diff --git a/rancher-turtles-providers-chart/Chart.yaml b/rancher-turtles-providers-chart/Chart.yaml index 95bb987..9e25483 100644 --- a/rancher-turtles-providers-chart/Chart.yaml +++ b/rancher-turtles-providers-chart/Chart.yaml @@ -1,5 +1,5 @@ -#!BuildTag: %%CHART_PREFIX%%rancher-turtles-providers:%%CHART_MAJOR%%.0.2_up0.0.0 -#!BuildTag: %%CHART_PREFIX%%rancher-turtles-providers:%%CHART_MAJOR%%.0.2_up0.0.0-%RELEASE% +#!BuildTag: %%CHART_PREFIX%%rancher-turtles-providers:%%CHART_MAJOR%%.0.3_up0.0.0 +#!BuildTag: %%CHART_PREFIX%%rancher-turtles-providers:%%CHART_MAJOR%%.0.3_up0.0.0-%RELEASE% annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: Rancher Turtles Providers for SUSE Edge @@ -21,4 +21,4 @@ keywords: - provisioning - provider name: rancher-turtles-providers -version: "%%CHART_MAJOR%%.0.2+up0.0.0" +version: "%%CHART_MAJOR%%.0.3+up0.0.0" diff --git a/rancher-turtles-providers-chart/templates/addon-fleet.yaml b/rancher-turtles-providers-chart/templates/addon-fleet.yaml index e2e73ea..7e1c735 100644 --- a/rancher-turtles-providers-chart/templates/addon-fleet.yaml +++ b/rancher-turtles-providers-chart/templates/addon-fleet.yaml @@ -102,16 +102,914 @@ spec: name: {{ index .Values "providers" "addonFleet" "configSecret" "name" }} namespace: {{ index .Values "providers" "addonFleet" "configSecret" "namespace" }} {{- end }} -{{- if index .Values "providers" "addonFleet" "fetchConfig" }} fetchConfig: - {{- if index .Values "providers" "addonFleet" "fetchConfig" "url" }} - url: {{ index .Values "providers" "addonFleet" "fetchConfig" "url" }} - {{- end }} - {{- if index .Values "providers" "addonFleet" "fetchConfig" "oci" }} - oci: {{ index .Values "providers" "addonFleet" "fetchConfig" "oci" }} - {{- end }} -{{- end }} + selector: + matchLabels: + provider-components: fleet additionalManifests: name: fleet-addon-config namespace: {{ index .Values "providers" "addonFleet" "namespace" }} +--- +apiVersion: v1 +data: + components: | + apiVersion: v1 + kind: Namespace + metadata: + labels: + cluster.x-k8s.io/provider: fleet + control-plane: controller-manager + name: caapf-system + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + labels: + cluster.x-k8s.io/provider: fleet + name: fleetaddonconfigs.addons.cluster.x-k8s.io + spec: + group: addons.cluster.x-k8s.io + names: + categories: [] + kind: FleetAddonConfig + plural: fleetaddonconfigs + shortNames: [] + singular: fleetaddonconfig + scope: Cluster + versions: + - additionalPrinterColumns: [] + name: v1alpha1 + schema: + openAPIV3Schema: + description: Auto-generated derived type for FleetAddonConfigSpec via `CustomResource` + properties: + spec: + description: This provides a config for fleet addon functionality + properties: + cluster: + description: |- + Enable Cluster config funtionality. + + This will create Fleet Cluster for each Cluster with the same name. In case the cluster specifies topology.class, the name of the `ClusterClass` will be added to the Fleet Cluster labels. + nullable: true + properties: + agentEnvVars: + description: '`AgentEnvVars` are extra environment variables to + be added to the agent deployment.' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + nullable: true + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + nullable: true + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + nullable: true + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. This field is + effectively required, but due to backwards compatibility + is allowed to be empty. Instances of this type + with an empty value here are almost certainly + wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + nullable: true + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + nullable: true + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + nullable: true + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + nullable: true + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + nullable: true + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + nullable: true + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + nullable: true + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + nullable: true + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. This field is + effectively required, but due to backwards compatibility + is allowed to be empty. Instances of this type + with an empty value here are almost certainly + wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + nullable: true + type: string + optional: + description: Specify whether the Secret or its key + must be defined + nullable: true + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + nullable: true + type: array + agentNamespace: + description: Namespace selection for the fleet agent + nullable: true + type: string + agentTolerations: + description: Agent taint toleration settings for every cluster + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + nullable: true + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + nullable: true + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + nullable: true + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + nullable: true + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + nullable: true + type: string + type: object + nullable: true + type: array + applyClassGroup: + description: Apply a `ClusterGroup` for a `ClusterClass` referenced + from a different namespace. + nullable: true + type: boolean + hostNetwork: + description: 'Host network allows to deploy agent configuration + using hostNetwork: true setting which eludes dependency on the + CNI configuration for the cluster.' + nullable: true + type: boolean + namespaceSelector: + description: Namespace label selector. If set, only clusters in + the namespace matching label selector will be imported. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + naming: + description: Naming settings for the fleet cluster + nullable: true + properties: + prefix: + description: Specify a prefix for the Cluster name, applied + to created Fleet cluster + nullable: true + type: string + suffix: + description: Specify a suffix for the Cluster name, applied + to created Fleet cluster + nullable: true + type: string + type: object + patchResource: + description: Allow to patch resources, maintaining the desired + state. If is not set, resources will only be re-created in case + of removal. + nullable: true + type: boolean + selector: + description: Cluster label selector. If set, only clusters matching + label selector will be imported. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + setOwnerReferences: + description: Setting to disable setting owner references on the + created resources + nullable: true + type: boolean + required: + - namespaceSelector + - selector + type: object + clusterClass: + description: |- + Enable clusterClass controller functionality. + + This will create Fleet `ClusterGroups` for each `ClusterClaster` with the same name. + nullable: true + properties: + patchResource: + description: Allow to patch resources, maintaining the desired + state. If is not set, resources will only be re-created in case + of removal. + nullable: true + type: boolean + setOwnerReferences: + description: Setting to disable setting owner references on the + created resources + nullable: true + type: boolean + type: object + config: + nullable: true + properties: + bootstrapLocalCluster: + description: Enable auto-installation of a fleet agent in the + local cluster. + nullable: true + type: boolean + featureGates: + description: feature gates controlling experimental features + nullable: true + properties: + configMap: + description: '`FeaturesConfigMap` references a `ConfigMap` + where to apply feature