forked from suse-edge/Factory
4522 lines
261 KiB
YAML
4522 lines
261 KiB
YAML
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
labels:
|
|
cluster.x-k8s.io/provider: control-plane-rke2
|
|
control-plane: controller-manager
|
|
name: rke2-control-plane-system
|
|
---
|
|
apiVersion: v1
|
|
data:
|
|
components: |
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
labels:
|
|
cluster.x-k8s.io/provider: control-plane-rke2
|
|
control-plane: controller-manager
|
|
name: rke2-control-plane-system
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
|
|
controller-gen.kubebuilder.io/version: v0.14.0
|
|
labels:
|
|
cluster.x-k8s.io/provider: control-plane-rke2
|
|
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
|
|
name: rke2controlplanes.controlplane.cluster.x-k8s.io
|
|
spec:
|
|
conversion:
|
|
strategy: Webhook
|
|
webhook:
|
|
clientConfig:
|
|
caBundle: Cg==
|
|
service:
|
|
name: rke2-control-plane-webhook-service
|
|
namespace: rke2-control-plane-system
|
|
path: /convert
|
|
conversionReviewVersions:
|
|
- v1
|
|
- v1beta1
|
|
group: controlplane.cluster.x-k8s.io
|
|
names:
|
|
kind: RKE2ControlPlane
|
|
listKind: RKE2ControlPlaneList
|
|
plural: rke2controlplanes
|
|
singular: rke2controlplane
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: RKE2ControlPlane is the Schema for the rke2controlplanes API.
|
|
properties:
|
|
apiVersion:
|
|
description: |-
|
|
APIVersion defines the versioned schema of this representation of an object.
|
|
Servers should convert recognized schemas to the latest internal value, and
|
|
may reject unrecognized values.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind is a string value representing the REST resource this object represents.
|
|
Servers may infer this from the endpoint the client submits requests to.
|
|
Cannot be updated.
|
|
In CamelCase.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: RKE2ControlPlaneSpec defines the desired state of RKE2ControlPlane.
|
|
properties:
|
|
agentConfig:
|
|
description: AgentConfig specifies configuration for the agent nodes.
|
|
properties:
|
|
additionalUserData:
|
|
description: |-
|
|
AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the
|
|
generated cloud-init/ignition script.
|
|
properties:
|
|
config:
|
|
description: |-
|
|
In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
|
|
NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp".
|
|
Deprecated: Data is reserved for the arbitrary cloud-init data
|
|
type: string
|
|
data:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
Data allows to pass arbitrary set of key/value pairs consistent with
|
|
https://cloudinit.readthedocs.io/en/latest/reference/modules.html
|
|
to extend existing cloud-init configuration
|
|
type: object
|
|
strict:
|
|
description: Strict controls if Config should be strictly
|
|
parsed. If so, warnings are treated as errors.
|
|
type: boolean
|
|
type: object
|
|
x-kubernetes-validations:
|
|
- message: Only config or data could be populated at once
|
|
rule: '!has(self.data) || !has(self.config)'
|
|
airGapped:
|
|
description: |-
|
|
AirGapped is a boolean value to define if the bootstrapping should be air-gapped,
|
|
basically supposing that online container registries and RKE2 install scripts are not reachable.
|
|
type: boolean
|
|
cisProfile:
|
|
description: CISProfile activates CIS compliance of RKE2 for a
|
|
certain profile
|
|
enum:
|
|
- cis
|
|
- cis-1.23
|
|
- cis-1.5
|
|
- cis-1.6
|
|
type: string
|
|
containerRuntimeEndpoint:
|
|
description: ContainerRuntimeEndpoint Disable embedded containerd
|
|
and use alternative CRI implementation.
|
|
type: string
|
|
dataDir:
|
|
description: DataDir Folder to hold state.
|
|
type: string
|
|
enableContainerdSElinux:
|
|
description: |-
|
|
EnableContainerdSElinux defines the policy for enabling SELinux for Containerd
|
|
if value is true, Containerd will run with selinux-enabled=true flag
|
|
if value is false, Containerd will run without the above flag
|
|
type: boolean
|
|
format:
|
|
description: Format specifies the output format of the bootstrap
|
|
data. Defaults to cloud-config.
|
|
enum:
|
|
- cloud-config
|
|
- ignition
|
|
type: string
|
|
imageCredentialProviderConfigMap:
|
|
description: |-
|
|
ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config
|
|
The config map should contain a key "credential-config.yaml" with YAML file content and
|
|
a key "credential-provider-binaries" with the a path to the binaries for the credential provider.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
kubeProxy:
|
|
description: KubeProxyArgs Customized flag for kube-proxy process.
|
|
properties:
|
|
extraArgs:
|
|
description: 'ExtraArgs is a list of command line arguments
|
|
(format: flag=value) to pass to a Kubernetes Component command.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
extraEnv:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraEnv is a map of environment variables to
|
|
pass on to a Kubernetes Component command.
|
|
type: object
|
|
extraMounts:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraMounts is a map of volume mounts to be added
|
|
for the Kubernetes component StaticPod
|
|
type: object
|
|
overrideImage:
|
|
description: OverrideImage is a string that references a container
|
|
image to override the default one for the Kubernetes Component
|
|
type: string
|
|
type: object
|
|
kubelet:
|
|
description: KubeletArgs Customized flag for kubelet process.
|
|
properties:
|
|
extraArgs:
|
|
description: 'ExtraArgs is a list of command line arguments
|
|
(format: flag=value) to pass to a Kubernetes Component command.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
extraEnv:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraEnv is a map of environment variables to
|
|
pass on to a Kubernetes Component command.
|
|
type: object
|
|
extraMounts:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraMounts is a map of volume mounts to be added
|
|
for the Kubernetes component StaticPod
|
|
type: object
|
|
overrideImage:
|
|
description: OverrideImage is a string that references a container
|
|
image to override the default one for the Kubernetes Component
|
|
type: string
|
|
type: object
|
|
kubeletPath:
|
|
description: KubeletPath Override kubelet binary path.
|
|
type: string
|
|
loadBalancerPort:
|
|
description: |-
|
|
LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are
|
|
not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444).
|
|
type: integer
|
|
nodeAnnotations:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
NodeAnnotations are annotations that are created on nodes post bootstrap phase.
|
|
Unfortunately it is not possible to apply annotations via kubelet
|
|
using current bootstrap configurations.
|
|
Issue: https://github.com/kubernetes/kubernetes/issues/108046
|
|
type: object
|
|
nodeLabels:
|
|
description: NodeLabels Registering and starting kubelet with
|
|
set of labels.
|
|
items:
|
|
type: string
|
|
type: array
|
|
nodeName:
|
|
description: NodeNamePrefix Prefix to the Node Name that CAPI
|
|
will generate.
|
|
type: string
|
|
nodeTaints:
|
|
description: NodeTaints Registering kubelet with set of taints.
|
|
items:
|
|
type: string
|
|
type: array
|
|
ntp:
|
|
description: NTP specifies NTP configuration
|
|
properties:
|
|
enabled:
|
|
description: Enabled specifies whether NTP should be enabled
|
|
type: boolean
|
|
servers:
|
|
description: Servers specifies which NTP servers to use
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
protectKernelDefaults:
|
|
description: |-
|
|
ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
|
|
if false, kernel tunable can be different from kubelet defaults
|
|
type: boolean
|
|
resolvConf:
|
|
description: ResolvConf is a reference to a ConfigMap containing
|
|
resolv.conf content for the node.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
runtimeImage:
|
|
description: RuntimeImage override image to use for runtime binaries
|
|
(containerd, kubectl, crictl, etc).
|
|
type: string
|
|
snapshotter:
|
|
description: 'Snapshotter override default containerd snapshotter
|
|
(default: "overlayfs").'
|
|
type: string
|
|
systemDefaultRegistry:
|
|
description: SystemDefaultRegistry Private registry to be used
|
|
for all system images.
|
|
type: string
|
|
version:
|
|
description: Version specifies the rke2 version.
|
|
type: string
|
|
type: object
|
|
files:
|
|
description: Files specifies extra files to be passed to user_data
|
|
upon creation.
|
|
items:
|
|
description: File defines the input for generating write_files in
|
|
cloud-init.
|
|
properties:
|
|
content:
|
|
description: Content is the actual content of the file.
|
|
type: string
|
|
contentFrom:
|
|
description: ContentFrom is a referenced source of content to
|
|
populate the file.
|
|
properties:
|
|
secret:
|
|
description: SecretFileSource represents a secret that should
|
|
populate this file.
|
|
properties:
|
|
key:
|
|
description: Key is the key in the secret's data map
|
|
for this value.
|
|
type: string
|
|
name:
|
|
description: Name of the secret in the RKE2BootstrapConfig's
|
|
namespace to use.
|
|
type: string
|
|
required:
|
|
- key
|
|
- name
|
|
type: object
|
|
required:
|
|
- secret
|
|
type: object
|
|
encoding:
|
|
description: Encoding specifies the encoding of the file contents.
|
|
enum:
|
|
- base64
|
|
- gzip
|
|
- gzip+base64
|
|
type: string
|
|
owner:
|
|
description: Owner specifies the ownership of the file, e.g.
|
|
"root:root".
|
|
type: string
|
|
path:
|
|
description: Path specifies the full path on disk where to store
|
|
the file.
|
|
type: string
|
|
permissions:
|
|
description: Permissions specifies the permissions to assign
|
|
to the file, e.g. "0640".
|
|
type: string
|
|
required:
|
|
- path
|
|
type: object
|
|
type: array
|
|
infrastructureRef:
|
|
description: |-
|
|
InfrastructureRef is a required reference to a custom resource
|
|
offered by an infrastructure provider.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
manifestsConfigMapReference:
|
|
description: |-
|
|
ManifestsConfigMapReference references a ConfigMap which contains Kubernetes manifests to be deployed automatically on the cluster
|
|
Each data entry in the ConfigMap will be will be copied to a folder on the control plane nodes that RKE2 scans and uses to deploy manifests.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
nodeDrainTimeout:
|
|
description: |-
|
|
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
|
|
The default value is 0, meaning that the node can be drained without any time limitations.
|
|
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
|
|
type: string
|
|
postRKE2Commands:
|
|
description: PostRKE2Commands specifies extra commands to run after
|
|
rke2 setup runs.
|
|
items:
|
|
type: string
|
|
type: array
|
|
preRKE2Commands:
|
|
description: PreRKE2Commands specifies extra commands to run before
|
|
rke2 setup runs.
|
|
items:
|
|
type: string
|
|
type: array
|
|
privateRegistriesConfig:
|
|
description: PrivateRegistriesConfig defines the containerd configuration
|
|
for private registries and local registry mirrors.
|
|
properties:
|
|
configs:
|
|
additionalProperties:
|
|
description: RegistryConfig contains configuration used to communicate
|
|
with the registry.
|
|
properties:
|
|
authSecret:
|
|
description: |-
|
|
Auth si a reference to a Secret containing information to authenticate to the registry.
|
|
The Secret must provite a username and a password data entry.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
tls:
|
|
description: |-
|
|
TLS is a pair of CA/Cert/Key which then are used when creating the transport
|
|
that communicates with the registry.
|
|
properties:
|
|
insecureSkipVerify:
|
|
description: InsecureSkipVerify may be set to false
|
|
to skip verifying the registry's certificate, default
|
|
is true.
|
|
type: boolean
|
|
tlsConfigSecret:
|
|
description: |-
|
|
TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt
|
|
which describe the TLS configuration necessary to connect to the registry.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: object
|
|
type: object
|
|
description: |-
|
|
Configs are configs for each registry.
|
|
The key is the FDQN or IP of the registry.
|
|
type: object
|
|
mirrors:
|
|
additionalProperties:
|
|
description: Mirror contains the config related to the registry
|
|
mirror.
