1
0
forked from suse-edge/Factory
Factory/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml

2767 lines
154 KiB
YAML
Raw Permalink Normal View History

apiVersion: v1
kind: Namespace
metadata:
labels:
cluster.x-k8s.io/provider: bootstrap-rke2
control-plane: controller-manager
name: rke2-bootstrap-system
---
apiVersion: v1
data:
components: |
apiVersion: v1
kind: Namespace
metadata:
labels:
cluster.x-k8s.io/provider: bootstrap-rke2
control-plane: controller-manager
name: rke2-bootstrap-system
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
controller-gen.kubebuilder.io/version: v0.14.0
labels:
cluster.x-k8s.io/provider: bootstrap-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
name: rke2configs.bootstrap.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
name: rke2-bootstrap-webhook-service
namespace: rke2-bootstrap-system
path: /convert
conversionReviewVersions:
- v1
- v1beta1
group: bootstrap.cluster.x-k8s.io
names:
kind: RKE2Config
listKind: RKE2ConfigList
plural: rke2configs
singular: rke2config
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: RKE2Config is the Schema for the rke2configs API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: RKE2ConfigSpec defines the desired state of RKE2Config.
properties:
agentConfig:
description: AgentConfig specifies configuration for the agent nodes.
properties:
additionalUserData:
description: |-
AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the
generated cloud-init/ignition script.
properties:
config:
description: |-
In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp".
Deprecated: Data is reserved for the arbitrary cloud-init data
type: string
data:
additionalProperties:
type: string
description: |-
Data allows to pass arbitrary set of key/value pairs consistent with
https://cloudinit.readthedocs.io/en/latest/reference/modules.html
to extend existing cloud-init configuration
type: object
strict:
description: Strict controls if Config should be strictly
parsed. If so, warnings are treated as errors.
type: boolean
type: object
x-kubernetes-validations:
- message: Only config or data could be populated at once
rule: '!has(self.data) || !has(self.config)'
airGapped:
description: |-
AirGapped is a boolean value to define if the bootstrapping should be air-gapped,
basically supposing that online container registries and RKE2 install scripts are not reachable.
type: boolean
cisProfile:
description: CISProfile activates CIS compliance of RKE2 for a
certain profile
enum:
- cis
- cis-1.23
- cis-1.5
- cis-1.6
type: string
containerRuntimeEndpoint:
description: ContainerRuntimeEndpoint Disable embedded containerd
and use alternative CRI implementation.
type: string
dataDir:
description: DataDir Folder to hold state.
type: string
enableContainerdSElinux:
description: |-
EnableContainerdSElinux defines the policy for enabling SELinux for Containerd
if value is true, Containerd will run with selinux-enabled=true flag
if value is false, Containerd will run without the above flag
type: boolean
format:
description: Format specifies the output format of the bootstrap
data. Defaults to cloud-config.
enum:
- cloud-config
- ignition
type: string
imageCredentialProviderConfigMap:
description: |-
ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config
The config map should contain a key "credential-config.yaml" with YAML file content and
a key "credential-provider-binaries" with the a path to the binaries for the credential provider.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
kubeProxy:
description: KubeProxyArgs Customized flag for kube-proxy process.
properties:
extraArgs:
description: 'ExtraArgs is a list of command line arguments
(format: flag=value) to pass to a Kubernetes Component command.'
items:
type: string
type: array
extraEnv:
additionalProperties:
type: string
description: ExtraEnv is a map of environment variables to
pass on to a Kubernetes Component command.
type: object
extraMounts:
additionalProperties:
type: string
description: ExtraMounts is a map of volume mounts to be added
for the Kubernetes component StaticPod
type: object
overrideImage:
description: OverrideImage is a string that references a container
image to override the default one for the Kubernetes Component
type: string
type: object
kubelet:
description: KubeletArgs Customized flag for kubelet process.
properties:
extraArgs:
description: 'ExtraArgs is a list of command line arguments
(format: flag=value) to pass to a Kubernetes Component command.'
items:
type: string
type: array
extraEnv:
additionalProperties:
type: string
description: ExtraEnv is a map of environment variables to
pass on to a Kubernetes Component command.
type: object
extraMounts:
additionalProperties:
type: string
description: ExtraMounts is a map of volume mounts to be added
for the Kubernetes component StaticPod
type: object
overrideImage:
description: OverrideImage is a string that references a container
image to override the default one for the Kubernetes Component
type: string
type: object
kubeletPath:
description: KubeletPath Override kubelet binary path.
type: string
loadBalancerPort:
description: |-
LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are
not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444).
type: integer
nodeAnnotations:
additionalProperties:
type: string
description: |-
NodeAnnotations are annotations that are created on nodes post bootstrap phase.
Unfortunately it is not possible to apply annotations via kubelet
using current bootstrap configurations.