flags. If a `ConfigMap` is referenced, + the controller will update it instead of upgrading the Fleet + chart.' + nullable: true + properties: + ref: + description: ObjectReference contains enough information + to let you inspect or modify the referred object. + nullable: true + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: object + experimentalHelmOps: + description: Enables experimental Helm operations support. + type: boolean + experimentalOciStorage: + description: Enables experimental OCI storage support. + type: boolean + required: + - experimentalHelmOps + - experimentalOciStorage + type: object + server: + description: fleet server url configuration options + nullable: true + oneOf: + - required: + - inferLocal + - required: + - custom + properties: + custom: + properties: + apiServerCaConfigRef: + description: ObjectReference contains enough information + to let you inspect or modify the referred object. + nullable: true + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + apiServerUrl: + nullable: true + type: string + type: object + inferLocal: + type: boolean + type: object + type: object + install: + nullable: true + oneOf: + - required: + - followLatest + - required: + - version + properties: + followLatest: + description: Follow the latest version of the chart on install + type: boolean + version: + description: Use specific version to install + type: string + type: object + type: object + status: + nullable: true + properties: + conditions: + description: conditions represents the observations of a Fleet addon + current state. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + installedVersion: + nullable: true + type: string + type: object + required: + - spec + title: FleetAddonConfigValidated + type: object + x-kubernetes-validations: + - rule: self.metadata.name == 'fleet-addon-config' + served: true + storage: true + subresources: + status: {} + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + cluster.x-k8s.io/provider: fleet + name: caapf-controller-manager + namespace: caapf-system + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + cluster.x-k8s.io/provider: fleet + name: caapf-helm-manager + namespace: caapf-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + cluster.x-k8s.io/provider: fleet + name: caapf-leader-election-role + namespace: caapf-system + rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + cluster.x-k8s.io/provider: fleet + name: caapf-manager-role + rules: + - apiGroups: + - addons.cluster.x-k8s.io + resources: + - fleetaddonconfigs + - fleetaddonconfigs/status + verbs: + - '*' + - apiGroups: + - "" + resources: + - namespaces + verbs: + - list + - get + - watch + - create + - patch + - apiGroups: + - events.k8s.io + resources: + - events + verbs: + - create + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - patch + - list + - watch + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - bootstrap.cluster.x-k8s.io + - clusterctl.cluster.x-k8s.io + - controlplane.cluster.x-k8s.io + - infrastructure.cluster.x-k8s.io + resources: + - '*' + verbs: + - get + - list + - watch + - apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusterclasses + verbs: + - get + - list + - watch + - patch + - apiGroups: + - fleet.cattle.io + resources: + - clusters + - clustergroups + - clusterregistrationtokens + - bundlenamespacemappings + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - fleet.cattle.io + resources: + - bundlenamespacemappings + verbs: + - delete + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: fleet + name: caapf-helm-manager-rolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin + subjects: + - kind: ServiceAccount + name: caapf-helm-manager + namespace: caapf-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: fleet + name: caapf-manager-rolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: caapf-manager-role + subjects: + - kind: ServiceAccount + name: caapf-controller-manager + namespace: caapf-system + --- + apiVersion: v1 + kind: Secret + metadata: + annotations: + kubernetes.io/service-account.name: caapf-helm-manager + labels: + cluster.x-k8s.io/fleet-addon-registration: "true" + cluster.x-k8s.io/provider: fleet + name: caapf-helm-manager + namespace: caapf-system + type: kubernetes.io/service-account-token + --- + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + cluster.x-k8s.io/provider: fleet + control-plane: controller-manager + name: caapf-controller-manager + namespace: caapf-system + spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: fleet + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + cluster.x-k8s.io/provider: fleet + control-plane: controller-manager + spec: + containers: + - image: ghcr.io/rancher/cluster-api-addon-provider-fleet:v0.12.0 + imagePullPolicy: IfNotPresent + name: manager + ports: + - containerPort: 8443 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /health + port: http + initialDelaySeconds: 5 + periodSeconds: 5 + resources: + limits: + cpu: 100m + memory: 150Mi + requests: + cpu: 100m + memory: 100Mi + - args: + - --helm-install + image: ghcr.io/rancher/cluster-api-addon-provider-fleet:v0.12.0 + name: helm-manager + resources: + limits: + cpu: 100m + memory: 150Mi + requests: + cpu: 100m + memory: 100Mi + volumeMounts: + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: helm-kubeconfig + readOnly: true + serviceAccountName: caapf-controller-manager + terminationGracePeriodSeconds: 10 + volumes: + - name: helm-kubeconfig + secret: + secretName: caapf-helm-manager + metadata: | + apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 + releaseSeries: + - major: 0 + minor: 1 + contract: v1beta1 + - major: 0 + minor: 2 + contract: v1beta1 + - major: 0 + minor: 3 + contract: v1beta1 + - major: 0 + minor: 4 + contract: v1beta1 + - major: 0 + minor: 5 + contract: v1beta1 + - major: 0 + minor: 6 + contract: v1beta1 + - major: 0 + minor: 7 + contract: v1beta1 + - major: 0 + minor: 8 + contract: v1beta1 + - major: 0 + minor: 9 + contract: v1beta1 + - major: 0 + minor: 10 + contract: v1beta1 + - major: 0 + minor: 11 + contract: v1beta1 + - major: 0 + minor: 12 + contract: v1beta1 +kind: ConfigMap +metadata: + creationTimestamp: null + name: v0.12.0 + namespace: {{ index .Values "providers" "addonFleet" "namespace" }} + labels: + provider-components: fleet {{- end }} diff --git a/rancher-turtles-providers-chart/templates/bootstrap-rke2.yaml b/rancher-turtles-providers-chart/templates/bootstrap-rke2.yaml index eaddda2..883488f 100644 --- a/rancher-turtles-providers-chart/templates/bootstrap-rke2.yaml +++ b/rancher-turtles-providers-chart/templates/bootstrap-rke2.yaml @@ -45,13 +45,2846 @@ spec: name: {{ index .Values "providers" "bootstrapRKE2" "configSecret" "name" }} namespace: {{ index .Values "providers" "bootstrapRKE2" "configSecret" "namespace" }} {{- end }} -{{- if index .Values "providers" "bootstrapRKE2" "fetchConfig" }} fetchConfig: - {{- if index .Values "providers" "bootstrapRKE2" "fetchConfig" "url" }} - url: {{ index .Values "providers" "bootstrapRKE2" "fetchConfig" "url" }} - {{- end }} - {{- if index .Values "providers" "bootstrapRKE2" "fetchConfig" "oci" }} - oci: {{ index .Values "providers" "bootstrapRKE2" "fetchConfig" "oci" }} - {{- end }} -{{- end }} + selector: + matchLabels: + provider-components: rke2-bootstrap +--- +apiVersion: v1 +data: + components: | + apiVersion: v1 + kind: Namespace + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + control-plane: controller-manager + name: rke2-bootstrap-system + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert + controller-gen.kubebuilder.io/version: v0.17.3 + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1 + name: rke2configs.bootstrap.