|
|
properties:
|
|
endpoint:
|
|
description: |-
|
|
Endpoints are endpoints for a namespace. CRI plugin will try the endpoints
|
|
one by one until a working one is found. The endpoint must be a valid url
|
|
with host specified.
|
|
The scheme, host and path from the endpoint URL will be used.
|
|
items:
|
|
type: string
|
|
type: array
|
|
rewrite:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
Rewrites are repository rewrite rules for a namespace. When fetching image resources
|
|
from an endpoint and a key matches the repository via regular expression matching
|
|
it will be replaced with the corresponding value from the map in the resource request.
|
|
type: object
|
|
type: object
|
|
description: Mirrors are namespace to mirror mapping for all namespaces.
|
|
type: object
|
|
type: object
|
|
registrationAddress:
|
|
description: |-
|
|
RegistrationAddress is an explicit address to use when registering a node. This is required if
|
|
the registration type is "address". Its for scenarios where a load-balancer or VIP is used.
|
|
type: string
|
|
registrationMethod:
|
|
default: internal-first
|
|
description: RegistrationMethod is the method to use for registering
|
|
nodes into the RKE2 cluster.
|
|
enum:
|
|
- internal-first
|
|
- internal-only-ips
|
|
- external-only-ips
|
|
- address
|
|
type: string
|
|
replicas:
|
|
description: Replicas is the number of replicas for the Control Plane.
|
|
format: int32
|
|
type: integer
|
|
rolloutStrategy:
|
|
default:
|
|
rollingUpdate:
|
|
maxSurge: 1
|
|
type: RollingUpdate
|
|
description: The RolloutStrategy to use to replace control plane machines
|
|
with new ones.
|
|
properties:
|
|
rollingUpdate:
|
|
description: Rolling update config params. Present only if RolloutStrategyType
|
|
= RollingUpdate.
|
|
properties:
|
|
maxSurge:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: |-
|
|
The maximum number of control planes that can be scheduled above or under the
|
|
desired number of control planes.
|
|
Value can be an absolute number 1 or 0.
|
|
Defaults to 1.
|
|
Example: when this is set to 1, the control plane can be scaled
|
|
up immediately when the rolling update starts.
|
|
x-kubernetes-int-or-string: true
|
|
type: object
|
|
type:
|
|
description: |-
|
|
Type of rollout. Currently the only supported strategy is "RollingUpdate".
|
|
Default is RollingUpdate.
|
|
type: string
|
|
type: object
|
|
serverConfig:
|
|
description: ServerConfig specifies configuration for the agent nodes.
|
|
properties:
|
|
advertiseAddress:
|
|
description: 'AdvertiseAddress IP address that apiserver uses
|
|
to advertise to members of the cluster (default: node-external-ip/node-ip).'
|
|
type: string
|
|
auditPolicySecret:
|
|
description: AuditPolicySecret path to the file that defines the
|
|
audit policy configuration.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
bindAddress:
|
|
description: 'BindAddress describes the rke2 bind address (default:
|
|
0.0.0.0).'
|
|
type: string
|
|
cloudControllerManager:
|
|
description: CloudControllerManager defines optional custom configuration
|
|
of the Cloud Controller Manager.
|
|
properties:
|
|
extraArgs:
|
|
description: 'ExtraArgs is a list of command line arguments
|
|
(format: flag=value) to pass to a Kubernetes Component command.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
extraEnv:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraEnv is a map of environment variables to
|
|
pass on to a Kubernetes Component command.
|
|
type: object
|
|
extraMounts:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraMounts is a map of volume mounts to be added
|
|
for the Kubernetes component StaticPod
|
|
type: object
|
|
overrideImage:
|
|
description: OverrideImage is a string that references a container
|
|
image to override the default one for the Kubernetes Component
|
|
type: string
|
|
type: object
|
|
cloudProviderConfigMap:
|
|
description: |-
|
|
CloudProviderConfigMap is a reference to a ConfigMap containing Cloud provider configuration.
|
|
The config map must contain a key named cloud-config.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
cloudProviderName:
|
|
description: CloudProviderName cloud provider name.
|
|
type: string
|
|
clusterDNS:
|
|
description: 'ClusterDNS is the cluster IP for CoreDNS service.
|
|
Should be in your service-cidr range (default: 10.43.0.10).'
|
|
type: string
|
|
clusterDomain:
|
|
description: 'ClusterDomain is the cluster domain name (default:
|
|
"cluster.local").'
|
|
type: string
|
|
cni:
|
|
description: |-
|
|
CNI describes the CNI Plugins to deploy, one of none, calico, canal, cilium;
|
|
optionally with multus as the first value to enable the multus meta-plugin (default: canal).
|
|
enum:
|
|
- none
|
|
- calico
|
|
- canal
|
|
- cilium
|
|
type: string
|
|
cniMultusEnable:
|
|
description: |-
|
|
CNIMultusEnable enables multus as the first CNI plugin (default: false).
|
|
This option will automatically make Multus a primary CNI, and the value, if specified in the CNI field, as a secondary CNI plugin.
|
|
type: boolean
|
|
disableComponents:
|
|
description: DisableComponents lists Kubernetes components and
|
|
RKE2 plugin components that will be disabled.
|
|
properties:
|
|
kubernetesComponents:
|
|
description: KubernetesComponents is a list of Kubernetes
|
|
components to disable.
|
|
items:
|
|
description: 'DisabledKubernetesComponent is an enum field
|
|
that can take one of the following values: scheduler,
|
|
kubeProxy or cloudController.'
|
|
enum:
|
|
- scheduler
|
|
- kubeProxy
|
|
- cloudController
|
|
type: string
|
|
type: array
|
|
pluginComponents:
|
|
description: PluginComponents is a list of PluginComponents
|
|
to disable.
|
|
items:
|
|
description: DisabledPluginComponent selects a plugin Components
|
|
to be disabled.
|
|
enum:
|
|
- rke2-coredns
|
|
- rke2-ingress-nginx
|
|
- rke2-metrics-server
|
|
type: string
|
|
type: array
|
|
type: object
|
|
etcd:
|
|
description: Etcd defines optional custom configuration of ETCD.
|
|
properties:
|
|
backupConfig:
|
|
description: 'BackupConfig defines how RKE2 will snapshot
|
|
ETCD: target storage, schedule, etc.'
|
|
properties:
|
|
directory:
|
|
description: Directory to save db snapshots.
|
|
type: string
|
|
disableAutomaticSnapshots:
|
|
description: |-
|
|
DisableAutomaticSnapshots defines the policy for ETCD snapshots.
|
|
true means automatic snapshots will be scheduled, false means automatic snapshots will not be scheduled.
|
|
type: boolean
|
|
retention:
|
|
description: 'Retention Number of snapshots to retain
|
|
Default: 5 (default: 5).'
|
|
type: string
|
|
s3:
|
|
description: S3 Enable backup to an S3-compatible Object
|
|
Store.
|
|
properties:
|
|
bucket:
|
|
description: Bucket S3 bucket name.
|
|
type: string
|
|
endpoint:
|
|
description: 'Endpoint S3 endpoint url (default: "s3.amazonaws.com").'
|
|
type: string
|
|
endpointCAsecret:
|
|
description: |-
|
|
EndpointCA references the Secret that contains a custom CA that should be trusted to connect to S3 endpoint.
|
|
The secret must contain a key named "ca.pem" that contains the CA certificate.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
enforceSslVerify:
|
|
description: EnforceSSLVerify may be set to false
|
|
to skip verifying the registry's certificate, default
|
|
is true.
|
|
type: boolean
|
|
folder:
|
|
description: Folder S3 folder.
|
|
type: string
|
|
region:
|
|
description: 'Region S3 region / bucket location (optional)
|
|
(default: "us-east-1").'
|
|
type: string
|
|
s3CredentialSecret:
|
|
description: |-
|
|
S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket.
|
|
The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key".
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
required:
|
|
- endpoint
|
|
- s3CredentialSecret
|
|
type: object
|
|
scheduleCron:
|
|
description: 'ScheduleCron Snapshot interval time in cron
|
|
spec. eg. every 5 hours ''* */5 * * *'' (default: "0
|
|
*/12 * * *").'
|
|
type: string
|
|
snapshotName:
|
|
description: 'SnapshotName Set the base name of etcd snapshots.
|
|
Default: etcd-snapshot-<unix-timestamp> (default: "etcd-snapshot").'
|
|
type: string
|
|
type: object
|
|
customConfig:
|
|
description: CustomConfig defines the custom settings for
|
|
ETCD.
|
|
properties:
|
|
extraArgs:
|
|
description: 'ExtraArgs is a list of command line arguments
|
|
(format: flag=value) to pass to a Kubernetes Component
|
|
command.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
extraEnv:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraEnv is a map of environment variables
|
|
to pass on to a Kubernetes Component command.
|
|
type: object
|
|
extraMounts:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraMounts is a map of volume mounts to
|
|
be added for the Kubernetes component StaticPod
|
|
type: object
|
|
overrideImage:
|
|
description: OverrideImage is a string that references
|
|
a container image to override the default one for the
|
|
Kubernetes Component
|
|
type: string
|
|
type: object
|
|
exposeMetrics:
|
|
description: |-
|
|
ExposeEtcdMetrics defines the policy for ETCD Metrics exposure.
|
|
if value is true, ETCD metrics will be exposed
|
|
if value is false, ETCD metrics will NOT be exposed
|
|
type: boolean
|
|
type: object
|
|
kubeAPIServer:
|
|
description: KubeAPIServer defines optional custom configuration
|
|
of the Kube API Server.
|
|
properties:
|
|
extraArgs:
|
|
description: 'ExtraArgs is a list of command line arguments
|
|
(format: flag=value) to pass to a Kubernetes Component command.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
extraEnv:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraEnv is a map of environment variables to
|
|
pass on to a Kubernetes Component command.
|
|
type: object
|
|
extraMounts:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraMounts is a map of volume mounts to be added
|
|
for the Kubernetes component StaticPod
|
|
type: object
|
|
overrideImage:
|
|
description: OverrideImage is a string that references a container
|
|
image to override the default one for the Kubernetes Component
|
|
type: string
|
|
type: object
|
|
kubeControllerManager:
|
|
description: KubeControllerManager defines optional custom configuration
|
|
of the Kube Controller Manager.
|
|
properties:
|
|
extraArgs:
|
|
description: 'ExtraArgs is a list of command line arguments
|
|
(format: flag=value) to pass to a Kubernetes Component command.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
extraEnv:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraEnv is a map of environment variables to
|
|
pass on to a Kubernetes Component command.
|
|
type: object
|
|
extraMounts:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraMounts is a map of volume mounts to be added
|
|
for the Kubernetes component StaticPod
|
|
type: object
|
|
overrideImage:
|
|
description: OverrideImage is a string that references a container
|
|
image to override the default one for the Kubernetes Component
|
|
type: string
|
|
type: object
|
|
kubeScheduler:
|
|
description: KubeScheduler defines optional custom configuration
|
|
of the Kube Scheduler.
|
|
properties:
|
|
extraArgs:
|
|
description: 'ExtraArgs is a list of command line arguments
|
|
(format: flag=value) to pass to a Kubernetes Component command.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
extraEnv:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraEnv is a map of environment variables to
|
|
pass on to a Kubernetes Component command.
|
|
type: object
|
|
extraMounts:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraMounts is a map of volume mounts to be added
|
|
for the Kubernetes component StaticPod
|
|
type: object
|
|
overrideImage:
|
|
description: OverrideImage is a string that references a container
|
|
image to override the default one for the Kubernetes Component
|
|
type: string
|
|
type: object
|
|
pauseImage:
|
|
description: PauseImage Override image to use for pause.
|
|
type: string
|
|
serviceNodePortRange:
|
|
description: 'ServiceNodePortRange is the port range to reserve
|
|
for services with NodePort visibility (default: "30000-32767").'
|
|
type: string
|
|
tlsSan:
|
|
description: TLSSan Add additional hostname or IP as a Subject
|
|
Alternative Name in the TLS cert.
