, and is used to provide the CRD-based integration for the\nscale subresource and additional integrations for things like kubectl\ndescribe.. The string will be in the same format as the query-param syntax.\nMore info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors", "maxLength": 4096, "minLength": 1, "type": "string" }, "upToDateReplicas": { "description": "upToDateReplicas is the number of up-to-date replicas targeted by this KubeadmControlPlane. A machine is considered up-to-date when Machine's UpToDate condition is true.", "format": "int32", "type": "integer" }, "version": { "description": "version represents the minimum Kubernetes version for the control plane machines\nin the cluster.", "maxLength": 256, "minLength": 1, "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "spec" ], "type": "object" }