Issue: https://github.com/kubernetes/kubernetes/issues/108046
type: object
nodeLabels:
description: NodeLabels Registering and starting kubelet with
set of labels.
items:
type: string
type: array
nodeName:
description: NodeNamePrefix Prefix to the Node Name that CAPI
will generate.
type: string
nodeTaints:
description: NodeTaints Registering kubelet with set of taints.
items:
type: string
type: array
ntp:
description: NTP specifies NTP configuration
properties:
enabled:
description: Enabled specifies whether NTP should be enabled
type: boolean
servers:
description: Servers specifies which NTP servers to use
items:
type: string
type: array
type: object
protectKernelDefaults:
description: |-
ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
if false, kernel tunable can be different from kubelet defaults
type: boolean
resolvConf:
description: ResolvConf is a reference to a ConfigMap containing
resolv.conf content for the node.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
runtimeImage:
description: RuntimeImage override image to use for runtime binaries
(containerd, kubectl, crictl, etc).
type: string
snapshotter:
description: 'Snapshotter override default containerd snapshotter
(default: "overlayfs").'
type: string
systemDefaultRegistry:
description: SystemDefaultRegistry Private registry to be used
for all system images.
type: string
version:
description: Version specifies the rke2 version.
type: string
type: object
files:
description: Files specifies extra files to be passed to user_data
upon creation.
items:
description: File defines the input for generating write_files in
cloud-init.
properties:
content:
description: Content is the actual content of the file.
type: string
contentFrom:
description: ContentFrom is a referenced source of content to
populate the file.
properties:
secret:
description: SecretFileSource represents a secret that should
populate this file.
properties:
key:
description: Key is the key in the secret's data map
for this value.
type: string
name:
description: Name of the secret in the RKE2BootstrapConfig's
namespace to use.
type: string
required:
- key
- name
type: object
required:
- secret
type: object
encoding:
description: Encoding specifies the encoding of the file contents.
enum:
- base64
- gzip
- gzip+base64
type: string
owner:
description: Owner specifies the ownership of the file, e.g.
"root:root".
type: string
path:
description: Path specifies the full path on disk where to store
the file.
type: string
permissions:
description: Permissions specifies the permissions to assign
to the file, e.g. "0640".
type: string
required:
- path
type: object
type: array
postRKE2Commands:
description: PostRKE2Commands specifies extra commands to run after
rke2 setup runs.
items:
type: string
type: array
preRKE2Commands:
description: PreRKE2Commands specifies extra commands to run before
rke2 setup runs.
items:
type: string
type: array
privateRegistriesConfig:
description: PrivateRegistriesConfig defines the containerd configuration
for private registries and local registry mirrors.
properties:
configs:
additionalProperties:
description: RegistryConfig contains configuration used to communicate
with the registry.
properties:
authSecret:
description: |-
Auth si a reference to a Secret containing information to authenticate to the registry.
The Secret must provite a username and a password data entry.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
tls:
description: |-
TLS is a pair of CA/Cert/Key which then are used when creating the transport
that communicates with the registry.
properties:
insecureSkipVerify:
description: InsecureSkipVerify may be set to false
to skip verifying the registry's certificate, default
is true.
type: boolean
tlsConfigSecret:
description: |-
TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt
which describe the TLS configuration necessary to connect to the registry.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
type: object
type: object
description: |-
Configs are configs for each registry.
The key is the FDQN or IP of the registry.
type: object
mirrors:
additionalProperties:
description: Mirror contains the config related to the registry
mirror.
properties:
endpoint:
description: |-
Endpoints are endpoints for a namespace. CRI plugin will try the endpoints
one by one until a working one is found. The endpoint must be a valid url
with host specified.
The scheme, host and path from the endpoint URL will be used.
items:
type: string
type: array
rewrite:
additionalProperties:
type: string
description: |-
Rewrites are repository rewrite rules for a namespace. When fetching image resources
from an endpoint and a key matches the repository via regular expression matching
it will be replaced with the corresponding value from the map in the resource request.
type: object
type: object
description: Mirrors are namespace to mirror mapping for all namespaces.
type: object
type: object
type: object
status:
description: RKE2ConfigStatus defines the observed state of RKE2Config.
properties:
conditions:
description: Conditions defines current service state of the RKE2Config.
items:
description: Condition defines an observation of a Cluster API resource
operational state.
properties:
lastTransitionTime:
description: |-
Last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when
the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
A human readable message indicating details about the transition.
This field may be empty.
type: string
reason:
description: |-
The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may not be empty.
type: string
severity:
description: |-
Severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string
required:
- lastTransitionTime
- status
- type
type: object
type: array
dataSecretName:
description: DataSecretName is the name of the secret that stores
the bootstrap data script.
type: string
failureMessage:
description: FailureMessage will be set on non-retryable errors.
type: string
failureReason:
description: FailureReason will be set on non-retryable errors.
type: string
observedGeneration:
description: ObservedGeneration is the latest generation observed
by the controller.
format: int64
type: integer
ready:
description: Ready indicates the BootstrapData field is ready to be
consumed.
type: boolean
type: object
type: object
served: true
storage: false
subresources:
status: {}
- name: v1beta1
schema:
openAPIV3Schema:
description: RKE2Config is the Schema for the rke2configs API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: RKE2ConfigSpec defines the desired state of RKE2Config.
properties:
agentConfig:
description: AgentConfig specifies configuration for the agent nodes.
properties:
additionalUserData:
description: |-
AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the
generated cloud-init/ignition script.
properties:
config:
description: |-
In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp".
type: string
data:
additionalProperties:
type: string
description: |-
Data allows to pass arbitrary set of key/value pairs consistent with
https://cloudinit.readthedocs.io/en/latest/reference/modules.html
to extend existing cloud-init configuration
type: object
strict:
description: Strict controls if Config should be strictly
parsed. If so, warnings are treated as errors.