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
required:
|
|
- infrastructureRef
|
|
type: object
|
|
status:
|
|
description: RKE2ControlPlaneStatus defines the observed state of RKE2ControlPlane.
|
|
properties:
|
|
availableServerIPs:
|
|
description: AvailableServerIPs is a list of the Control Plane IP
|
|
adds that can be used to register further nodes.
|
|
items:
|
|
type: string
|
|
type: array
|
|
conditions:
|
|
description: Conditions defines current service state of the RKE2Config.
|
|
items:
|
|
description: Condition defines an observation of a Cluster API resource
|
|
operational state.
|
|
properties:
|
|
lastTransitionTime:
|
|
description: |-
|
|
Last time the condition transitioned from one status to another.
|
|
This should be when the underlying condition changed. If that is not known, then using the time when
|
|
the API field changed is acceptable.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: |-
|
|
A human readable message indicating details about the transition.
|
|
This field may be empty.
|
|
type: string
|
|
reason:
|
|
description: |-
|
|
The reason for the condition's last transition in CamelCase.
|
|
The specific API may choose whether or not this field is considered a guaranteed API.
|
|
This field may not be empty.
|
|
type: string
|
|
severity:
|
|
description: |-
|
|
Severity provides an explicit classification of Reason code, so the users or machines can immediately
|
|
understand the current situation and act accordingly.
|
|
The Severity field MUST be set only when Status=False.
|
|
type: string
|
|
status:
|
|
description: Status of the condition, one of True, False, Unknown.
|
|
type: string
|
|
type:
|
|
description: |-
|
|
Type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
|
|
can be useful (see .node.status.conditions), the ability to deconflict is important.
|
|
type: string
|
|
required:
|
|
- lastTransitionTime
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
dataSecretName:
|
|
description: DataSecretName is the name of the secret that stores
|
|
the bootstrap data script.
|
|
type: string
|
|
failureMessage:
|
|
description: FailureMessage will be set on non-retryable errors.
|
|
type: string
|
|
failureReason:
|
|
description: FailureReason will be set on non-retryable errors.
|
|
type: string
|
|
initialized:
|
|
description: Initialized indicates the target cluster has completed
|
|
initialization.
|
|
type: boolean
|
|
observedGeneration:
|
|
description: ObservedGeneration is the latest generation observed
|
|
by the controller.
|
|
format: int64
|
|
type: integer
|
|
ready:
|
|
description: Ready indicates the BootstrapData field is ready to be
|
|
consumed.
|
|
type: boolean
|
|
readyReplicas:
|
|
description: ReadyReplicas is the number of replicas current attached
|
|
to this ControlPlane Resource and that have Ready Status.
|
|
format: int32
|
|
type: integer
|
|
replicas:
|
|
description: Replicas is the number of replicas current attached to
|
|
this ControlPlane Resource.
|
|
format: int32
|
|
type: integer
|
|
unavailableReplicas:
|
|
description: UnavailableReplicas is the number of replicas current
|
|
attached to this ControlPlane Resource and that are up-to-date with
|
|
Control Plane config.
|
|
format: int32
|
|
type: integer
|
|
updatedReplicas:
|
|
description: UpdatedReplicas is the number of replicas current attached
|
|
to this ControlPlane Resource and that are up-to-date with Control
|
|
Plane config.
|
|
format: int32
|
|
type: integer
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: false
|
|
subresources:
|
|
status: {}
|
|
- name: v1beta1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: RKE2ControlPlane is the Schema for the rke2controlplanes API.
|
|
properties:
|
|
apiVersion:
|
|
description: |-
|
|
APIVersion defines the versioned schema of this representation of an object.
|
|
Servers should convert recognized schemas to the latest internal value, and
|
|
may reject unrecognized values.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind is a string value representing the REST resource this object represents.
|
|
Servers may infer this from the endpoint the client submits requests to.
|
|
Cannot be updated.
|
|
In CamelCase.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: RKE2ControlPlaneSpec defines the desired state of RKE2ControlPlane.
|
|
properties:
|
|
agentConfig:
|
|
description: AgentConfig specifies configuration for the agent nodes.
|
|
properties:
|
|
additionalUserData:
|
|
description: |-
|
|
AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the
|
|
generated cloud-init/ignition script.
|
|
properties:
|
|
config:
|
|
description: |-
|
|
In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
|
|
NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp".
|
|
type: string
|
|
data:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
Data allows to pass arbitrary set of key/value pairs consistent with
|
|
https://cloudinit.readthedocs.io/en/latest/reference/modules.html
|
|
to extend existing cloud-init configuration
|
|
type: object
|
|
strict:
|
|
description: Strict controls if Config should be strictly
|
|
parsed. If so, warnings are treated as errors.
|
|
type: boolean
|
|
type: object
|
|
x-kubernetes-validations:
|
|
- message: Only config or data could be populated at once
|
|
rule: '!has(self.data) || !has(self.config)'
|
|
airGapped:
|
|
description: |-
|
|
AirGapped is a boolean value to define if the bootstrapping should be air-gapped,
|
|
basically supposing that online container registries and RKE2 install scripts are not reachable.
|
|
type: boolean
|
|
airGappedChecksum:
|
|
description: |-
|
|
AirGappedChecksum is a string value with a sha256sum checksum to compare with checksum
|
|
of existing sha256sum-<arch>.txt file for packages already available on the machine
|
|
before performing air-gapped installation.
|
|
type: string
|
|
cisProfile:
|
|
description: CISProfile activates CIS compliance of RKE2 for a
|
|
certain profile
|
|
enum:
|
|
- cis
|
|
- cis-1.23
|
|
- cis-1.5
|
|
- cis-1.6
|
|
type: string
|
|
containerRuntimeEndpoint:
|
|
description: ContainerRuntimeEndpoint Disable embedded containerd
|
|
and use alternative CRI implementation.
|
|
type: string
|
|
dataDir:
|
|
description: DataDir Folder to hold state.
|
|
type: string
|
|
enableContainerdSElinux:
|
|
description: |-
|
|
EnableContainerdSElinux defines the policy for enabling SELinux for Containerd
|
|
if value is true, Containerd will run with selinux-enabled=true flag
|
|
if value is false, Containerd will run without the above flag
|
|
type: boolean
|
|
format:
|
|
description: Format specifies the output format of the bootstrap
|
|
data. Defaults to cloud-config.
|
|
enum:
|
|
- cloud-config
|
|
- ignition
|
|
type: string
|
|
imageCredentialProviderConfigMap:
|
|
description: |-
|
|
ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config
|
|
The config map should contain a key "credential-config.yaml" with YAML file content and
|
|
a key "credential-provider-binaries" with the a path to the binaries for the credential provider.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
kubeProxy:
|
|
description: KubeProxyArgs Customized flag for kube-proxy process.
|
|
properties:
|
|
extraArgs:
|
|
description: 'ExtraArgs is a list of command line arguments
|
|
(format: flag=value) to pass to a Kubernetes Component command.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
extraEnv:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraEnv is a map of environment variables to
|
|
pass on to a Kubernetes Component command.
|
|
type: object
|
|
extraMounts:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraMounts is a map of volume mounts to be added
|
|
for the Kubernetes component StaticPod
|
|
type: object
|
|
overrideImage:
|
|
description: OverrideImage is a string that references a container
|
|
image to override the default one for the Kubernetes Component
|
|
type: string
|
|
type: object
|
|
kubelet:
|
|
description: KubeletArgs Customized flag for kubelet process.
|
|
properties:
|
|
extraArgs:
|
|
description: 'ExtraArgs is a list of command line arguments
|
|
(format: flag=value) to pass to a Kubernetes Component command.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
extraEnv:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraEnv is a map of environment variables to
|
|
pass on to a Kubernetes Component command.
|
|
type: object
|
|
extraMounts:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraMounts is a map of volume mounts to be added
|
|
for the Kubernetes component StaticPod
|
|
type: object
|
|
overrideImage:
|
|
description: OverrideImage is a string that references a container
|
|
image to override the default one for the Kubernetes Component
|
|
type: string
|
|
type: object
|
|
kubeletPath:
|
|
description: KubeletPath Override kubelet binary path.
|
|
type: string
|
|
loadBalancerPort:
|
|
description: |-
|
|
LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are
|
|
not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444).
|
|
type: integer
|
|
nodeAnnotations:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
NodeAnnotations are annotations that are created on nodes post bootstrap phase.
|
|
Unfortunately it is not possible to apply annotations via kubelet
|
|
using current bootstrap configurations.
|
|
Issue: https://github.com/kubernetes/kubernetes/issues/108046
|
|
type: object
|
|
nodeLabels:
|
|
description: NodeLabels Registering and starting kubelet with
|
|
set of labels.
|
|
items:
|
|
type: string
|
|
type: array
|
|
nodeName:
|
|
description: NodeNamePrefix Prefix to the Node Name that CAPI
|
|
will generate.
|
|
type: string
|
|
nodeTaints:
|
|
description: NodeTaints Registering kubelet with set of taints.
|
|
items:
|
|
type: string
|
|
type: array
|
|
ntp:
|
|
description: NTP specifies NTP configuration
|
|
properties:
|
|
enabled:
|
|
description: Enabled specifies whether NTP should be enabled
|
|
type: boolean
|
|
servers:
|
|
description: Servers specifies which NTP servers to use
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
podSecurityAdmissionConfigFile:
|
|
description: |-
|
|
PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through
|
|
spec.Files field.
|
|
type: string
|
|
protectKernelDefaults:
|
|
description: |-
|
|
ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
|
|
if false, kernel tunable can be different from kubelet defaults
|
|
type: boolean
|
|
resolvConf:
|
|
description: ResolvConf is a reference to a ConfigMap containing
|
|
resolv.conf content for the node.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
runtimeImage:
|
|
description: RuntimeImage override image to use for runtime binaries
|
|
(containerd, kubectl, crictl, etc).
|
|
type: string
|
|
snapshotter:
|
|
description: 'Snapshotter override default containerd snapshotter
|
|
(default: "overlayfs").'
|
|
type: string
|
|
systemDefaultRegistry:
|
|
description: SystemDefaultRegistry Private registry to be used
|
|
for all system images.
|
|
type: string
|
|
type: object
|
|
files:
|
|
description: Files specifies extra files to be passed to user_data
|
|
upon creation.
|
|
items:
|
|
description: File defines the input for generating write_files in
|
|
cloud-init.
|
|
properties:
|
|
content:
|
|
description: Content is the actual content of the file.
|
|
type: string
|
|
contentFrom:
|
|
description: ContentFrom is a referenced source of content to
|
|
populate the file.
|
|
properties:
|
|
secret:
|
|
description: SecretFileSource represents a secret that should
|
|
populate this file.
|
|
properties:
|
|
key:
|
|
description: Key is the key in the secret's data map
|
|
for this value.
|
|
type: string
|
|
name:
|
|
description: Name of the secret in the RKE2BootstrapConfig's
|
|
namespace to use.
|
|
type: string
|
|
required:
|
|
- key
|
|
- name
|
|
type: object
|
|
required:
|
|
- secret
|
|
type: object
|
|
encoding:
|
|
description: Encoding specifies the encoding of the file contents.
|
|
enum:
|
|
- base64
|
|
- gzip
|
|
- gzip+base64
|
|
type: string
|
|
owner:
|
|
description: Owner specifies the ownership of the file, e.g.
|
|
"root:root".
|
|
type: string
|
|
path:
|
|
description: Path specifies the full path on disk where to store
|
|
the file.
|
|
type: string
|
|
permissions:
|
|
description: Permissions specifies the permissions to assign
|
|
to the file, e.g. "0640".
|
|
type: string
|
|
required:
|
|
- path
|
|
type: object
|
|
type: array
|
|
infrastructureRef:
|
|
description: |-
|
|
InfrastructureRef is a required reference to a custom resource
|
|
offered by an infrastructure provider.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
machineTemplate:
|
|
description: |-
|
|
MachineTemplate contains information about how machines
|
|
should be shaped when creating or updating a control plane.