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: rke2-bootstrap-webhook-service + namespace: rke2-bootstrap-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: bootstrap.cluster.x-k8s.io + names: + kind: RKE2Config + listKind: RKE2ConfigList + plural: rke2configs + singular: rke2config + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: RKE2Config is the Schema for the rke2configs API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RKE2ConfigSpec defines the desired state of RKE2Config. + properties: + agentConfig: + description: AgentConfig specifies configuration for the agent nodes. + properties: + additionalUserData: + description: |- + AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the + generated cloud-init/ignition script. + properties: + config: + description: |- + In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp". + Deprecated: Data is reserved for the arbitrary cloud-init data + type: string + data: + additionalProperties: + type: string + description: |- + Data allows to pass arbitrary set of key/value pairs consistent with + https://cloudinit.readthedocs.io/en/latest/reference/modules.html + to extend existing cloud-init configuration + type: object + strict: + description: Strict controls if Config should be strictly + parsed. If so, warnings are treated as errors. + type: boolean + type: object + x-kubernetes-validations: + - message: Only config or data could be populated at once + rule: '!has(self.data) || !has(self.config)' + airGapped: + description: |- + AirGapped is a boolean value to define if the bootstrapping should be air-gapped, + basically supposing that online container registries and RKE2 install scripts are not reachable. + type: boolean + cisProfile: + description: CISProfile activates CIS compliance of RKE2 for a + certain profile + enum: + - cis + - cis-1.23 + - cis-1.5 + - cis-1.6 + type: string + containerRuntimeEndpoint: + description: ContainerRuntimeEndpoint Disable embedded containerd + and use alternative CRI implementation. + type: string + dataDir: + description: DataDir Folder to hold state. + type: string + enableContainerdSElinux: + description: |- + EnableContainerdSElinux defines the policy for enabling SELinux for Containerd + if value is true, Containerd will run with selinux-enabled=true flag + if value is false, Containerd will run without the above flag + type: boolean + format: + description: Format specifies the output format of the bootstrap + data. Defaults to cloud-config. + enum: + - cloud-config + - ignition + type: string + imageCredentialProviderConfigMap: + description: |- + ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config + The config map should contain a key "credential-config.yaml" with YAML file content and + a key "credential-provider-binaries" with the a path to the binaries for the credential provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + kubeProxy: + description: KubeProxyArgs Customized flag for kube-proxy process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubelet: + description: KubeletArgs Customized flag for kubelet process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubeletPath: + description: KubeletPath Override kubelet binary path. + type: string + loadBalancerPort: + description: |- + LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are + not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444). + type: integer + nodeAnnotations: + additionalProperties: + type: string + description: |- + NodeAnnotations are annotations that are created on nodes post bootstrap phase. + Unfortunately it is not possible to apply annotations via kubelet + using current bootstrap configurations. + Issue: https://github.com/kubernetes/kubernetes/issues/108046 + type: object + nodeLabels: + description: NodeLabels Registering and starting kubelet with + set of labels. + items: + type: string + type: array + nodeName: + description: NodeNamePrefix Prefix to the Node Name that CAPI + will generate. + type: string + nodeTaints: + description: NodeTaints Registering kubelet with set of taints. + items: + type: string + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + protectKernelDefaults: + description: |- + ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults. + if false, kernel tunable can be different from kubelet defaults + type: boolean + resolvConf: + description: ResolvConf is a reference to a ConfigMap containing + resolv.conf content for the node. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + runtimeImage: + description: RuntimeImage override image to use for runtime binaries + (containerd, kubectl, crictl, etc). + type: string + snapshotter: + description: 'Snapshotter override default containerd snapshotter + (default: "overlayfs").' + type: string + systemDefaultRegistry: + description: SystemDefaultRegistry Private registry to be used + for all system images. + type: string + version: + description: Version specifies the rke2 version. + type: string + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files in + cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content to + populate the file. + properties: + secret: + description: SecretFileSource represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the RKE2BootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, e.g. + "root:root". + type: string + path: + description: Path specifies the full path on disk where to store + the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + postRKE2Commands: + description: PostRKE2Commands specifies extra commands to run after + rke2 setup runs. + items: + type: string + type: array + preRKE2Commands: + description: PreRKE2Commands specifies extra commands to run before + rke2 setup runs. + items: + type: string + type: array + privateRegistriesConfig: + description: PrivateRegistriesConfig defines the containerd configuration + for private registries and local registry mirrors. + properties: + configs: + additionalProperties: + description: RegistryConfig contains configuration used to communicate + with the registry. + properties: + authSecret: + description: |- + Auth si a reference to a Secret containing information to authenticate to the registry. + The Secret must provite a username and a password data entry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + tls: + description: |- + TLS is a pair of CA/Cert/Key which then are used when creating the transport + that communicates with the registry. + properties: + insecureSkipVerify: + description: InsecureSkipVerify may be set to false + to skip verifying the registry's certificate, default + is true. + type: boolean + tlsConfigSecret: + description: |- + TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt + which describe the TLS configuration necessary to connect to the registry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + description: |- + Configs are configs for each registry. + The key is the FDQN or IP of the registry. + type: object + mirrors: + additionalProperties: + description: Mirror contains the config related to the registry + mirror. + properties: + endpoint: + description: |- + Endpoints are endpoints for a namespace. CRI plugin will try the endpoints + one by one until a working one is found. The endpoint must be a valid url + with host specified. + The scheme, host and path from the endpoint URL will be used. + items: + type: string + type: array + rewrite: + additionalProperties: + type: string + description: |- + Rewrites are repository rewrite rules for a namespace. When fetching image resources + from an endpoint and a key matches the repository via regular expression matching + it will be replaced with the corresponding value from the map in the resource request. + type: object + type: object + description: Mirrors are namespace to mirror mapping for all namespaces. + type: object + type: object + type: object + status: + description: RKE2ConfigStatus defines the observed state of RKE2Config. + properties: + conditions: + description: Conditions defines current service state of the RKE2Config. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors. + type: string + failureReason: + description: FailureReason will be set on non-retryable errors. + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready indicates the BootstrapData field is ready to be + consumed. + type: boolean + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: RKE2Config is the Schema for the rke2configs API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RKE2ConfigSpec defines the desired state of RKE2Config. + properties: + agentConfig: + description: AgentConfig specifies configuration for the agent nodes. + properties: + additionalUserData: + description: |- + AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the + generated cloud-init/ignition script. + properties: + config: + description: |- + In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp". + type: string + data: + additionalProperties: + type: string + description: |- + Data allows to pass arbitrary set of key/value pairs consistent with + https://cloudinit.readthedocs.io/en/latest/reference/modules.html + to extend existing cloud-init configuration + type: object + strict: + description: Strict controls if Config should be strictly + parsed. If so, warnings are treated as errors. + type: boolean + type: object + x-kubernetes-validations: + - message: Only config or data could be populated at once + rule: '!has(self.data) || !has(self.config)' + airGapped: + description: |- + AirGapped is a boolean value to define if the bootstrapping should be air-gapped, + basically supposing that online container registries and RKE2 install scripts are not reachable. + type: boolean + airGappedChecksum: + description: |- + AirGappedChecksum is a string value with a sha256sum checksum to compare with checksum + of existing sha256sum-.txt file for packages already available on the machine + before performing air-gapped installation. + type: string + cisProfile: + description: CISProfile activates CIS compliance of RKE2 for a + certain profile + enum: + - cis + - cis-1.23 + - cis-1.5 + - cis-1.6 + type: string + containerRuntimeEndpoint: + description: ContainerRuntimeEndpoint Disable embedded containerd + and use alternative CRI implementation. + type: string + dataDir: + description: DataDir Folder to hold state. + type: string + enableContainerdSElinux: + description: |- + EnableContainerdSElinux defines the policy for enabling SELinux for Containerd + if value is true, Containerd will run with selinux-enabled=true flag + if value is false, Containerd will run without the above flag + type: boolean + format: + description: Format specifies the output format of the bootstrap + data. Defaults to cloud-config. + enum: + - cloud-config + - ignition + type: string + imageCredentialProviderConfigMap: + description: |- + ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config + The config map should contain a key "credential-config.yaml" with YAML file content and + a key "credential-provider-binaries" with the a path to the binaries for the credential provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + kubeProxy: + description: KubeProxyArgs Customized flag for kube-proxy process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubelet: + description: KubeletArgs Customized flag for kubelet process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubeletPath: + description: KubeletPath Override kubelet binary path. + type: string + loadBalancerPort: + description: |- + LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are + not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444). + type: integer + nodeAnnotations: + additionalProperties: + type: string + description: |- + NodeAnnotations are annotations that are created on nodes post bootstrap phase. + Unfortunately it is not possible to apply annotations via kubelet + using current bootstrap configurations. + Issue: https://github.com/kubernetes/kubernetes/issues/108046 + type: object + nodeLabels: + description: NodeLabels Registering and starting kubelet with + set of labels. + items: + type: string + type: array + nodeName: + description: NodeNamePrefix Prefix to the Node Name that CAPI + will generate. + type: string + nodeTaints: + description: NodeTaints Registering kubelet with set of taints. + items: + type: string + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + podSecurityAdmissionConfigFile: + description: |- + PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through + spec.Files field. + type: string + protectKernelDefaults: + description: |- + ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults. + if false, kernel tunable can be different from kubelet defaults + type: boolean + resolvConf: + description: ResolvConf is a reference to a ConfigMap containing + resolv.conf content for the node. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + runtimeImage: + description: RuntimeImage override image to use for runtime binaries + (containerd, kubectl, crictl, etc). + type: string + snapshotter: + description: 'Snapshotter override default containerd snapshotter + (default: "overlayfs").' + type: string + systemDefaultRegistry: + description: SystemDefaultRegistry Private registry to be used + for all system images. + type: string + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files in + cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content to + populate the file. + properties: + configMap: + description: ConfigMapFileSource represents a config map + that should populate this file. + properties: + key: + description: Key is the key in the secret or config + map's data map for this value. + type: string + name: + description: Name of the secret/configmap in the RKE2BootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + secret: + description: SecretFileSource represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret or config + map's data map for this value. + type: string + name: + description: Name of the secret/configmap in the RKE2BootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + type: object + x-kubernetes-validations: + - message: Only configMap or secret can be populated at once + rule: '!