type: boolean
type: object
x-kubernetes-validations:
- message: Only config or data could be populated at once
rule: '!has(self.data) || !has(self.config)'
airGapped:
description: |-
AirGapped is a boolean value to define if the bootstrapping should be air-gapped,
basically supposing that online container registries and RKE2 install scripts are not reachable.
type: boolean
airGappedChecksum:
description: |-
AirGappedChecksum is a string value with a sha256sum checksum to compare with checksum
of existing sha256sum-<arch>.txt file for packages already available on the machine
before performing air-gapped installation.
type: string
cisProfile:
description: CISProfile activates CIS compliance of RKE2 for a
certain profile
enum:
- cis
- cis-1.23
- cis-1.5
- cis-1.6
type: string
containerRuntimeEndpoint:
description: ContainerRuntimeEndpoint Disable embedded containerd
and use alternative CRI implementation.
type: string
dataDir:
description: DataDir Folder to hold state.
type: string
enableContainerdSElinux:
description: |-
EnableContainerdSElinux defines the policy for enabling SELinux for Containerd
if value is true, Containerd will run with selinux-enabled=true flag
if value is false, Containerd will run without the above flag
type: boolean
format:
description: Format specifies the output format of the bootstrap
data. Defaults to cloud-config.
enum:
- cloud-config
- ignition
type: string
imageCredentialProviderConfigMap:
description: |-
ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config
The config map should contain a key "credential-config.yaml" with YAML file content and
a key "credential-provider-binaries" with the a path to the binaries for the credential provider.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
kubeProxy:
description: KubeProxyArgs Customized flag for kube-proxy process.
properties:
extraArgs:
description: 'ExtraArgs is a list of command line arguments
(format: flag=value) to pass to a Kubernetes Component command.'
items:
type: string
type: array
extraEnv:
additionalProperties:
type: string
description: ExtraEnv is a map of environment variables to
pass on to a Kubernetes Component command.
type: object
extraMounts:
additionalProperties:
type: string
description: ExtraMounts is a map of volume mounts to be added
for the Kubernetes component StaticPod
type: object
overrideImage:
description: OverrideImage is a string that references a container
image to override the default one for the Kubernetes Component
type: string
type: object
kubelet:
description: KubeletArgs Customized flag for kubelet process.
properties:
extraArgs:
description: 'ExtraArgs is a list of command line arguments
(format: flag=value) to pass to a Kubernetes Component command.'
items:
type: string
type: array
extraEnv:
additionalProperties:
type: string
description: ExtraEnv is a map of environment variables to
pass on to a Kubernetes Component command.
type: object
extraMounts:
additionalProperties:
type: string
description: ExtraMounts is a map of volume mounts to be added
for the Kubernetes component StaticPod
type: object
overrideImage:
description: OverrideImage is a string that references a container
image to override the default one for the Kubernetes Component
type: string
type: object
kubeletPath:
description: KubeletPath Override kubelet binary path.
type: string
loadBalancerPort:
description: |-
LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are
not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444).
type: integer
nodeAnnotations:
additionalProperties:
type: string
description: |-
NodeAnnotations are annotations that are created on nodes post bootstrap phase.
Unfortunately it is not possible to apply annotations via kubelet
using current bootstrap configurations.
Issue: https://github.com/kubernetes/kubernetes/issues/108046
type: object
nodeLabels:
description: NodeLabels Registering and starting kubelet with
set of labels.
items:
type: string
type: array
nodeName:
description: NodeNamePrefix Prefix to the Node Name that CAPI
will generate.
type: string
nodeTaints:
description: NodeTaints Registering kubelet with set of taints.
items:
type: string
type: array
ntp:
description: NTP specifies NTP configuration
properties:
enabled:
description: Enabled specifies whether NTP should be enabled
type: boolean
servers:
description: Servers specifies which NTP servers to use
items:
type: string
type: array
type: object
podSecurityAdmissionConfigFile:
description: |-
PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through
spec.Files field.
type: string
protectKernelDefaults:
description: |-
ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
if false, kernel tunable can be different from kubelet defaults
type: boolean
resolvConf:
description: ResolvConf is a reference to a ConfigMap containing
resolv.conf content for the node.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
runtimeImage:
description: RuntimeImage override image to use for runtime binaries
(containerd, kubectl, crictl, etc).
type: string
snapshotter:
description: 'Snapshotter override default containerd snapshotter
(default: "overlayfs").'
type: string
systemDefaultRegistry:
description: SystemDefaultRegistry Private registry to be used
for all system images.
type: string
type: object
files:
description: Files specifies extra files to be passed to user_data
upon creation.
items:
description: File defines the input for generating write_files in
cloud-init.
properties:
content:
description: Content is the actual content of the file.
type: string
contentFrom:
description: ContentFrom is a referenced source of content to
populate the file.
properties:
secret:
description: SecretFileSource represents a secret that should
populate this file.
properties:
key:
description: Key is the key in the secret's data map
for this value.
type: string
name:
description: Name of the secret in the RKE2BootstrapConfig's
namespace to use.
type: string
required:
- key
- name
type: object
required:
- secret
type: object
encoding:
description: Encoding specifies the encoding of the file contents.
enum:
- base64
- gzip
- gzip+base64
type: string
owner:
description: Owner specifies the ownership of the file, e.g.