|
|
properties:
|
|
infrastructureRef:
|
|
description: |-
|
|
InfrastructureRef is a required reference to a custom resource
|
|
offered by an infrastructure provider.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
metadata:
|
|
description: |-
|
|
Standard object's metadata.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
|
|
properties:
|
|
annotations:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
Annotations is an unstructured key value map stored with a resource that may be
|
|
set by external tools to store and retrieve arbitrary metadata. They are not
|
|
queryable and should be preserved when modifying objects.
|
|
More info: http://kubernetes.io/docs/user-guide/annotations
|
|
type: object
|
|
labels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
Map of string keys and values that can be used to organize and categorize
|
|
(scope and select) objects. May match selectors of replication controllers
|
|
and services.
|
|
More info: http://kubernetes.io/docs/user-guide/labels
|
|
type: object
|
|
type: object
|
|
nodeDrainTimeout:
|
|
description: |-
|
|
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
|
|
The default value is 0, meaning that the node can be drained without any time limitations.
|
|
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
|
|
type: string
|
|
required:
|
|
- infrastructureRef
|
|
type: object
|
|
manifestsConfigMapReference:
|
|
description: |-
|
|
ManifestsConfigMapReference references a ConfigMap which contains Kubernetes manifests to be deployed automatically on the cluster
|
|
Each data entry in the ConfigMap will be will be copied to a folder on the control plane nodes that RKE2 scans and uses to deploy manifests.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
nodeDrainTimeout:
|
|
description: |-
|
|
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
|
|
The default value is 0, meaning that the node can be drained without any time limitations.
|
|
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
|
|
type: string
|
|
postRKE2Commands:
|
|
description: PostRKE2Commands specifies extra commands to run after
|
|
rke2 setup runs.
|
|
items:
|
|
type: string
|
|
type: array
|
|
preRKE2Commands:
|
|
description: PreRKE2Commands specifies extra commands to run before
|
|
rke2 setup runs.
|
|
items:
|
|
type: string
|
|
type: array
|
|
privateRegistriesConfig:
|
|
description: PrivateRegistriesConfig defines the containerd configuration
|
|
for private registries and local registry mirrors.
|
|
properties:
|
|
configs:
|
|
additionalProperties:
|
|
description: RegistryConfig contains configuration used to communicate
|
|
with the registry.
|
|
properties:
|
|
authSecret:
|
|
description: |-
|
|
Auth is a reference to a Secret containing information to authenticate to the registry.
|
|
The Secret must provite a username and a password data entry.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
tls:
|
|
description: |-
|
|
TLS is a pair of CA/Cert/Key which then are used when creating the transport
|
|
that communicates with the registry.
|
|
properties:
|
|
insecureSkipVerify:
|
|
description: InsecureSkipVerify may be set to false
|
|
to skip verifying the registry's certificate, default
|
|
is true.
|
|
type: boolean
|
|
tlsConfigSecret:
|
|
description: |-
|
|
TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt
|
|
which describe the TLS configuration necessary to connect to the registry.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: object
|
|
type: object
|
|
description: |-
|
|
Configs are configs for each registry.
|
|
The key is the FDQN or IP of the registry.
|
|
type: object
|
|
mirrors:
|
|
additionalProperties:
|
|
description: Mirror contains the config related to the registry
|
|
mirror.
|
|
properties:
|
|
endpoint:
|
|
description: |-
|
|
Endpoints are endpoints for a namespace. CRI plugin will try the endpoints
|
|
one by one until a working one is found. The endpoint must be a valid url
|
|
with host specified.
|
|
The scheme, host and path from the endpoint URL will be used.
|
|
items:
|
|
type: string
|
|
type: array
|
|
rewrite:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
Rewrites are repository rewrite rules for a namespace. When fetching image resources
|
|
from an endpoint and a key matches the repository via regular expression matching
|
|
it will be replaced with the corresponding value from the map in the resource request.
|
|
type: object
|
|
type: object
|
|
description: Mirrors are namespace to mirror mapping for all namespaces.
|
|
type: object
|
|
type: object
|
|
registrationAddress:
|
|
description: |-
|
|
RegistrationAddress is an explicit address to use when registering a node. This is required if
|
|
the registration type is "address". Its for scenarios where a load-balancer or VIP is used.
|
|
type: string
|
|
registrationMethod:
|
|
description: RegistrationMethod is the method to use for registering
|
|
nodes into the RKE2 cluster.
|
|
enum:
|
|
- internal-first
|
|
- internal-only-ips
|
|
- external-only-ips
|
|
- address
|
|
- control-plane-endpoint
|
|
- ""
|
|
type: string
|
|
replicas:
|
|
description: Replicas is the number of replicas for the Control Plane.
|
|
format: int32
|
|
type: integer
|
|
rolloutStrategy:
|
|
description: The RolloutStrategy to use to replace control plane machines
|
|
with new ones.
|
|
properties:
|
|
rollingUpdate:
|
|
description: Rolling update config params. Present only if RolloutStrategyType
|
|
= RollingUpdate.
|
|
properties:
|
|
maxSurge:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: |-
|
|
The maximum number of control planes that can be scheduled above or under the
|
|
desired number of control planes.
|
|
Value can be an absolute number 1 or 0.
|
|
Defaults to 1.
|
|
Example: when this is set to 1, the control plane can be scaled
|
|
up immediately when the rolling update starts.
|
|
x-kubernetes-int-or-string: true
|
|
type: object
|
|
type:
|
|
description: |-
|
|
Type of rollout. Currently the only supported strategy is "RollingUpdate".
|
|
Default is RollingUpdate.
|
|
type: string
|
|
type: object
|
|
serverConfig:
|
|
description: ServerConfig specifies configuration for the agent nodes.
|
|
properties:
|
|
advertiseAddress:
|
|
description: 'AdvertiseAddress IP address that apiserver uses
|
|
to advertise to members of the cluster (default: node-external-ip/node-ip).'
|
|
type: string
|
|
auditPolicySecret:
|
|
description: AuditPolicySecret path to the file that defines the
|
|
audit policy configuration.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
bindAddress:
|
|
description: 'BindAddress describes the rke2 bind address (default:
|
|
0.0.0.0).'
|
|
type: string
|
|
cloudControllerManager:
|
|
description: CloudControllerManager defines optional custom configuration
|
|
of the Cloud Controller Manager.
|
|
properties:
|
|
extraArgs:
|
|
description: 'ExtraArgs is a list of command line arguments
|
|
(format: flag=value) to pass to a Kubernetes Component command.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
extraEnv:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraEnv is a map of environment variables to
|
|
pass on to a Kubernetes Component command.
|
|
type: object
|
|
extraMounts:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraMounts is a map of volume mounts to be added
|
|
for the Kubernetes component StaticPod
|
|
type: object
|
|
overrideImage:
|
|
description: OverrideImage is a string that references a container
|
|
image to override the default one for the Kubernetes Component
|
|
type: string
|
|
type: object
|
|
cloudProviderConfigMap:
|
|
description: |-
|
|
CloudProviderConfigMap is a reference to a ConfigMap containing Cloud provider configuration.
|
|
The config map must contain a key named cloud-config.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
cloudProviderName:
|
|
description: CloudProviderName cloud provider name.
|
|
type: string
|
|
clusterDNS:
|
|
description: 'ClusterDNS is the cluster IP for CoreDNS service.
|
|
Should be in your service-cidr range (default: 10.43.0.10).'
|
|
type: string
|
|
clusterDomain:
|
|
description: 'ClusterDomain is the cluster domain name (default:
|
|
"cluster.local").'
|
|
type: string
|
|
cni:
|
|
description: |-
|
|
CNI describes the CNI Plugins to deploy, one of none, calico, canal, cilium;
|
|
optionally with multus as the first value to enable the multus meta-plugin (default: canal).
|
|
enum:
|
|
- none
|
|
- calico
|
|
- canal
|
|
- cilium
|
|
type: string
|
|
cniMultusEnable:
|
|
description: |-
|
|
CNIMultusEnable enables multus as the first CNI plugin (default: false).
|
|
This option will automatically make Multus a primary CNI, and the value, if specified in the CNI field, as a secondary CNI plugin.
|
|
type: boolean
|
|
disableComponents:
|
|
description: DisableComponents lists Kubernetes components and
|
|
RKE2 plugin components that will be disabled.
|
|
properties:
|
|
kubernetesComponents:
|
|
description: KubernetesComponents is a list of Kubernetes
|
|
components to disable.
|
|
items:
|
|
description: 'DisabledKubernetesComponent is an enum field
|
|
that can take one of the following values: scheduler,
|
|
kubeProxy or cloudController.'
|
|
enum:
|
|
- scheduler
|
|
- kubeProxy
|
|
- cloudController
|
|
type: string
|
|
type: array
|
|
pluginComponents:
|
|
description: PluginComponents is a list of PluginComponents
|
|
to disable.
|
|
items:
|
|
description: DisabledPluginComponent selects a plugin Components
|
|
to be disabled.
|
|
enum:
|
|
- rke2-coredns
|
|
- rke2-ingress-nginx
|
|
- rke2-metrics-server
|
|
type: string
|
|
type: array
|
|
type: object
|
|
etcd:
|
|
description: Etcd defines optional custom configuration of ETCD.
|
|
properties:
|
|
backupConfig:
|
|
description: 'BackupConfig defines how RKE2 will snapshot
|
|
ETCD: target storage, schedule, etc.'
|
|
properties:
|
|
directory:
|
|
description: Directory to save db snapshots.
|
|
type: string
|
|
disableAutomaticSnapshots:
|
|
description: |-
|
|
DisableAutomaticSnapshots defines the policy for ETCD snapshots.
|
|
true means automatic snapshots will be scheduled, false means automatic snapshots will not be scheduled.
|
|
type: boolean
|
|
retention:
|
|
description: 'Retention Number of snapshots to retain
|
|
Default: 5 (default: 5).'
|
|
type: string
|
|
s3:
|
|
description: S3 Enable backup to an S3-compatible Object
|
|
Store.
|
|
properties:
|
|
bucket:
|
|
description: Bucket S3 bucket name.
|
|
type: string
|
|
endpoint:
|
|
description: 'Endpoint S3 endpoint url (default: "s3.amazonaws.com").'
|
|
type: string
|
|
endpointCAsecret:
|
|
description: |-
|
|
EndpointCA references the Secret that contains a custom CA that should be trusted to connect to S3 endpoint.
|
|
The secret must contain a key named "ca.pem" that contains the CA certificate.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
enforceSslVerify:
|
|
description: EnforceSSLVerify may be set to false
|
|
to skip verifying the registry's certificate, default
|
|
is true.
|
|
type: boolean
|
|
folder:
|
|
description: Folder S3 folder.
|
|
type: string
|
|
region:
|
|
description: 'Region S3 region / bucket location (optional)
|
|
(default: "us-east-1").'
|
|
type: string
|
|
s3CredentialSecret:
|
|
description: |-
|
|
S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket.
|
|
The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key".