(has(self.secret) && has(self.configMap))' + encoding: + description: Encoding specifies the encoding of the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, e.g. + "root:root". + type: string + path: + description: Path specifies the full path on disk where to store + the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + gzipUserData: + description: GzipUserData specifies if the user data should be gzipped. + type: boolean + postRKE2Commands: + description: PostRKE2Commands specifies extra commands to run after + rke2 setup runs. + items: + type: string + type: array + preRKE2Commands: + description: PreRKE2Commands specifies extra commands to run before + rke2 setup runs. + items: + type: string + type: array + privateRegistriesConfig: + description: PrivateRegistriesConfig defines the containerd configuration + for private registries and local registry mirrors. + properties: + configs: + additionalProperties: + description: RegistryConfig contains configuration used to communicate + with the registry. + properties: + authSecret: + description: |- + Auth is a reference to a Secret containing information to authenticate to the registry. + The Secret must provite a username and a password data entry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + tls: + description: |- + TLS is a pair of CA/Cert/Key which then are used when creating the transport + that communicates with the registry. + properties: + insecureSkipVerify: + description: InsecureSkipVerify may be set to false + to skip verifying the registry's certificate, default + is true. + type: boolean + tlsConfigSecret: + description: |- + TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt + which describe the TLS configuration necessary to connect to the registry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + description: |- + Configs are configs for each registry. + The key is the FDQN or IP of the registry. + type: object + mirrors: + additionalProperties: + description: Mirror contains the config related to the registry + mirror. + properties: + endpoint: + description: |- + Endpoints are endpoints for a namespace. CRI plugin will try the endpoints + one by one until a working one is found. The endpoint must be a valid url + with host specified. + The scheme, host and path from the endpoint URL will be used. + items: + type: string + type: array + rewrite: + additionalProperties: + type: string + description: |- + Rewrites are repository rewrite rules for a namespace. When fetching image resources + from an endpoint and a key matches the repository via regular expression matching + it will be replaced with the corresponding value from the map in the resource request. + type: object + type: object + description: Mirrors are namespace to mirror mapping for all namespaces. + type: object + type: object + type: object + status: + description: RKE2ConfigStatus defines the observed state of RKE2Config. + properties: + conditions: + description: Conditions defines current service state of the RKE2Config. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors. + type: string + failureReason: + description: FailureReason will be set on non-retryable errors. + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready indicates the BootstrapData field is ready to be + consumed. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert + controller-gen.kubebuilder.io/version: v0.17.3 + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1 + name: rke2configtemplates.bootstrap.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: rke2-bootstrap-webhook-service + namespace: rke2-bootstrap-system + path: /convert + conversionReviewVersions: + - v1 + group: bootstrap.cluster.x-k8s.io + names: + kind: RKE2ConfigTemplate + listKind: RKE2ConfigTemplateList + plural: rke2configtemplates + singular: rke2configtemplate + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: RKE2ConfigTemplate is the Schema for the RKE2configtemplates + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec details the RKE2ConfigTemplate specification. + properties: + template: + description: "Template references a RKE2ConfigTemplate, which is used + to include an RKE2ConfigSpec struct.\n\tThis is used to include + a desired RKE2ConfigSpec configuration when an RKE2Config resource + is generated by a MachineDeployment resource." + properties: + spec: + description: Spec is the RKE2ConfigSpec that should be used for + the template. + properties: + agentConfig: + description: AgentConfig specifies configuration for the agent + nodes. + properties: + additionalUserData: + description: |- + AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the + generated cloud-init/ignition script. + properties: + config: + description: |- + In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp". + Deprecated: Data is reserved for the arbitrary cloud-init data + type: string + data: + additionalProperties: + type: string + description: |- + Data allows to pass arbitrary set of key/value pairs consistent with + https://cloudinit.readthedocs.io/en/latest/reference/modules.html + to extend existing cloud-init configuration + type: object + strict: + description: Strict controls if Config should be strictly + parsed. If so, warnings are treated as errors. + type: boolean + type: object + x-kubernetes-validations: + - message: Only config or data could be populated at once + rule: '!has(self.data) || !has(self.config)' + airGapped: + description: |- + AirGapped is a boolean value to define if the bootstrapping should be air-gapped, + basically supposing that online container registries and RKE2 install scripts are not reachable. + type: boolean + cisProfile: + description: CISProfile activates CIS compliance of RKE2 + for a certain profile + enum: + - cis + - cis-1.23 + - cis-1.5 + - cis-1.6 + type: string + containerRuntimeEndpoint: + description: ContainerRuntimeEndpoint Disable embedded + containerd and use alternative CRI implementation. + type: string + dataDir: + description: DataDir Folder to hold state. + type: string + enableContainerdSElinux: + description: |- + EnableContainerdSElinux defines the policy for enabling SELinux for Containerd + if value is true, Containerd will run with selinux-enabled=true flag + if value is false, Containerd will run without the above flag + type: boolean + format: + description: Format specifies the output format of the + bootstrap data. Defaults to cloud-config. + enum: + - cloud-config + - ignition + type: string + imageCredentialProviderConfigMap: + description: |- + ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config + The config map should contain a key "credential-config.yaml" with YAML file content and + a key "credential-provider-binaries" with the a path to the binaries for the credential provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + kubeProxy: + description: KubeProxyArgs Customized flag for kube-proxy + process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a Kubernetes + Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for + the Kubernetes Component + type: string + type: object + kubelet: + description: KubeletArgs Customized flag for kubelet process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a Kubernetes + Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for + the Kubernetes Component + type: string + type: object + kubeletPath: + description: KubeletPath Override kubelet binary path. + type: string + loadBalancerPort: + description: |- + LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are + not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444). + type: integer + nodeAnnotations: + additionalProperties: + type: string + description: |- + NodeAnnotations are annotations that are created on nodes post bootstrap phase. + Unfortunately it is not possible to apply annotations via kubelet + using current bootstrap configurations. + Issue: https://github.com/kubernetes/kubernetes/issues/108046 + type: object + nodeLabels: + description: NodeLabels Registering and starting kubelet + with set of labels. + items: + type: string + type: array + nodeName: + description: NodeNamePrefix Prefix to the Node Name that + CAPI will generate. + type: string + nodeTaints: + description: NodeTaints Registering kubelet with set of + taints. + items: + type: string + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should + be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to + use + items: + type: string + type: array + type: object + protectKernelDefaults: + description: |- + ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults. + if false, kernel tunable can be different from kubelet defaults + type: boolean + resolvConf: + description: ResolvConf is a reference to a ConfigMap + containing resolv.conf content for the node. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + runtimeImage: + description: RuntimeImage override image to use for runtime + binaries (containerd, kubectl, crictl, etc). + type: string + snapshotter: + description: 'Snapshotter override default containerd + snapshotter (default: "overlayfs").' + type: string + systemDefaultRegistry: + description: SystemDefaultRegistry Private registry to + be used for all system images. + type: string + version: + description: Version specifies the rke2 version. + type: string + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: SecretFileSource represents a secret + that should populate this file. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the RKE2BootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the + file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to + assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + postRKE2Commands: + description: PostRKE2Commands specifies extra commands to + run after rke2 setup runs. + items: + type: string + type: array + preRKE2Commands: + description: PreRKE2Commands specifies extra commands to run + before rke2 setup runs. + items: + type: string + type: array + privateRegistriesConfig: + description: PrivateRegistriesConfig defines the containerd + configuration for private registries and local registry + mirrors. + properties: + configs: + additionalProperties: + description: RegistryConfig contains configuration used + to communicate with the registry. + properties: + authSecret: + description: |- + Auth si a reference to a Secret containing information to authenticate to the registry. + The Secret must provite a username and a password data entry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + tls: + description: |- + TLS is a pair of CA/Cert/Key which then are used when creating the transport + that communicates with the registry. + properties: + insecureSkipVerify: + description: InsecureSkipVerify may be set to + false to skip verifying the registry's certificate, + default is true. + type: boolean + tlsConfigSecret: + description: |- + TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt + which describe the TLS configuration necessary to connect to the registry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + description: |- + Configs are configs for each registry. + The key is the FDQN or IP of the registry. + type: object + mirrors: + additionalProperties: + description: Mirror contains the config related to the + registry mirror. + properties: + endpoint: + description: |- + Endpoints are endpoints for a namespace. CRI plugin will try the endpoints + one by one until a working one is found. The endpoint must be a valid url + with host specified. + The scheme, host and path from the endpoint URL will be used. + items: + type: string + type: array + rewrite: + additionalProperties: + type: string + description: |- + Rewrites are repository rewrite rules for a namespace. When fetching image resources + from an endpoint and a key matches the repository via regular expression matching + it will be replaced with the corresponding value from the map in the resource request. + type: object + type: object + description: Mirrors are namespace to mirror mapping for + all namespaces. + type: object + type: object + type: object + required: + - spec + type: object + required: + - template + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: RKE2ConfigTemplate is the Schema for the RKE2configtemplates + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec details the RKE2ConfigTemplate specification. + properties: + template: + description: "Template references a RKE2ConfigTemplate, which is used + to include an RKE2ConfigSpec struct.\n\tThis is used to include + a desired RKE2ConfigSpec configuration when an RKE2Config resource + is generated by a MachineDeployment resource." + properties: + spec: + description: Spec is the RKE2ConfigSpec that should be used for + the template. + properties: + agentConfig: + description: AgentConfig specifies configuration for the agent + nodes. + properties: + additionalUserData: + description: |- + AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the + generated cloud-init/ignition script. + properties: + config: + description: |- + In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp". + type: string + data: + additionalProperties: + type: string + description: |- + Data allows to pass arbitrary set of key/value pairs consistent with + https://cloudinit.readthedocs.io/en/latest/reference/modules.html + to extend existing cloud-init configuration + type: object + strict: + description: Strict controls if Config should be strictly + parsed. If so, warnings are treated as errors. + type: boolean + type: object + x-kubernetes-validations: + - message: Only config or data could be populated at once + rule: '!has(self.data) || !has(self.config)' + airGapped: + description: |- + AirGapped is a boolean value to define if the bootstrapping should be air-gapped, + basically supposing that online container registries and RKE2 install scripts are not reachable. + type: boolean + airGappedChecksum: + description: |- + AirGappedChecksum is a string value with a sha256sum checksum to compare with checksum + of existing sha256sum-.txt file for packages already available on the machine + before performing air-gapped installation. + type: string + cisProfile: + description: CISProfile activates CIS compliance of RKE2 + for a certain profile + enum: + - cis + - cis-1.23 + - cis-1.5 + - cis-1.6 + type: string + containerRuntimeEndpoint: + description: ContainerRuntimeEndpoint Disable embedded + containerd and use alternative CRI implementation. + type: string + dataDir: + description: DataDir Folder to hold state. + type: string + enableContainerdSElinux: + description: |- + EnableContainerdSElinux defines the policy for enabling SELinux for Containerd + if value is true, Containerd will run with selinux-enabled=true flag + if value is false, Containerd will run without the above flag + type: boolean + format: + description: Format specifies the output format of the + bootstrap data. Defaults to cloud-config. + enum: + - cloud-config + - ignition + type: string + imageCredentialProviderConfigMap: + description: |- + ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config + The config map should contain a key "credential-config.yaml" with YAML file content and + a key "credential-provider-binaries" with the a path to the binaries for the credential provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + kubeProxy: + description: KubeProxyArgs Customized flag for kube-proxy + process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a Kubernetes + Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for + the Kubernetes Component + type: string + type: object + kubelet: + description: KubeletArgs Customized flag for kubelet process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a Kubernetes + Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for + the Kubernetes Component + type: string + type: object + kubeletPath: + description: KubeletPath Override kubelet binary path. + type: string + loadBalancerPort: + description: |- + LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are + not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444). + type: integer + nodeAnnotations: + additionalProperties: + type: string + description: |- + NodeAnnotations are annotations that are created on nodes post bootstrap phase. + Unfortunately it is not possible to apply annotations via kubelet + using current bootstrap configurations. + Issue: https://github.com/kubernetes/kubernetes/issues/108046 + type: object + nodeLabels: + description: NodeLabels Registering and starting kubelet + with set of labels. + items: + type: string + type: array + nodeName: + description: NodeNamePrefix Prefix to the Node Name that + CAPI will generate. + type: string + nodeTaints: + description: NodeTaints Registering kubelet with set of + taints. + items: + type: string + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should + be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to + use + items: + type: string + type: array + type: object + podSecurityAdmissionConfigFile: + description: |- + PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through + spec.Files field. + type: string + protectKernelDefaults: + description: |- + ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults. + if false, kernel tunable can be different from kubelet defaults + type: boolean + resolvConf: + description: ResolvConf is a reference to a ConfigMap + containing resolv.conf content for the node. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + runtimeImage: + description: RuntimeImage override image to use for runtime + binaries (containerd, kubectl, crictl, etc). + type: string + snapshotter: + description: 'Snapshotter override default containerd + snapshotter (default: "overlayfs").' + type: string + systemDefaultRegistry: + description: SystemDefaultRegistry Private registry to + be used for all system images. + type: string + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + configMap: + description: ConfigMapFileSource represents a config + map that should populate this file. + properties: + key: + description: Key is the key in the secret or + config map's data map for this value. + type: string + name: + description: Name of the secret/configmap in + the RKE2BootstrapConfig's namespace to use. + type: string + required: + - key + - name + type: object + secret: + description: SecretFileSource represents a secret + that should populate this file. + properties: + key: + description: Key is the key in the secret or + config map's data map for this value. + type: string + name: + description: Name of the secret/configmap in + the RKE2BootstrapConfig's namespace to use. + type: string + required: + - key + - name + type: object + type: object + x-kubernetes-validations: + - message: Only configMap or secret can be populated + at once + rule: '!(has(self.secret) && has(self.configMap))' + encoding: + description: Encoding specifies the encoding of the + file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to + assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + gzipUserData: + description: GzipUserData specifies if the user data should + be gzipped. + type: boolean + postRKE2Commands: + description: PostRKE2Commands specifies extra commands to + run after rke2 setup runs. + items: + type: string + type: array + preRKE2Commands: + description: PreRKE2Commands specifies extra commands to run + before rke2 setup runs. + items: + type: string + type: array + privateRegistriesConfig: + description: PrivateRegistriesConfig defines the containerd + configuration for private registries and local registry + mirrors. + properties: + configs: + additionalProperties: + description: RegistryConfig contains configuration used + to communicate with the registry. + properties: + authSecret: + description: |- + Auth is a reference to a Secret containing information to authenticate to the registry. + The Secret must provite a username and a password data entry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + tls: + description: |- + TLS is a pair of CA/Cert/Key which then are used when creating the transport + that communicates with the registry. + properties: + insecureSkipVerify: + description: InsecureSkipVerify may be set to + false to skip verifying the registry's certificate, + default is true. + type: boolean + tlsConfigSecret: + description: |- + TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt + which describe the TLS configuration necessary to connect to the registry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + description: |- + Configs are configs for each registry. + The key is the FDQN or IP of the registry. + type: object + mirrors: + additionalProperties: + description: Mirror contains the config related to the + registry mirror. + properties: + endpoint: + description: |- + Endpoints are endpoints for a namespace. CRI plugin will try the endpoints + one by one until a working one is found. The endpoint must be a valid url + with host specified. + The scheme, host and path from the endpoint URL will be used. + items: + type: string + type: array + rewrite: + additionalProperties: + type: string + description: |- + Rewrites are repository rewrite rules for a namespace. When fetching image resources + from an endpoint and a key matches the repository via regular expression matching + it will be replaced with the corresponding value from the map in the resource request. + type: object + type: object + description: Mirrors are namespace to mirror mapping for + all namespaces. + type: object + type: object + type: object + required: + - spec + type: object + required: + - template + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + name: rke2-bootstrap-manager + namespace: rke2-bootstrap-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + name: rke2-bootstrap-leader-election-role + namespace: rke2-bootstrap-system + rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + name: rke2-bootstrap-manager-role + rules: + - apiGroups: + - "" + resources: + - configmaps + - events + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - bootstrap.cluster.x-k8s.io + resources: + - rke2configs + - rke2configs/finalizers + - rke2configs/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + - machinepools + - machinepools/status + - machines + - machines/status + - machinesets + verbs: + - get + - list + - watch + - apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - rke2controlplanes + - rke2controlplanes/status + verbs: + - get + - list + - watch + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + name: rke2-bootstrap-leader-election-rolebinding + namespace: rke2-bootstrap-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rke2-bootstrap-leader-election-role + subjects: + - kind: ServiceAccount + name: rke2-bootstrap-manager + namespace: rke2-bootstrap-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + name: rke2-bootstrap-manager-rolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rke2-bootstrap-manager-role + subjects: + - kind: ServiceAccount + name: rke2-bootstrap-manager + namespace: rke2-bootstrap-system + --- + apiVersion: v1 + kind: Service + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + name: rke2-bootstrap-webhook-service + namespace: rke2-bootstrap-system + spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: bootstrap-rke2 + --- + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + control-plane: controller-manager + name: rke2-bootstrap-controller-manager + namespace: rke2-bootstrap-system + spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: bootstrap-rke2 + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + control-plane: controller-manager + spec: + containers: + - args: + - --leader-elect + - --diagnostics-address=${CAPRKE2_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false} + - --v=${CAPRKE2_DEBUG_LEVEL:=0} + - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=true},ClusterTopology=${CLUSTER_TOPOLOGY:=true} + - --concurrency=${CONCURRENCY_NUMBER:=10} + command: + - /manager + image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.21.1 