"root:root".
type: string
path:
description: Path specifies the full path on disk where to store
the file.
type: string
permissions:
description: Permissions specifies the permissions to assign
to the file, e.g. "0640".
type: string
required:
- path
type: object
type: array
postRKE2Commands:
description: PostRKE2Commands specifies extra commands to run after
rke2 setup runs.
items:
type: string
type: array
preRKE2Commands:
description: PreRKE2Commands specifies extra commands to run before
rke2 setup runs.
items:
type: string
type: array
privateRegistriesConfig:
description: PrivateRegistriesConfig defines the containerd configuration
for private registries and local registry mirrors.
properties:
configs:
additionalProperties:
description: RegistryConfig contains configuration used to communicate
with the registry.
properties:
authSecret:
description: |-
Auth is a reference to a Secret containing information to authenticate to the registry.
The Secret must provite a username and a password data entry.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
tls:
description: |-
TLS is a pair of CA/Cert/Key which then are used when creating the transport
that communicates with the registry.
properties:
insecureSkipVerify:
description: InsecureSkipVerify may be set to false
to skip verifying the registry's certificate, default
is true.
type: boolean
tlsConfigSecret:
description: |-
TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt
which describe the TLS configuration necessary to connect to the registry.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
type: object
type: object
description: |-
Configs are configs for each registry.
The key is the FDQN or IP of the registry.
type: object
mirrors:
additionalProperties:
description: Mirror contains the config related to the registry
mirror.
properties:
endpoint:
description: |-
Endpoints are endpoints for a namespace. CRI plugin will try the endpoints
one by one until a working one is found. The endpoint must be a valid url
with host specified.
The scheme, host and path from the endpoint URL will be used.
items:
type: string
type: array
rewrite:
additionalProperties:
type: string
description: |-
Rewrites are repository rewrite rules for a namespace. When fetching image resources
from an endpoint and a key matches the repository via regular expression matching
it will be replaced with the corresponding value from the map in the resource request.
type: object
type: object
description: Mirrors are namespace to mirror mapping for all namespaces.
type: object
type: object
type: object
status:
description: RKE2ConfigStatus defines the observed state of RKE2Config.
properties:
conditions:
description: Conditions defines current service state of the RKE2Config.
items:
description: Condition defines an observation of a Cluster API resource
operational state.
properties:
lastTransitionTime:
description: |-
Last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when
the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
A human readable message indicating details about the transition.
This field may be empty.
type: string
reason:
description: |-
The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may not be empty.
type: string
severity:
description: |-
Severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string
required:
- lastTransitionTime
- status
- type
type: object
type: array
dataSecretName:
description: DataSecretName is the name of the secret that stores
the bootstrap data script.
type: string
failureMessage:
description: FailureMessage will be set on non-retryable errors.
type: string
failureReason:
description: FailureReason will be set on non-retryable errors.
type: string
observedGeneration:
description: ObservedGeneration is the latest generation observed
by the controller.
format: int64
type: integer
ready:
description: Ready indicates the BootstrapData field is ready to be
consumed.
type: boolean
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
controller-gen.kubebuilder.io/version: v0.14.0
labels:
cluster.x-k8s.io/provider: bootstrap-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
name: rke2configtemplates.bootstrap.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
name: rke2-bootstrap-webhook-service
namespace: rke2-bootstrap-system
path: /convert
conversionReviewVersions:
- v1
group: bootstrap.cluster.x-k8s.io
names:
kind: RKE2ConfigTemplate
listKind: RKE2ConfigTemplateList
plural: rke2configtemplates
singular: rke2configtemplate
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: RKE2ConfigTemplate is the Schema for the RKE2configtemplates
API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: Spec details the RKE2ConfigTemplate specification.
properties:
template:
description: "Template references a RKE2ConfigTemplate, which is used
to include an RKE2ConfigSpec struct.\n\tThis is used to include
a desired RKE2ConfigSpec configuration when an RKE2Config resource
is generated by a MachineDeployment resource."
properties:
spec:
description: Spec is the RKE2ConfigSpec that should be used for
the template.
properties:
agentConfig:
description: AgentConfig specifies configuration for the agent
nodes.
properties:
additionalUserData:
description: |-
AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the
generated cloud-init/ignition script.
properties:
config:
description: |-
In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp".
Deprecated: Data is reserved for the arbitrary cloud-init data
type: string
data:
additionalProperties:
type: string
description: |-
Data allows to pass arbitrary set of key/value pairs consistent with
https://cloudinit.readthedocs.io/en/latest/reference/modules.html
to extend existing cloud-init configuration
type: object
strict:
description: Strict controls if Config should be strictly
parsed. If so, warnings are treated as errors.
type: boolean
type: object
x-kubernetes-validations:
- message: Only config or data could be populated at once
rule: '!has(self.data) || !has(self.config)'
airGapped:
description: |-
AirGapped is a boolean value to define if the bootstrapping should be air-gapped,
basically supposing that online container registries and RKE2 install scripts are not reachable.
type: boolean
cisProfile:
description: CISProfile activates CIS compliance of RKE2
for a certain profile
enum:
- cis
- cis-1.23
- cis-1.5
- cis-1.6
type: string
containerRuntimeEndpoint:
description: ContainerRuntimeEndpoint Disable embedded
containerd and use alternative CRI implementation.