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
required:
|
|
- endpoint
|
|
- s3CredentialSecret
|
|
type: object
|
|
scheduleCron:
|
|
description: 'ScheduleCron Snapshot interval time in cron
|
|
spec. eg. every 5 hours ''* */5 * * *'' (default: "0
|
|
*/12 * * *").'
|
|
type: string
|
|
snapshotName:
|
|
description: 'SnapshotName Set the base name of etcd snapshots.
|
|
Default: etcd-snapshot-<unix-timestamp> (default: "etcd-snapshot").'
|
|
type: string
|
|
type: object
|
|
customConfig:
|
|
description: CustomConfig defines the custom settings for
|
|
ETCD.
|
|
properties:
|
|
extraArgs:
|
|
description: 'ExtraArgs is a list of command line arguments
|
|
(format: flag=value) to pass to a Kubernetes Component
|
|
command.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
extraEnv:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraEnv is a map of environment variables
|
|
to pass on to a Kubernetes Component command.
|
|
type: object
|
|
extraMounts:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraMounts is a map of volume mounts to
|
|
be added for the Kubernetes component StaticPod
|
|
type: object
|
|
overrideImage:
|
|
description: OverrideImage is a string that references
|
|
a container image to override the default one for the
|
|
Kubernetes Component
|
|
type: string
|
|
type: object
|
|
exposeMetrics:
|
|
description: |-
|
|
ExposeEtcdMetrics defines the policy for ETCD Metrics exposure.
|
|
if value is true, ETCD metrics will be exposed
|
|
if value is false, ETCD metrics will NOT be exposed
|
|
type: boolean
|
|
type: object
|
|
kubeAPIServer:
|
|
description: KubeAPIServer defines optional custom configuration
|
|
of the Kube API Server.
|
|
properties:
|
|
extraArgs:
|
|
description: 'ExtraArgs is a list of command line arguments
|
|
(format: flag=value) to pass to a Kubernetes Component command.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
extraEnv:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraEnv is a map of environment variables to
|
|
pass on to a Kubernetes Component command.
|
|
type: object
|
|
extraMounts:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraMounts is a map of volume mounts to be added
|
|
for the Kubernetes component StaticPod
|
|
type: object
|
|
overrideImage:
|
|
description: OverrideImage is a string that references a container
|
|
image to override the default one for the Kubernetes Component
|
|
type: string
|
|
type: object
|
|
kubeControllerManager:
|
|
description: KubeControllerManager defines optional custom configuration
|
|
of the Kube Controller Manager.
|
|
properties:
|
|
extraArgs:
|
|
description: 'ExtraArgs is a list of command line arguments
|
|
(format: flag=value) to pass to a Kubernetes Component command.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
extraEnv:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraEnv is a map of environment variables to
|
|
pass on to a Kubernetes Component command.
|
|
type: object
|
|
extraMounts:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraMounts is a map of volume mounts to be added
|
|
for the Kubernetes component StaticPod
|
|
type: object
|
|
overrideImage:
|
|
description: OverrideImage is a string that references a container
|
|
image to override the default one for the Kubernetes Component
|
|
type: string
|
|
type: object
|
|
kubeScheduler:
|
|
description: KubeScheduler defines optional custom configuration
|
|
of the Kube Scheduler.
|
|
properties:
|
|
extraArgs:
|
|
description: 'ExtraArgs is a list of command line arguments
|
|
(format: flag=value) to pass to a Kubernetes Component command.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
extraEnv:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraEnv is a map of environment variables to
|
|
pass on to a Kubernetes Component command.
|
|
type: object
|
|
extraMounts:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraMounts is a map of volume mounts to be added
|
|
for the Kubernetes component StaticPod
|
|
type: object
|
|
overrideImage:
|
|
description: OverrideImage is a string that references a container
|
|
image to override the default one for the Kubernetes Component
|
|
type: string
|
|
type: object
|
|
pauseImage:
|
|
description: PauseImage Override image to use for pause.
|
|
type: string
|
|
serviceNodePortRange:
|
|
description: 'ServiceNodePortRange is the port range to reserve
|
|
for services with NodePort visibility (default: "30000-32767").'
|
|
type: string
|
|
tlsSan:
|
|
description: TLSSan Add additional hostname or IP as a Subject
|
|
Alternative Name in the TLS cert.
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
version:
|
|
description: |-
|
|
Version defines the desired Kubernetes version.
|
|
This field takes precedence over RKE2ConfigSpec.AgentConfig.Version (which is deprecated).
|
|
pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$
|
|
type: string
|
|
required:
|
|
- infrastructureRef
|
|
- rolloutStrategy
|
|
type: object
|
|
status:
|
|
description: RKE2ControlPlaneStatus defines the observed state of RKE2ControlPlane.
|
|
properties:
|
|
availableServerIPs:
|
|
description: AvailableServerIPs is a list of the Control Plane IP
|
|
adds that can be used to register further nodes.
|
|
items:
|
|
type: string
|
|
type: array
|
|
conditions:
|
|
description: Conditions defines current service state of the RKE2Config.
|
|
items:
|
|
description: Condition defines an observation of a Cluster API resource
|
|
operational state.
|
|
properties:
|
|
lastTransitionTime:
|
|
description: |-
|
|
Last time the condition transitioned from one status to another.
|
|
This should be when the underlying condition changed. If that is not known, then using the time when
|
|
the API field changed is acceptable.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: |-
|
|
A human readable message indicating details about the transition.
|
|
This field may be empty.
|
|
type: string
|
|
reason:
|
|
description: |-
|
|
The reason for the condition's last transition in CamelCase.
|
|
The specific API may choose whether or not this field is considered a guaranteed API.
|
|
This field may not be empty.
|
|
type: string
|
|
severity:
|
|
description: |-
|
|
Severity provides an explicit classification of Reason code, so the users or machines can immediately
|
|
understand the current situation and act accordingly.
|
|
The Severity field MUST be set only when Status=False.
|
|
type: string
|
|
status:
|
|
description: Status of the condition, one of True, False, Unknown.
|
|
type: string
|
|
type:
|
|
description: |-
|
|
Type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
|
|
can be useful (see .node.status.conditions), the ability to deconflict is important.
|
|
type: string
|
|
required:
|
|
- lastTransitionTime
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
dataSecretName:
|
|
description: DataSecretName is the name of the secret that stores
|
|
the bootstrap data script.
|
|
type: string
|
|
failureMessage:
|
|
description: FailureMessage will be set on non-retryable errors.
|
|
type: string
|
|
failureReason:
|
|
description: FailureReason will be set on non-retryable errors.
|
|
type: string
|
|
initialized:
|
|
description: Initialized indicates the target cluster has completed
|
|
initialization.
|
|
type: boolean
|
|
observedGeneration:
|
|
description: ObservedGeneration is the latest generation observed
|
|
by the controller.
|
|
format: int64
|
|
type: integer
|
|
ready:
|
|
description: Ready indicates the BootstrapData field is ready to be
|
|
consumed.
|
|
type: boolean
|
|
readyReplicas:
|
|
description: ReadyReplicas is the number of replicas current attached
|
|
to this ControlPlane Resource and that have Ready Status.
|
|
format: int32
|
|
type: integer
|
|
replicas:
|
|
description: Replicas is the number of replicas current attached to
|
|
this ControlPlane Resource.
|
|
format: int32
|
|
type: integer
|
|
unavailableReplicas:
|
|
description: UnavailableReplicas is the number of replicas current
|
|
attached to this ControlPlane Resource and that are up-to-date with
|
|
Control Plane config.
|
|
format: int32
|
|
type: integer
|
|
updatedReplicas:
|
|
description: UpdatedReplicas is the number of replicas current attached
|
|
to this ControlPlane Resource and that are up-to-date with Control
|
|
Plane config.
|
|
format: int32
|
|
type: integer
|
|
version:
|
|
description: |-
|
|
Version represents the minimum Kubernetes version for the control plane machines
|
|
in the cluster.
|
|
type: string
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
|
|
controller-gen.kubebuilder.io/version: v0.14.0
|
|
labels:
|
|
cluster.x-k8s.io/provider: control-plane-rke2
|
|
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
|
|
name: rke2controlplanetemplates.controlplane.cluster.x-k8s.io
|
|
spec:
|
|
conversion:
|
|
strategy: Webhook
|
|
webhook:
|
|
clientConfig:
|
|
caBundle: Cg==
|
|
service:
|
|
name: rke2-control-plane-webhook-service
|
|
namespace: rke2-control-plane-system
|
|
path: /convert
|
|
conversionReviewVersions:
|
|
- v1
|
|
- v1beta1
|
|
group: controlplane.cluster.x-k8s.io
|
|
names:
|
|
categories:
|
|
- cluster-api
|
|
kind: RKE2ControlPlaneTemplate
|
|
listKind: RKE2ControlPlaneTemplateList
|
|
plural: rke2controlplanetemplates
|
|
shortNames:
|
|
- rke2ct
|
|
singular: rke2controlplanetemplate
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: RKE2ControlPlaneTemplate is the Schema for the rke2controlplanetemplates
|
|
API.
|
|
properties:
|
|
apiVersion:
|
|
description: |-
|
|
APIVersion defines the versioned schema of this representation of an object.
|
|
Servers should convert recognized schemas to the latest internal value, and
|
|
may reject unrecognized values.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind is a string value representing the REST resource this object represents.
|
|
Servers may infer this from the endpoint the client submits requests to.
|
|
Cannot be updated.
|
|
In CamelCase.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: RKE2ControlPlaneTemplateSpec defines the desired state of
|
|
RKE2ControlPlaneTemplate.
|
|
type: object
|
|
status:
|
|
description: RKE2ControlPlaneTemplateStatus defines the observed state
|
|
of RKE2ControlPlaneTemplate.
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: false
|
|
subresources:
|
|
status: {}
|
|
- name: v1beta1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: RKE2ControlPlaneTemplate is the Schema for the rke2controlplanetemplates
|
|
API.
|
|
properties:
|
|
apiVersion:
|
|
description: |-
|
|
APIVersion defines the versioned schema of this representation of an object.
|
|
Servers should convert recognized schemas to the latest internal value, and
|
|
may reject unrecognized values.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind is a string value representing the REST resource this object represents.
|
|
Servers may infer this from the endpoint the client submits requests to.
|
|
Cannot be updated.
|
|
In CamelCase.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: Spec is the control plane specification for the template
|
|
resource.
|
|
properties:
|
|
template:
|
|
description: RKE2ControlPlaneTemplateResource contains spec for RKE2ControlPlaneTemplate.
|
|
properties:
|
|
spec:
|
|
description: Spec is the specification of the desired behavior
|
|
of the control plane.
|
|
properties:
|
|
agentConfig:
|
|
description: AgentConfig specifies configuration for the agent
|
|
nodes.
|
|
properties:
|
|
additionalUserData:
|
|
description: |-
|
|
AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the
|
|
generated cloud-init/ignition script.
|
|
properties:
|
|
config:
|
|
description: |-
|
|
In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
|
|
NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp".
|
|
type: string
|
|
data:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
Data allows to pass arbitrary set of key/value pairs consistent with
|
|
https://cloudinit.readthedocs.io/en/latest/reference/modules.html
|
|
to extend existing cloud-init configuration
|
|
type: object
|
|
strict:
|
|
description: Strict controls if Config should be strictly
|
|
parsed. If so, warnings are treated as errors.
|
|
type: boolean
|
|
type: object
|
|
x-kubernetes-validations:
|
|
- message: Only config or data could be populated at once
|
|
rule: '!has(self.data) || !has(self.config)'
|
|
airGapped:
|
|
description: |-
|
|
AirGapped is a boolean value to define if the bootstrapping should be air-gapped,
|
|
basically supposing that online container registries and RKE2 install scripts are not reachable.
|
|
type: boolean
|
|
airGappedChecksum:
|
|
description: |-
|
|
AirGappedChecksum is a string value with a sha256sum checksum to compare with checksum
|
|
of existing sha256sum-<arch>.txt file for packages already available on the machine
|
|
before performing air-gapped installation.
|
|
type: string
|
|
cisProfile:
|
|
description: CISProfile activates CIS compliance of RKE2
|
|
for a certain profile
|
|
enum:
|
|
- cis
|
|
- cis-1.23
|
|
- cis-1.5
|
|
- cis-1.6
|
|
type: string
|
|
containerRuntimeEndpoint:
|
|
description: ContainerRuntimeEndpoint Disable embedded
|
|
containerd and use alternative CRI implementation.
|
|
type: string
|
|
dataDir:
|
|
description: DataDir Folder to hold state.