type: string
dataDir:
description: DataDir Folder to hold state.
type: string
enableContainerdSElinux:
description: |-
EnableContainerdSElinux defines the policy for enabling SELinux for Containerd
if value is true, Containerd will run with selinux-enabled=true flag
if value is false, Containerd will run without the above flag
type: boolean
format:
description: Format specifies the output format of the
bootstrap data. Defaults to cloud-config.
enum:
- cloud-config
- ignition
type: string
imageCredentialProviderConfigMap:
description: |-
ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config
The config map should contain a key "credential-config.yaml" with YAML file content and
a key "credential-provider-binaries" with the a path to the binaries for the credential provider.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
kubeProxy:
description: KubeProxyArgs Customized flag for kube-proxy
process.
properties:
extraArgs:
description: 'ExtraArgs is a list of command line
arguments (format: flag=value) to pass to a Kubernetes
Component command.'
items:
type: string
type: array
extraEnv:
additionalProperties:
type: string
description: ExtraEnv is a map of environment variables
to pass on to a Kubernetes Component command.
type: object
extraMounts:
additionalProperties:
type: string
description: ExtraMounts is a map of volume mounts
to be added for the Kubernetes component StaticPod
type: object
overrideImage:
description: OverrideImage is a string that references
a container image to override the default one for
the Kubernetes Component
type: string
type: object
kubelet:
description: KubeletArgs Customized flag for kubelet process.
properties:
extraArgs:
description: 'ExtraArgs is a list of command line
arguments (format: flag=value) to pass to a Kubernetes
Component command.'
items:
type: string
type: array
extraEnv:
additionalProperties:
type: string
description: ExtraEnv is a map of environment variables
to pass on to a Kubernetes Component command.
type: object
extraMounts:
additionalProperties:
type: string
description: ExtraMounts is a map of volume mounts
to be added for the Kubernetes component StaticPod
type: object
overrideImage:
description: OverrideImage is a string that references
a container image to override the default one for
the Kubernetes Component
type: string
type: object
kubeletPath:
description: KubeletPath Override kubelet binary path.
type: string
loadBalancerPort:
description: |-
LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are
not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444).
type: integer
nodeAnnotations:
additionalProperties:
type: string
description: |-
NodeAnnotations are annotations that are created on nodes post bootstrap phase.
Unfortunately it is not possible to apply annotations via kubelet
using current bootstrap configurations.
Issue: https://github.com/kubernetes/kubernetes/issues/108046
type: object
nodeLabels:
description: NodeLabels Registering and starting kubelet
with set of labels.
items:
type: string
type: array
nodeName:
description: NodeNamePrefix Prefix to the Node Name that
CAPI will generate.
type: string
nodeTaints:
description: NodeTaints Registering kubelet with set of
taints.
items:
type: string
type: array
ntp:
description: NTP specifies NTP configuration
properties:
enabled:
description: Enabled specifies whether NTP should
be enabled
type: boolean
servers:
description: Servers specifies which NTP servers to
use
items:
type: string
type: array
type: object
protectKernelDefaults:
description: |-
ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
if false, kernel tunable can be different from kubelet defaults
type: boolean
resolvConf:
description: ResolvConf is a reference to a ConfigMap
containing resolv.conf content for the node.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
runtimeImage:
description: RuntimeImage override image to use for runtime
binaries (containerd, kubectl, crictl, etc).
type: string
snapshotter:
description: 'Snapshotter override default containerd
snapshotter (default: "overlayfs").'
type: string
systemDefaultRegistry:
description: SystemDefaultRegistry Private registry to
be used for all system images.
type: string
version:
description: Version specifies the rke2 version.
type: string
type: object
files:
description: Files specifies extra files to be passed to user_data
upon creation.
items:
description: File defines the input for generating write_files
in cloud-init.
properties:
content:
description: Content is the actual content of the file.
type: string
contentFrom:
description: ContentFrom is a referenced source of content
to populate the file.
properties:
secret:
description: SecretFileSource represents a secret
that should populate this file.
properties:
key:
description: Key is the key in the secret's
data map for this value.
type: string
name:
description: Name of the secret in the RKE2BootstrapConfig's
namespace to use.
type: string
required:
- key
- name
type: object
required:
- secret
type: object
encoding:
description: Encoding specifies the encoding of the
file contents.
enum:
- base64
- gzip
- gzip+base64
type: string
owner:
description: Owner specifies the ownership of the file,
e.g. "root:root".
type: string
path:
description: Path specifies the full path on disk where
to store the file.
type: string
permissions:
description: Permissions specifies the permissions to
assign to the file, e.g. "0640".
type: string
required:
- path
type: object
type: array
postRKE2Commands:
description: PostRKE2Commands specifies extra commands to
run after rke2 setup runs.
items:
type: string
type: array
preRKE2Commands:
description: PreRKE2Commands specifies extra commands to run
before rke2 setup runs.
items:
type: string
type: array
privateRegistriesConfig:
description: PrivateRegistriesConfig defines the containerd
configuration for private registries and local registry
mirrors.
properties:
configs:
additionalProperties:
description: RegistryConfig contains configuration used
to communicate with the registry.
properties:
authSecret:
description: |-
Auth si a reference to a Secret containing information to authenticate to the registry.
The Secret must provite a username and a password data entry.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
tls:
description: |-
TLS is a pair of CA/Cert/Key which then are used when creating the transport
that communicates with the registry.
properties:
insecureSkipVerify:
description: InsecureSkipVerify may be set to
false to skip verifying the registry's certificate,
default is true.
type: boolean
tlsConfigSecret:
description: |-
TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt
which describe the TLS configuration necessary to connect to the registry.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
type: object
type: object
description: |-
Configs are configs for each registry.
The key is the FDQN or IP of the registry.
type: object
mirrors:
additionalProperties:
description: Mirror contains the config related to the
registry mirror.
properties:
endpoint:
description: |-
Endpoints are endpoints for a namespace. CRI plugin will try the endpoints
one by one until a working one is found. The endpoint must be a valid url
with host specified.
The scheme, host and path from the endpoint URL will be used.
items:
type: string
type: array
rewrite:
additionalProperties:
type: string
description: |-
Rewrites are repository rewrite rules for a namespace. When fetching image resources
from an endpoint and a key matches the repository via regular expression matching
it will be replaced with the corresponding value from the map in the resource request.
type: object
type: object
description: Mirrors are namespace to mirror mapping for
all namespaces.
type: object
type: object
type: object
required:
- spec
type: object
required:
- template
type: object
required:
- spec
type: object
served: true
storage: false
subresources:
status: {}
- name: v1beta1
schema:
openAPIV3Schema:
description: RKE2ConfigTemplate is the Schema for the RKE2configtemplates
API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: Spec details the RKE2ConfigTemplate specification.
properties:
template:
description: "Template references a RKE2ConfigTemplate, which is used
to include an RKE2ConfigSpec struct.\n\tThis is used to include
a desired RKE2ConfigSpec configuration when an RKE2Config resource
is generated by a MachineDeployment resource."
properties:
spec:
description: Spec is the RKE2ConfigSpec that should be used for
the template.
properties:
agentConfig:
description: AgentConfig specifies configuration for the agent
nodes.
properties:
additionalUserData:
description: |-
AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the
generated cloud-init/ignition script.
properties:
config:
description: |-
In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp".
type: string
data:
additionalProperties:
type: string
description: |-
Data allows to pass arbitrary set of key/value pairs consistent with
https://cloudinit.readthedocs.io/en/latest/reference/modules.html
to extend existing cloud-init configuration
type: object
strict:
description: Strict controls if Config should be strictly
parsed. If so, warnings are treated as errors.
type: boolean
type: object
x-kubernetes-validations:
- message: Only config or data could be populated at once
rule: '!has(self.data) || !has(self.config)'
airGapped:
description: |-
AirGapped is a boolean value to define if the bootstrapping should be air-gapped,
basically supposing that online container registries and RKE2 install scripts are not reachable.
type: boolean
airGappedChecksum:
description: |-
AirGappedChecksum is a string value with a sha256sum checksum to compare with checksum
of existing sha256sum-<arch>.txt file for packages already available on the machine
before performing air-gapped installation.
type: string
cisProfile:
description: CISProfile activates CIS compliance of RKE2
for a certain profile
enum:
- cis
- cis-1.23
- cis-1.5
- cis-1.6
type: string
containerRuntimeEndpoint:
description: ContainerRuntimeEndpoint Disable embedded
containerd and use alternative CRI implementation.
type: string
dataDir:
description: DataDir Folder to hold state.
type: string
enableContainerdSElinux:
description: |-
EnableContainerdSElinux defines the policy for enabling SELinux for Containerd
if value is true, Containerd will run with selinux-enabled=true flag
if value is false, Containerd will run without the above flag
type: boolean
format:
description: Format specifies the output format of the
bootstrap data. Defaults to cloud-config.
enum:
- cloud-config
- ignition
type: string
imageCredentialProviderConfigMap:
description: |-
ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config
The config map should contain a key "credential-config.yaml" with YAML file content and
a key "credential-provider-binaries" with the a path to the binaries for the credential provider.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
kubeProxy:
description: KubeProxyArgs Customized flag for kube-proxy
process.
properties:
extraArgs:
description: 'ExtraArgs is a list of command line
arguments (format: flag=value) to pass to a Kubernetes
Component command.'
items:
type: string
type: array
extraEnv:
additionalProperties:
type: string
description: ExtraEnv is a map of environment variables
to pass on to a Kubernetes Component command.
type: object
extraMounts:
additionalProperties:
type: string
description: ExtraMounts is a map of volume mounts
to be added for the Kubernetes component StaticPod
type: object
overrideImage:
description: OverrideImage is a string that references
a container image to override the default one for
the Kubernetes Component
type: string
type: object
kubelet:
description: KubeletArgs Customized flag for kubelet process.
properties:
extraArgs:
description: 'ExtraArgs is a list of command line
arguments (format: flag=value) to pass to a Kubernetes
Component command.'
items:
type: string
type: array
extraEnv:
additionalProperties:
type: string
description: ExtraEnv is a map of environment variables
to pass on to a Kubernetes Component command.
type: object
extraMounts:
additionalProperties:
type: string
description: ExtraMounts is a map of volume mounts
to be added for the Kubernetes component StaticPod
type: object
overrideImage:
description: OverrideImage is a string that references
a container image to override the default one for
the Kubernetes Component
type: string
type: object
kubeletPath:
description: KubeletPath Override kubelet binary path.
type: string
loadBalancerPort:
description: |-
LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are
not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444).
type: integer
nodeAnnotations:
additionalProperties:
type: string
description: |-
NodeAnnotations are annotations that are created on nodes post bootstrap phase.