|
|
type: string
|
|
enableContainerdSElinux:
|
|
description: |-
|
|
EnableContainerdSElinux defines the policy for enabling SELinux for Containerd
|
|
if value is true, Containerd will run with selinux-enabled=true flag
|
|
if value is false, Containerd will run without the above flag
|
|
type: boolean
|
|
format:
|
|
description: Format specifies the output format of the
|
|
bootstrap data. Defaults to cloud-config.
|
|
enum:
|
|
- cloud-config
|
|
- ignition
|
|
type: string
|
|
imageCredentialProviderConfigMap:
|
|
description: |-
|
|
ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config
|
|
The config map should contain a key "credential-config.yaml" with YAML file content and
|
|
a key "credential-provider-binaries" with the a path to the binaries for the credential provider.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
kubeProxy:
|
|
description: KubeProxyArgs Customized flag for kube-proxy
|
|
process.
|
|
properties:
|
|
extraArgs:
|
|
description: 'ExtraArgs is a list of command line
|
|
arguments (format: flag=value) to pass to a Kubernetes
|
|
Component command.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
extraEnv:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraEnv is a map of environment variables
|
|
to pass on to a Kubernetes Component command.
|
|
type: object
|
|
extraMounts:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraMounts is a map of volume mounts
|
|
to be added for the Kubernetes component StaticPod
|
|
type: object
|
|
overrideImage:
|
|
description: OverrideImage is a string that references
|
|
a container image to override the default one for
|
|
the Kubernetes Component
|
|
type: string
|
|
type: object
|
|
kubelet:
|
|
description: KubeletArgs Customized flag for kubelet process.
|
|
properties:
|
|
extraArgs:
|
|
description: 'ExtraArgs is a list of command line
|
|
arguments (format: flag=value) to pass to a Kubernetes
|
|
Component command.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
extraEnv:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraEnv is a map of environment variables
|
|
to pass on to a Kubernetes Component command.
|
|
type: object
|
|
extraMounts:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraMounts is a map of volume mounts
|
|
to be added for the Kubernetes component StaticPod
|
|
type: object
|
|
overrideImage:
|
|
description: OverrideImage is a string that references
|
|
a container image to override the default one for
|
|
the Kubernetes Component
|
|
type: string
|
|
type: object
|
|
kubeletPath:
|
|
description: KubeletPath Override kubelet binary path.
|
|
type: string
|
|
loadBalancerPort:
|
|
description: |-
|
|
LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are
|
|
not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444).
|
|
type: integer
|
|
nodeAnnotations:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
NodeAnnotations are annotations that are created on nodes post bootstrap phase.
|
|
Unfortunately it is not possible to apply annotations via kubelet
|
|
using current bootstrap configurations.
|
|
Issue: https://github.com/kubernetes/kubernetes/issues/108046
|
|
type: object
|
|
nodeLabels:
|
|
description: NodeLabels Registering and starting kubelet
|
|
with set of labels.
|
|
items:
|
|
type: string
|
|
type: array
|
|
nodeName:
|
|
description: NodeNamePrefix Prefix to the Node Name that
|
|
CAPI will generate.
|
|
type: string
|
|
nodeTaints:
|
|
description: NodeTaints Registering kubelet with set of
|
|
taints.
|
|
items:
|
|
type: string
|
|
type: array
|
|
ntp:
|
|
description: NTP specifies NTP configuration
|
|
properties:
|
|
enabled:
|
|
description: Enabled specifies whether NTP should
|
|
be enabled
|
|
type: boolean
|
|
servers:
|
|
description: Servers specifies which NTP servers to
|
|
use
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
podSecurityAdmissionConfigFile:
|
|
description: |-
|
|
PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through
|
|
spec.Files field.
|
|
type: string
|
|
protectKernelDefaults:
|
|
description: |-
|
|
ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
|
|
if false, kernel tunable can be different from kubelet defaults
|
|
type: boolean
|
|
resolvConf:
|
|
description: ResolvConf is a reference to a ConfigMap
|
|
containing resolv.conf content for the node.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
runtimeImage:
|
|
description: RuntimeImage override image to use for runtime
|
|
binaries (containerd, kubectl, crictl, etc).
|
|
type: string
|
|
snapshotter:
|
|
description: 'Snapshotter override default containerd
|
|
snapshotter (default: "overlayfs").'
|
|
type: string
|
|
systemDefaultRegistry:
|
|
description: SystemDefaultRegistry Private registry to
|
|
be used for all system images.
|
|
type: string
|
|
type: object
|
|
files:
|
|
description: Files specifies extra files to be passed to user_data
|
|
upon creation.
|
|
items:
|
|
description: File defines the input for generating write_files
|
|
in cloud-init.
|
|
properties:
|
|
content:
|
|
description: Content is the actual content of the file.
|
|
type: string
|
|
contentFrom:
|
|
description: ContentFrom is a referenced source of content
|
|
to populate the file.
|
|
properties:
|
|
secret:
|
|
description: SecretFileSource represents a secret
|
|
that should populate this file.
|
|
properties:
|
|
key:
|
|
description: Key is the key in the secret's
|
|
data map for this value.
|
|
type: string
|
|
name:
|
|
description: Name of the secret in the RKE2BootstrapConfig's
|
|
namespace to use.
|
|
type: string
|
|
required:
|
|
- key
|
|
- name
|
|
type: object
|
|
required:
|
|
- secret
|
|
type: object
|
|
encoding:
|
|
description: Encoding specifies the encoding of the
|
|
file contents.
|
|
enum:
|
|
- base64
|
|
- gzip
|
|
- gzip+base64
|
|
type: string
|
|
owner:
|
|
description: Owner specifies the ownership of the file,
|
|
e.g. "root:root".
|
|
type: string
|
|
path:
|
|
description: Path specifies the full path on disk where
|
|
to store the file.
|
|
type: string
|
|
permissions:
|
|
description: Permissions specifies the permissions to
|
|
assign to the file, e.g. "0640".
|
|
type: string
|
|
required:
|
|
- path
|
|
type: object
|
|
type: array
|
|
infrastructureRef:
|
|
description: |-
|
|
InfrastructureRef is a required reference to a custom resource
|
|
offered by an infrastructure provider.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
machineTemplate:
|
|
description: |-
|
|
MachineTemplate contains information about how machines
|
|
should be shaped when creating or updating a control plane.
|
|
properties:
|
|
infrastructureRef:
|
|
description: |-
|
|
InfrastructureRef is a required reference to a custom resource
|
|
offered by an infrastructure provider.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
metadata:
|
|
description: |-
|
|
Standard object's metadata.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
|
|
properties:
|
|
annotations:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
Annotations is an unstructured key value map stored with a resource that may be
|
|
set by external tools to store and retrieve arbitrary metadata. They are not
|
|
queryable and should be preserved when modifying objects.
|
|
More info: http://kubernetes.io/docs/user-guide/annotations
|
|
type: object
|
|
labels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
Map of string keys and values that can be used to organize and categorize
|
|
(scope and select) objects. May match selectors of replication controllers
|
|
and services.
|
|
More info: http://kubernetes.io/docs/user-guide/labels
|
|
type: object
|
|
type: object
|
|
nodeDrainTimeout:
|
|
description: |-
|
|
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
|
|
The default value is 0, meaning that the node can be drained without any time limitations.
|
|
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
|
|
type: string
|
|
required:
|
|
- infrastructureRef
|
|
type: object
|
|
manifestsConfigMapReference:
|
|
description: |-
|
|
ManifestsConfigMapReference references a ConfigMap which contains Kubernetes manifests to be deployed automatically on the cluster
|
|
Each data entry in the ConfigMap will be will be copied to a folder on the control plane nodes that RKE2 scans and uses to deploy manifests.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
nodeDrainTimeout:
|
|
description: |-
|
|
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
|
|
The default value is 0, meaning that the node can be drained without any time limitations.
|
|
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
|
|
type: string
|
|
postRKE2Commands:
|
|
description: PostRKE2Commands specifies extra commands to
|
|
run after rke2 setup runs.
|
|
items:
|
|
type: string
|
|
type: array
|
|
preRKE2Commands:
|
|
description: PreRKE2Commands specifies extra commands to run
|
|
before rke2 setup runs.
|
|
items:
|
|
type: string
|
|
type: array
|
|
privateRegistriesConfig:
|
|
description: PrivateRegistriesConfig defines the containerd
|
|
configuration for private registries and local registry
|
|
mirrors.
|
|
properties:
|
|
configs:
|
|
additionalProperties:
|
|
description: RegistryConfig contains configuration used
|
|
to communicate with the registry.
|
|
properties:
|
|
authSecret:
|
|
description: |-
|
|
Auth is a reference to a Secret containing information to authenticate to the registry.
|
|
The Secret must provite a username and a password data entry.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
tls:
|
|
description: |-
|
|
TLS is a pair of CA/Cert/Key which then are used when creating the transport
|
|
that communicates with the registry.
|
|
properties:
|
|
insecureSkipVerify:
|
|
description: InsecureSkipVerify may be set to
|
|
false to skip verifying the registry's certificate,
|
|
default is true.
|
|
type: boolean
|
|
tlsConfigSecret:
|
|
description: |-
|
|
TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt
|
|
which describe the TLS configuration necessary to connect to the registry.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: object
|
|
type: object
|
|
description: |-
|
|
Configs are configs for each registry.
|
|
The key is the FDQN or IP of the registry.
|
|
type: object
|
|
mirrors:
|
|
additionalProperties:
|
|
description: Mirror contains the config related to the
|
|
registry mirror.
|
|
properties:
|
|
endpoint:
|
|
description: |-
|
|
Endpoints are endpoints for a namespace. CRI plugin will try the endpoints
|
|
one by one until a working one is found. The endpoint must be a valid url
|
|
with host specified.
|
|
The scheme, host and path from the endpoint URL will be used.
|
|
items:
|
|
type: string
|
|
type: array
|
|
rewrite:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
Rewrites are repository rewrite rules for a namespace. When fetching image resources
|
|
from an endpoint and a key matches the repository via regular expression matching
|
|
it will be replaced with the corresponding value from the map in the resource request.
|
|
type: object
|
|
type: object
|
|
description: Mirrors are namespace to mirror mapping for
|
|
all namespaces.
|
|
type: object
|
|
type: object
|
|
registrationAddress:
|
|
description: |-
|
|
RegistrationAddress is an explicit address to use when registering a node. This is required if
|
|
the registration type is "address". Its for scenarios where a load-balancer or VIP is used.
|
|
type: string
|
|
registrationMethod:
|
|
description: RegistrationMethod is the method to use for registering
|
|
nodes into the RKE2 cluster.
|
|
enum:
|
|
- internal-first
|
|
- internal-only-ips
|
|
- external-only-ips
|
|
- address
|
|
- control-plane-endpoint
|
|
- ""
|
|
type: string
|
|
replicas:
|
|
description: Replicas is the number of replicas for the Control
|
|
Plane.
|
|
format: int32
|
|
type: integer
|
|
rolloutStrategy:
|
|
description: The RolloutStrategy to use to replace control
|
|
plane machines with new ones.
|
|
properties:
|
|
rollingUpdate:
|
|
description: Rolling update config params. Present only
|
|
if RolloutStrategyType = RollingUpdate.
|
|
properties:
|
|
maxSurge:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: |-
|
|
The maximum number of control planes that can be scheduled above or under the
|
|
desired number of control planes.
|
|
Value can be an absolute number 1 or 0.
|
|
Defaults to 1.
|
|
Example: when this is set to 1, the control plane can be scaled
|
|
up immediately when the rolling update starts.
|
|
x-kubernetes-int-or-string: true
|
|
type: object
|
|
type:
|
|
description: |-
|
|
Type of rollout. Currently the only supported strategy is "RollingUpdate".
|
|
Default is RollingUpdate.
|
|
type: string
|
|
type: object
|
|
serverConfig:
|
|
description: ServerConfig specifies configuration for the
|
|
agent nodes.