Unfortunately it is not possible to apply annotations via kubelet
using current bootstrap configurations.
Issue: https://github.com/kubernetes/kubernetes/issues/108046
type: object
nodeLabels:
description: NodeLabels Registering and starting kubelet
with set of labels.
items:
type: string
type: array
nodeName:
description: NodeNamePrefix Prefix to the Node Name that
CAPI will generate.
type: string
nodeTaints:
description: NodeTaints Registering kubelet with set of
taints.
items:
type: string
type: array
ntp:
description: NTP specifies NTP configuration
properties:
enabled:
description: Enabled specifies whether NTP should
be enabled
type: boolean
servers:
description: Servers specifies which NTP servers to
use
items:
type: string
type: array
type: object
podSecurityAdmissionConfigFile:
description: |-
PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through
spec.Files field.
type: string
protectKernelDefaults:
description: |-
ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
if false, kernel tunable can be different from kubelet defaults
type: boolean
resolvConf:
description: ResolvConf is a reference to a ConfigMap
containing resolv.conf content for the node.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
runtimeImage:
description: RuntimeImage override image to use for runtime
binaries (containerd, kubectl, crictl, etc).
type: string
snapshotter:
description: 'Snapshotter override default containerd
snapshotter (default: "overlayfs").'
type: string
systemDefaultRegistry:
description: SystemDefaultRegistry Private registry to
be used for all system images.
type: string
type: object
files:
description: Files specifies extra files to be passed to user_data
upon creation.
items:
description: File defines the input for generating write_files
in cloud-init.
properties:
content:
description: Content is the actual content of the file.
type: string
contentFrom:
description: ContentFrom is a referenced source of content
to populate the file.
properties:
secret:
description: SecretFileSource represents a secret
that should populate this file.
properties:
key:
description: Key is the key in the secret's
data map for this value.
type: string
name:
description: Name of the secret in the RKE2BootstrapConfig's
namespace to use.
type: string
required:
- key
- name
type: object
required:
- secret
type: object
encoding:
description: Encoding specifies the encoding of the
file contents.
enum:
- base64
- gzip
- gzip+base64
type: string
owner:
description: Owner specifies the ownership of the file,
e.g. "root:root".
type: string
path:
description: Path specifies the full path on disk where
to store the file.
type: string
permissions:
description: Permissions specifies the permissions to
assign to the file, e.g. "0640".
type: string
required:
- path
type: object
type: array
postRKE2Commands:
description: PostRKE2Commands specifies extra commands to
run after rke2 setup runs.
items:
type: string
type: array
preRKE2Commands:
description: PreRKE2Commands specifies extra commands to run
before rke2 setup runs.
items:
type: string
type: array
privateRegistriesConfig:
description: PrivateRegistriesConfig defines the containerd
configuration for private registries and local registry
mirrors.
properties:
configs:
additionalProperties:
description: RegistryConfig contains configuration used
to communicate with the registry.
properties:
authSecret:
description: |-
Auth is a reference to a Secret containing information to authenticate to the registry.
The Secret must provite a username and a password data entry.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
tls:
description: |-
TLS is a pair of CA/Cert/Key which then are used when creating the transport
that communicates with the registry.
properties:
insecureSkipVerify:
description: InsecureSkipVerify may be set to
false to skip verifying the registry's certificate,
default is true.
type: boolean
tlsConfigSecret:
description: |-
TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt
which describe the TLS configuration necessary to connect to the registry.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
type: object
type: object
description: |-
Configs are configs for each registry.
The key is the FDQN or IP of the registry.
type: object
mirrors:
additionalProperties:
description: Mirror contains the config related to the
registry mirror.
properties:
endpoint:
description: |-
Endpoints are endpoints for a namespace. CRI plugin will try the endpoints
one by one until a working one is found. The endpoint must be a valid url
with host specified.
The scheme, host and path from the endpoint URL will be used.
items:
type: string
type: array
rewrite:
additionalProperties:
type: string
description: |-
Rewrites are repository rewrite rules for a namespace. When fetching image resources
from an endpoint and a key matches the repository via regular expression matching
it will be replaced with the corresponding value from the map in the resource request.
type: object
type: object
description: Mirrors are namespace to mirror mapping for
all namespaces.