|
|
properties:
|
|
advertiseAddress:
|
|
description: 'AdvertiseAddress IP address that apiserver
|
|
uses to advertise to members of the cluster (default:
|
|
node-external-ip/node-ip).'
|
|
type: string
|
|
auditPolicySecret:
|
|
description: AuditPolicySecret path to the file that defines
|
|
the audit policy configuration.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
bindAddress:
|
|
description: 'BindAddress describes the rke2 bind address
|
|
(default: 0.0.0.0).'
|
|
type: string
|
|
cloudControllerManager:
|
|
description: CloudControllerManager defines optional custom
|
|
configuration of the Cloud Controller Manager.
|
|
properties:
|
|
extraArgs:
|
|
description: 'ExtraArgs is a list of command line
|
|
arguments (format: flag=value) to pass to a Kubernetes
|
|
Component command.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
extraEnv:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraEnv is a map of environment variables
|
|
to pass on to a Kubernetes Component command.
|
|
type: object
|
|
extraMounts:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraMounts is a map of volume mounts
|
|
to be added for the Kubernetes component StaticPod
|
|
type: object
|
|
overrideImage:
|
|
description: OverrideImage is a string that references
|
|
a container image to override the default one for
|
|
the Kubernetes Component
|
|
type: string
|
|
type: object
|
|
cloudProviderConfigMap:
|
|
description: |-
|
|
CloudProviderConfigMap is a reference to a ConfigMap containing Cloud provider configuration.
|
|
The config map must contain a key named cloud-config.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
cloudProviderName:
|
|
description: CloudProviderName cloud provider name.
|
|
type: string
|
|
clusterDNS:
|
|
description: 'ClusterDNS is the cluster IP for CoreDNS
|
|
service. Should be in your service-cidr range (default:
|
|
10.43.0.10).'
|
|
type: string
|
|
clusterDomain:
|
|
description: 'ClusterDomain is the cluster domain name
|
|
(default: "cluster.local").'
|
|
type: string
|
|
cni:
|
|
description: |-
|
|
CNI describes the CNI Plugins to deploy, one of none, calico, canal, cilium;
|
|
optionally with multus as the first value to enable the multus meta-plugin (default: canal).
|
|
enum:
|
|
- none
|
|
- calico
|
|
- canal
|
|
- cilium
|
|
type: string
|
|
cniMultusEnable:
|
|
description: |-
|
|
CNIMultusEnable enables multus as the first CNI plugin (default: false).
|
|
This option will automatically make Multus a primary CNI, and the value, if specified in the CNI field, as a secondary CNI plugin.
|
|
type: boolean
|
|
disableComponents:
|
|
description: DisableComponents lists Kubernetes components
|
|
and RKE2 plugin components that will be disabled.
|
|
properties:
|
|
kubernetesComponents:
|
|
description: KubernetesComponents is a list of Kubernetes
|
|
components to disable.
|
|
items:
|
|
description: 'DisabledKubernetesComponent is an
|
|
enum field that can take one of the following
|
|
values: scheduler, kubeProxy or cloudController.'
|
|
enum:
|
|
- scheduler
|
|
- kubeProxy
|
|
- cloudController
|
|
type: string
|
|
type: array
|
|
pluginComponents:
|
|
description: PluginComponents is a list of PluginComponents
|
|
to disable.
|
|
items:
|
|
description: DisabledPluginComponent selects a plugin
|
|
Components to be disabled.
|
|
enum:
|
|
- rke2-coredns
|
|
- rke2-ingress-nginx
|
|
- rke2-metrics-server
|
|
type: string
|
|
type: array
|
|
type: object
|
|
etcd:
|
|
description: Etcd defines optional custom configuration
|
|
of ETCD.
|
|
properties:
|
|
backupConfig:
|
|
description: 'BackupConfig defines how RKE2 will snapshot
|
|
ETCD: target storage, schedule, etc.'
|
|
properties:
|
|
directory:
|
|
description: Directory to save db snapshots.
|
|
type: string
|
|
disableAutomaticSnapshots:
|
|
description: |-
|
|
DisableAutomaticSnapshots defines the policy for ETCD snapshots.
|
|
true means automatic snapshots will be scheduled, false means automatic snapshots will not be scheduled.
|
|
type: boolean
|
|
retention:
|
|
description: 'Retention Number of snapshots to
|
|
retain Default: 5 (default: 5).'
|
|
type: string
|
|
s3:
|
|
description: S3 Enable backup to an S3-compatible
|
|
Object Store.
|
|
properties:
|
|
bucket:
|
|
description: Bucket S3 bucket name.
|
|
type: string
|
|
endpoint:
|
|
description: 'Endpoint S3 endpoint url (default:
|
|
"s3.amazonaws.com").'
|
|
type: string
|
|
endpointCAsecret:
|
|
description: |-
|
|
EndpointCA references the Secret that contains a custom CA that should be trusted to connect to S3 endpoint.
|
|
The secret must contain a key named "ca.pem" that contains the CA certificate.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
enforceSslVerify:
|
|
description: EnforceSSLVerify may be set to
|
|
false to skip verifying the registry's certificate,
|
|
default is true.
|
|
type: boolean
|
|
folder:
|
|
description: Folder S3 folder.
|
|
type: string
|
|
region:
|
|
description: 'Region S3 region / bucket location
|
|
(optional) (default: "us-east-1").'
|
|
type: string
|
|
s3CredentialSecret:
|
|
description: |-
|
|
S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket.
|
|
The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key".
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
required:
|
|
- endpoint
|
|
- s3CredentialSecret
|
|
type: object
|
|
scheduleCron:
|
|
description: 'ScheduleCron Snapshot interval time
|
|
in cron spec. eg. every 5 hours ''* */5 * *
|
|
*'' (default: "0 */12 * * *").'
|
|
type: string
|
|
snapshotName:
|
|
description: 'SnapshotName Set the base name of
|
|
etcd snapshots. Default: etcd-snapshot-<unix-timestamp>
|
|
(default: "etcd-snapshot").'
|
|
type: string
|
|
type: object
|
|
customConfig:
|
|
description: CustomConfig defines the custom settings
|
|
for ETCD.
|
|
properties:
|
|
extraArgs:
|
|
description: 'ExtraArgs is a list of command line
|
|
arguments (format: flag=value) to pass to a
|
|
Kubernetes Component command.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
extraEnv:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraEnv is a map of environment
|
|
variables to pass on to a Kubernetes Component
|
|
command.
|
|
type: object
|
|
extraMounts:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraMounts is a map of volume mounts
|
|
to be added for the Kubernetes component StaticPod
|
|
type: object
|
|
overrideImage:
|
|
description: OverrideImage is a string that references
|
|
a container image to override the default one
|
|
for the Kubernetes Component
|
|
type: string
|
|
type: object
|
|
exposeMetrics:
|
|
description: |-
|
|
ExposeEtcdMetrics defines the policy for ETCD Metrics exposure.
|
|
if value is true, ETCD metrics will be exposed
|
|
if value is false, ETCD metrics will NOT be exposed
|
|
type: boolean
|
|
type: object
|
|
kubeAPIServer:
|
|
description: KubeAPIServer defines optional custom configuration
|
|
of the Kube API Server.
|
|
properties:
|
|
extraArgs:
|
|
description: 'ExtraArgs is a list of command line
|
|
arguments (format: flag=value) to pass to a Kubernetes
|
|
Component command.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
extraEnv:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraEnv is a map of environment variables
|
|
to pass on to a Kubernetes Component command.
|
|
type: object
|
|
extraMounts:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraMounts is a map of volume mounts
|
|
to be added for the Kubernetes component StaticPod
|
|
type: object
|
|
overrideImage:
|
|
description: OverrideImage is a string that references
|
|
a container image to override the default one for
|
|
the Kubernetes Component
|
|
type: string
|
|
type: object
|
|
kubeControllerManager:
|
|
description: KubeControllerManager defines optional custom
|
|
configuration of the Kube Controller Manager.
|
|
properties:
|
|
extraArgs:
|
|
description: 'ExtraArgs is a list of command line
|
|
arguments (format: flag=value) to pass to a Kubernetes
|
|
Component command.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
extraEnv:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraEnv is a map of environment variables
|
|
to pass on to a Kubernetes Component command.
|
|
type: object
|
|
extraMounts:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraMounts is a map of volume mounts
|
|
to be added for the Kubernetes component StaticPod
|
|
type: object
|
|
overrideImage:
|
|
description: OverrideImage is a string that references
|
|
a container image to override the default one for
|
|
the Kubernetes Component
|
|
type: string
|
|
type: object
|
|
kubeScheduler:
|
|
description: KubeScheduler defines optional custom configuration
|
|
of the Kube Scheduler.
|
|
properties:
|
|
extraArgs:
|
|
description: 'ExtraArgs is a list of command line
|
|
arguments (format: flag=value) to pass to a Kubernetes
|
|
Component command.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
extraEnv:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraEnv is a map of environment variables
|
|
to pass on to a Kubernetes Component command.
|
|
type: object
|
|
extraMounts:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraMounts is a map of volume mounts
|
|
to be added for the Kubernetes component StaticPod
|
|
type: object
|
|
overrideImage:
|
|
description: OverrideImage is a string that references
|
|
a container image to override the default one for
|
|
the Kubernetes Component
|
|
type: string
|
|
type: object
|
|
pauseImage:
|
|
description: PauseImage Override image to use for pause.
|
|
type: string
|
|
serviceNodePortRange:
|
|
description: 'ServiceNodePortRange is the port range to
|
|
reserve for services with NodePort visibility (default:
|
|
"30000-32767").'
|
|
type: string
|
|
tlsSan:
|
|
description: TLSSan Add additional hostname or IP as a
|
|
Subject Alternative Name in the TLS cert.
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
version:
|
|
description: |-
|
|
Version defines the desired Kubernetes version.
|
|
This field takes precedence over RKE2ConfigSpec.AgentConfig.Version (which is deprecated).
|
|
pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$
|
|
type: string
|
|
required:
|
|
- infrastructureRef
|
|
- rolloutStrategy
|
|
type: object
|
|
required:
|
|
- spec
|
|
type: object
|
|
required:
|
|
- template
|
|
type: object
|
|
status:
|
|
description: Status is the current state of the control plane.
|
|
properties:
|
|
availableServerIPs:
|
|
description: AvailableServerIPs is a list of the Control Plane IP
|
|
adds that can be used to register further nodes.
|
|
items:
|
|
type: string
|
|
type: array
|
|
conditions:
|
|
description: Conditions defines current service state of the RKE2Config.
|
|
items:
|
|
description: Condition defines an observation of a Cluster API resource
|
|
operational state.
|
|
properties:
|
|
lastTransitionTime:
|
|
description: |-
|
|
Last time the condition transitioned from one status to another.
|
|
This should be when the underlying condition changed. If that is not known, then using the time when
|
|
the API field changed is acceptable.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: |-
|
|
A human readable message indicating details about the transition.
|
|
This field may be empty.
|
|
type: string
|
|
reason:
|
|
description: |-
|
|
The reason for the condition's last transition in CamelCase.
|
|
The specific API may choose whether or not this field is considered a guaranteed API.
|
|
This field may not be empty.
|
|
type: string
|
|
severity:
|
|
description: |-
|
|
Severity provides an explicit classification of Reason code, so the users or machines can immediately
|
|
understand the current situation and act accordingly.
|
|
The Severity field MUST be set only when Status=False.
|
|
type: string
|
|
status:
|
|
description: Status of the condition, one of True, False, Unknown.
|
|
type: string
|
|
type:
|
|
description: |-
|
|
Type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
|
|
can be useful (see .node.status.conditions), the ability to deconflict is important.
|
|
type: string
|
|
required:
|
|
- lastTransitionTime
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
dataSecretName:
|
|
description: DataSecretName is the name of the secret that stores
|
|
the bootstrap data script.
|
|
type: string
|
|
failureMessage:
|
|
description: FailureMessage will be set on non-retryable errors.
|
|
type: string
|
|
failureReason:
|
|
description: FailureReason will be set on non-retryable errors.
|
|
type: string
|
|
initialized:
|
|
description: Initialized indicates the target cluster has completed
|
|
initialization.
|
|
type: boolean
|
|
observedGeneration:
|
|
description: ObservedGeneration is the latest generation observed
|
|
by the controller.
|
|
format: int64
|
|
type: integer
|
|
ready:
|
|
description: Ready indicates the BootstrapData field is ready to be
|
|
consumed.
|
|
type: boolean
|
|
readyReplicas:
|
|
description: ReadyReplicas is the number of replicas current attached
|
|
to this ControlPlane Resource and that have Ready Status.
|
|
format: int32
|
|
type: integer
|
|
replicas:
|
|
description: Replicas is the number of replicas current attached to
|
|
this ControlPlane Resource.
|
|
format: int32
|
|
type: integer
|
|
unavailableReplicas:
|
|
description: UnavailableReplicas is the number of replicas current
|
|
attached to this ControlPlane Resource and that are up-to-date with
|
|
Control Plane config.
|
|
format: int32
|
|
type: integer
|
|
updatedReplicas:
|
|
description: UpdatedReplicas is the number of replicas current attached
|
|
to this ControlPlane Resource and that are up-to-date with Control
|
|
Plane config.
|
|
format: int32
|
|
type: integer
|
|
version:
|
|
description: |-
|
|
Version represents the minimum Kubernetes version for the control plane machines
|
|
in the cluster.
|
|
type: string
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
labels:
|
|
cluster.x-k8s.io/provider: control-plane-rke2
|
|
name: rke2-control-plane-manager
|
|
namespace: rke2-control-plane-system
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
labels:
|
|
cluster.x-k8s.io/provider: control-plane-rke2
|
|
name: rke2-control-plane-leader-election-role
|
|
namespace: rke2-control-plane-system
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- configmaps
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- update
|
|
- patch
|
|
- delete
|
|
- apiGroups:
|
|
- coordination.k8s.io
|
|
resources:
|
|
- leases
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- update
|
|
- patch
|
|
- delete
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- events
|
|
verbs:
|
|
- create
|
|
- patch
|
|
---
|
|
aggregationRule:
|
|
clusterRoleSelectors:
|
|
- matchLabels:
|
|
rke2.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true"
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
labels:
|
|
cluster.x-k8s.io/provider: control-plane-rke2
|
|
name: rke2-control-plane-aggregated-manager-role
|
|
rules: []
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
labels:
|
|
cluster.x-k8s.io/provider: control-plane-rke2
|
|
rke2.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true"
|
|
name: rke2-control-plane-manager-role
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- configmaps
|
|
- events
|
|
- secrets
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- authentication.k8s.io
|
|
resources:
|
|
- tokenreviews
|
|
verbs:
|
|
- create
|
|
- apiGroups:
|
|
- authorization.k8s.io
|
|
resources:
|
|
- subjectaccessreviews
|
|
verbs:
|
|
- create
|
|
- apiGroups:
|
|
- bootstrap.cluster.x-k8s.io
|
|
resources:
|
|
- rke2configs
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- watch
|
|
- apiGroups:
|
|
- cluster.x-k8s.io
|
|
resources:
|
|
- clusters
|
|
- clusters/status
|
|
- machinepools
|
|
- machinepools/status
|
|
- machines
|
|
- machines/status
|
|
- machinesets
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- controlplane.cluster.x-k8s.io
|
|
resources:
|
|
- rke2controlplanes
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- controlplane.cluster.x-k8s.io
|
|
resources:
|
|
- rke2controlplanes/finalizers
|
|
verbs:
|
|
- update
|
|
- apiGroups:
|
|
- controlplane.cluster.x-k8s.io
|
|
resources:
|
|
- rke2controlplanes/status
|
|
verbs:
|
|
- get
|
|
- patch
|
|
- update
|
|
- apiGroups:
|
|
- infrastructure.cluster.x-k8s.io
|
|
resources:
|
|
- '*'
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- watch
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
labels:
|
|
cluster.x-k8s.io/provider: control-plane-rke2
|
|
name: rke2-control-plane-leader-election-rolebinding
|
|
namespace: rke2-control-plane-system
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: rke2-control-plane-leader-election-role
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: rke2-control-plane-manager
|
|
namespace: rke2-control-plane-system
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
labels:
|
|
cluster.x-k8s.io/provider: control-plane-rke2
|
|
name: rke2-control-plane-manager-rolebinding
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: rke2-control-plane-aggregated-manager-role
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: rke2-control-plane-manager
|
|
namespace: rke2-control-plane-system
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
labels:
|
|
cluster.x-k8s.io/provider: control-plane-rke2
|
|
name: rke2-control-plane-webhook-service
|
|
namespace: rke2-control-plane-system
|
|
spec:
|
|
ports:
|
|
- port: 443
|
|
targetPort: webhook-server
|
|
selector:
|
|
cluster.x-k8s.io/provider: control-plane-rke2
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
cluster.x-k8s.io/provider: control-plane-rke2
|
|
control-plane: controller-manager
|
|
name: rke2-control-plane-controller-manager
|
|
namespace: rke2-control-plane-system
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
cluster.x-k8s.io/provider: control-plane-rke2
|
|
control-plane: controller-manager
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
kubectl.kubernetes.io/default-container: manager
|
|
labels:
|
|
cluster.x-k8s.io/provider: control-plane-rke2
|
|
control-plane: controller-manager
|
|
spec:
|
|
containers:
|
|
- args:
|
|
- --leader-elect
|
|
- --diagnostics-address=${CAPRKE2_DIAGNOSTICS_ADDRESS:=:8443}
|
|
- --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
|
|
command:
|
|
- /manager
|
|
env:
|
|
- name: POD_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
- name: POD_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.name
|
|
- name: POD_UID
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.uid
|
|
image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.8.0
|
|
imagePullPolicy: IfNotPresent
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: healthz
|
|
name: manager
|
|
ports:
|
|
- containerPort: 9443
|
|
name: webhook-server
|
|
protocol: TCP
|
|
- containerPort: 9440
|
|
name: healthz
|
|
protocol: TCP
|
|
- containerPort: 8443
|
|
name: metrics
|
|
protocol: TCP
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /readyz
|
|
port: healthz
|
|
resources:
|
|
limits:
|
|
cpu: 500m
|
|
memory: 256Mi
|
|
requests:
|
|
cpu: 10m
|
|
memory: 64Mi
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
privileged: false
|
|
runAsGroup: 65532
|
|
runAsUser: 65532
|
|
volumeMounts:
|
|
- mountPath: /tmp/k8s-webhook-server/serving-certs
|
|
name: cert
|
|
readOnly: true
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
serviceAccountName: rke2-control-plane-manager
|
|
terminationGracePeriodSeconds: 10
|
|
tolerations:
|
|
- effect: NoSchedule
|
|
key: node-role.kubernetes.io/master
|
|
- effect: NoSchedule
|
|
key: node-role.kubernetes.io/control-plane
|
|
volumes:
|
|
- name: cert
|
|
secret:
|
|
secretName: rke2-control-plane-webhook-service-cert
|
|
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
labels:
|
|
cluster.x-k8s.io/provider: control-plane-rke2
|
|
name: rke2-control-plane-serving-cert
|
|
namespace: rke2-control-plane-system
|
|
spec:
|
|
dnsNames:
|
|
- rke2-control-plane-webhook-service.rke2-control-plane-system.svc
|
|
- rke2-control-plane-webhook-service.rke2-control-plane-system.svc.cluster.local
|
|
issuerRef:
|
|
kind: Issuer
|
|
name: rke2-control-plane-selfsigned-issuer
|
|
secretName: rke2-control-plane-webhook-service-cert
|
|
subject:
|
|
organizations:
|
|
- Rancher by SUSE
|
|
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Issuer
|
|
metadata:
|
|
labels:
|
|
cluster.x-k8s.io/provider: control-plane-rke2
|
|
name: rke2-control-plane-selfsigned-issuer
|
|
namespace: rke2-control-plane-system
|
|
spec:
|
|
selfSigned: {}
|
|
---
|
|
apiVersion: admissionregistration.k8s.io/v1
|
|
kind: MutatingWebhookConfiguration
|
|
metadata:
|
|
annotations:
|
|
cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
|
|
labels:
|
|
cluster.x-k8s.io/provider: control-plane-rke2
|
|
name: rke2-control-plane-mutating-webhook-configuration
|
|
webhooks:
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
name: rke2-control-plane-webhook-service
|
|
namespace: rke2-control-plane-system
|
|
path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-rke2controlplane
|
|
failurePolicy: Fail
|
|
name: mrke2controlplane.kb.io
|
|
rules:
|
|
- apiGroups:
|
|
- controlplane.cluster.x-k8s.io
|
|
apiVersions:
|
|
- v1beta1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- rke2controlplanes
|
|
sideEffects: None
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
name: rke2-control-plane-webhook-service
|
|
namespace: rke2-control-plane-system
|
|
path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-rke2controlplanetemplate
|
|
failurePolicy: Fail
|
|
name: mrke2controlplanetemplate.kb.io
|
|
rules:
|
|
- apiGroups:
|
|
- controlplane.cluster.x-k8s.io
|
|
apiVersions:
|
|
- v1beta1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- rke2controlplanetemplates
|
|
sideEffects: None
|
|
---
|
|
apiVersion: admissionregistration.k8s.io/v1
|
|
kind: ValidatingWebhookConfiguration
|
|
metadata:
|
|
annotations:
|
|
cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
|
|
labels:
|
|
cluster.x-k8s.io/provider: control-plane-rke2
|
|
name: rke2-control-plane-validating-webhook-configuration
|
|
webhooks:
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
name: rke2-control-plane-webhook-service
|
|
namespace: rke2-control-plane-system
|
|
path: /validate-controlplane-cluster-x-k8s-io-v1beta1-rke2controlplane
|
|
failurePolicy: Fail
|
|
name: vrke2controlplane.kb.io
|
|
rules:
|
|
- apiGroups:
|
|
- controlplane.cluster.x-k8s.io
|
|
apiVersions:
|
|
- v1beta1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- rke2controlplanes
|
|
sideEffects: None
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
name: rke2-control-plane-webhook-service
|
|
namespace: rke2-control-plane-system
|
|
path: /validate-controlplane-cluster-x-k8s-io-v1beta1-rke2controlplanetemplate
|
|
failurePolicy: Fail
|
|
name: vrke2controlplanetemplate.kb.io
|
|
rules:
|
|
- apiGroups:
|
|
- controlplane.cluster.x-k8s.io
|
|
apiVersions:
|
|
- v1beta1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- rke2controlplanetemplates
|
|
sideEffects: None
|
|
metadata: |
|
|
# maps release series of major.minor to cluster-api contract version
|
|
# the contract version may change between minor or major versions, but *not*
|
|
# between patch versions.
|
|
#
|
|
# update this file only when a new major or minor version is released
|
|
apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3
|
|
kind: Metadata
|
|
releaseSeries:
|
|
- major: 0
|
|
minor: 1
|
|
contract: v1beta1
|
|
- major: 0
|
|
minor: 2
|
|
contract: v1beta1
|
|
- major: 0
|
|
minor: 3
|
|
contract: v1beta1
|
|
- major: 0
|
|
minor: 4
|
|
contract: v1beta1
|
|
- major: 0
|
|
minor: 5
|
|
contract: v1beta1
|
|
- major: 0
|
|
minor: 6
|
|
contract: v1beta1
|
|
- major: 0
|
|
minor: 7
|
|
contract: v1beta1
|
|
- major: 0
|
|
minor: 8
|
|
contract: v1beta1
|
|
kind: ConfigMap
|
|
metadata:
|
|
creationTimestamp: null
|
|
name: v0.8.0
|
|
namespace: rke2-control-plane-system
|
|
labels:
|
|
provider-components: rke2-control-plane
|