type: object
type: object
type: object
required:
- spec
type: object
required:
- template
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
cluster.x-k8s.io/provider: bootstrap-rke2
name: rke2-bootstrap-manager
namespace: rke2-bootstrap-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
cluster.x-k8s.io/provider: bootstrap-rke2
name: rke2-bootstrap-leader-election-role
namespace: rke2-bootstrap-system
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
cluster.x-k8s.io/provider: bootstrap-rke2
name: rke2-bootstrap-manager-role
rules:
- apiGroups:
- ""
resources:
- configmaps
- events
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- bootstrap.cluster.x-k8s.io
resources:
- rke2configs
- rke2configs/finalizers
- rke2configs/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters
- clusters/status
- machinepools
- machinepools/status
- machines
- machines/status
- machinesets
verbs:
- get
- list
- watch
- apiGroups:
- controlplane.cluster.x-k8s.io
resources:
- rke2controlplanes
- rke2controlplanes/status
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
cluster.x-k8s.io/provider: bootstrap-rke2
name: rke2-bootstrap-leader-election-rolebinding
namespace: rke2-bootstrap-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: rke2-bootstrap-leader-election-role
subjects:
- kind: ServiceAccount
name: rke2-bootstrap-manager
namespace: rke2-bootstrap-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
cluster.x-k8s.io/provider: bootstrap-rke2
name: rke2-bootstrap-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: rke2-bootstrap-manager-role
subjects:
- kind: ServiceAccount
name: rke2-bootstrap-manager
namespace: rke2-bootstrap-system
---
apiVersion: v1
kind: Service
metadata:
labels:
cluster.x-k8s.io/provider: bootstrap-rke2
name: rke2-bootstrap-webhook-service
namespace: rke2-bootstrap-system
spec:
ports:
- port: 443
targetPort: webhook-server
selector:
cluster.x-k8s.io/provider: bootstrap-rke2
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
cluster.x-k8s.io/provider: bootstrap-rke2
control-plane: controller-manager
name: rke2-bootstrap-controller-manager
namespace: rke2-bootstrap-system
spec:
replicas: 1
selector:
matchLabels:
cluster.x-k8s.io/provider: bootstrap-rke2
control-plane: controller-manager
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: manager
labels:
cluster.x-k8s.io/provider: bootstrap-rke2
control-plane: controller-manager
spec:
containers:
- args:
- --leader-elect
- --diagnostics-address=${CAPRKE2_DIAGNOSTICS_ADDRESS:=:8443}
- --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
command:
- /manager
image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.9.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthz
port: healthz
name: manager
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
- containerPort: 9440
name: healthz
protocol: TCP
- containerPort: 8443
name: metrics
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: healthz
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
runAsGroup: 65532
runAsUser: 65532
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
serviceAccountName: rke2-bootstrap-manager
terminationGracePeriodSeconds: 10
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
volumes:
- name: cert
secret:
secretName: rke2-bootstrap-webhook-service-cert
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
labels:
cluster.x-k8s.io/provider: bootstrap-rke2
name: rke2-bootstrap-serving-cert
namespace: rke2-bootstrap-system
spec:
dnsNames:
- rke2-bootstrap-webhook-service.rke2-bootstrap-system.svc
- rke2-bootstrap-webhook-service.rke2-bootstrap-system.svc.cluster.local
issuerRef:
kind: Issuer
name: rke2-bootstrap-selfsigned-issuer
secretName: rke2-bootstrap-webhook-service-cert
subject:
organizations:
- Rancher by SUSE
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
labels:
cluster.x-k8s.io/provider: bootstrap-rke2
name: rke2-bootstrap-selfsigned-issuer
namespace: rke2-bootstrap-system
spec:
selfSigned: {}
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
labels:
cluster.x-k8s.io/provider: bootstrap-rke2
name: rke2-bootstrap-mutating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: rke2-bootstrap-webhook-service
namespace: rke2-bootstrap-system
path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-rke2config
failurePolicy: Fail
name: mrke2config.kb.io
rules:
- apiGroups:
- bootstrap.cluster.x-k8s.io
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- rke2configs
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: rke2-bootstrap-webhook-service
namespace: rke2-bootstrap-system
path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-rke2configtemplate
failurePolicy: Fail
name: mrke2configtemplate.kb.io
rules:
- apiGroups:
- bootstrap.cluster.x-k8s.io
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- rke2configtemplates
sideEffects: None
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
labels:
cluster.x-k8s.io/provider: bootstrap-rke2
name: rke2-bootstrap-validating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: rke2-bootstrap-webhook-service
namespace: rke2-bootstrap-system
path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-rke2config
failurePolicy: Fail
name: vrke2config.kb.io
rules:
- apiGroups:
- bootstrap.cluster.x-k8s.io
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- rke2configs
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: rke2-bootstrap-webhook-service
namespace: rke2-bootstrap-system
path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-rke2configtemplate
failurePolicy: Fail
name: vrke2configtemplate.kb.io
rules:
- apiGroups:
- bootstrap.cluster.x-k8s.io
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- rke2configtemplates
sideEffects: None
metadata: |
# maps release series of major.minor to cluster-api contract version
# the contract version may change between minor or major versions, but *not*
# between patch versions.
#
# update this file only when a new major or minor version is released
apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3
kind: Metadata
releaseSeries:
- major: 0
minor: 1
contract: v1beta1
- major: 0
minor: 2
contract: v1beta1
- major: 0
minor: 3
contract: v1beta1
- major: 0
minor: 4
contract: v1beta1
- major: 0
minor: 5
contract: v1beta1
- major: 0
minor: 6
contract: v1beta1
- major: 0
minor: 7
contract: v1beta1
- major: 0
minor: 8
contract: v1beta1
- major: 0
minor: 9
contract: v1beta1
kind: ConfigMap
metadata:
creationTimestamp: null
name: v0.9.0
namespace: rke2-bootstrap-system
labels:
provider-components: rke2-bootstrap