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: rke2-bootstrap-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + secretName: rke2-bootstrap-webhook-service-cert + --- + apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + name: rke2-bootstrap-serving-cert + namespace: rke2-bootstrap-system + spec: + dnsNames: + - rke2-bootstrap-webhook-service.rke2-bootstrap-system.svc + - rke2-bootstrap-webhook-service.rke2-bootstrap-system.svc.cluster.local + issuerRef: + kind: Issuer + name: rke2-bootstrap-selfsigned-issuer + secretName: rke2-bootstrap-webhook-service-cert + subject: + organizations: + - Rancher by SUSE + --- + apiVersion: cert-manager.io/v1 + kind: Issuer + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + name: rke2-bootstrap-selfsigned-issuer + namespace: rke2-bootstrap-system + spec: + selfSigned: {} + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: MutatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + name: rke2-bootstrap-mutating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: rke2-bootstrap-webhook-service + namespace: rke2-bootstrap-system + path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-rke2config + failurePolicy: Fail + name: mrke2config.kb.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - rke2configs + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: rke2-bootstrap-webhook-service + namespace: rke2-bootstrap-system + path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-rke2configtemplate + failurePolicy: Fail + name: mrke2configtemplate.kb.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - rke2configtemplates + sideEffects: None + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + name: rke2-bootstrap-validating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: rke2-bootstrap-webhook-service + namespace: rke2-bootstrap-system + path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-rke2config + failurePolicy: Fail + name: vrke2config.kb.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - rke2configs + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: rke2-bootstrap-webhook-service + namespace: rke2-bootstrap-system + path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-rke2configtemplate + failurePolicy: Fail + name: vrke2configtemplate.kb.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - rke2configtemplates + sideEffects: None + metadata: | + # maps release series of major.minor to cluster-api contract version + # the contract version may change between minor or major versions, but *not* + # between patch versions. + # + # update this file only when a new major or minor version is released + apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 + kind: Metadata + releaseSeries: + - major: 0 + minor: 1 + contract: v1beta1 + - major: 0 + minor: 2 + contract: v1beta1 + - major: 0 + minor: 3 + contract: v1beta1 + - major: 0 + minor: 4 + contract: v1beta1 + - major: 0 + minor: 5 + contract: v1beta1 + - major: 0 + minor: 6 + contract: v1beta1 + - major: 0 + minor: 7 + contract: v1beta1 + - major: 0 + minor: 8 + contract: v1beta1 + - major: 0 + minor: 9 + contract: v1beta1 + - major: 0 + minor: 10 + contract: v1beta1 + - major: 0 + minor: 11 + contract: v1beta1 + - major: 0 + minor: 12 + contract: v1beta1 + - major: 0 + minor: 13 + contract: v1beta1 + - major: 0 + minor: 14 + contract: v1beta1 + - major: 0 + minor: 15 + contract: v1beta1 + - major: 0 + minor: 16 + contract: v1beta1 + - major: 0 + minor: 17 + contract: v1beta1 + - major: 0 + minor: 18 + contract: v1beta1 + - major: 0 + minor: 19 + contract: v1beta1 + - major: 0 + minor: 20 + contract: v1beta1 + - major: 0 + minor: 21 + contract: v1beta1 +kind: ConfigMap +metadata: + creationTimestamp: null + name: v0.21.1 + namespace: rke2-bootstrap-system + labels: + provider-components: rke2-bootstrap {{- end }} diff --git a/rancher-turtles-providers-chart/templates/clusterctl-config.yaml b/rancher-turtles-providers-chart/templates/clusterctl-config.yaml new file mode 100644 index 0000000..2c1f932 --- /dev/null +++ b/rancher-turtles-providers-chart/templates/clusterctl-config.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: turtles-capi.cattle.io/v1alpha1 +kind: ClusterctlConfig +metadata: + name: clusterctl-config + namespace: cattle-turtles-system +spec: + providers: + - name: metal3 + url: "https://github.com/rancher-sandbox/cluster-api-provider-metal3/releases/v1.10.4/infrastructure-components.yaml" + type: InfrastructureProvider + - name: metal3ipam + url: "https://github.com/rancher-sandbox/ip-address-manager/releases/v1.10.4/ipam-components.yaml" + type: IPAMProvider + images: + - name: control-plane-rke2 + repository: "registry.suse.com/rancher" + - name: bootstrap-rke2 + repository: "registry.suse.com/rancher" + - name: addon-rancher-fleet + repository: "registry.suse.com/rancher" diff --git a/rancher-turtles-providers-chart/templates/controlplane-rke2.yaml b/rancher-turtles-providers-chart/templates/controlplane-rke2.yaml index b8a70c9..ae44670 100644 --- a/rancher-turtles-providers-chart/templates/controlplane-rke2.yaml +++ b/rancher-turtles-providers-chart/templates/controlplane-rke2.yaml @@ -45,13 +45,4989 @@ spec: name: {{ index .Values "providers" "controlplaneRKE2" "configSecret" "name" }} namespace: {{ index .Values "providers" "controlplaneRKE2" "configSecret" "namespace" }} {{- end }} -{{- if index .Values "providers" "controlplaneRKE2" "fetchConfig" }} fetchConfig: - {{- if index .Values "providers" "controlplaneRKE2" "fetchConfig" "url" }} - url: {{ index .Values "providers" "controlplaneRKE2" "fetchConfig" "url" }} - {{- end }} - {{- if index .Values "providers" "controlplaneRKE2" "fetchConfig" "oci" }} - oci: {{ index .Values "providers" "controlplaneRKE2" "fetchConfig" "oci" }} - {{- end }} + selector: + matchLabels: + provider-components: rke2-controlplane +--- +apiVersion: v1 +data: + components: | + apiVersion: v1 + kind: Namespace + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + control-plane: controller-manager + name: rke2-control-plane-system + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert + controller-gen.kubebuilder.io/version: v0.17.3 + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1 + name: rke2controlplanes.controlplane.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: rke2-control-plane-webhook-service + namespace: rke2-control-plane-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: controlplane.cluster.x-k8s.io + names: + kind: RKE2ControlPlane + listKind: RKE2ControlPlaneList + plural: rke2controlplanes + singular: rke2controlplane + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: RKE2ControlPlane is the Schema for the rke2controlplanes API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RKE2ControlPlaneSpec defines the desired state of RKE2ControlPlane. + properties: + agentConfig: + description: AgentConfig specifies configuration for the agent nodes. + properties: + additionalUserData: + description: |- + AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the + generated cloud-init/ignition script. + properties: + config: + description: |- + In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp". + Deprecated: Data is reserved for the arbitrary cloud-init data + type: string + data: + additionalProperties: + type: string + description: |- + Data allows to pass arbitrary set of key/value pairs consistent with + https://cloudinit.readthedocs.io/en/latest/reference/modules.html + to extend existing cloud-init configuration + type: object + strict: + description: Strict controls if Config should be strictly + parsed. If so, warnings are treated as errors. + type: boolean + type: object + x-kubernetes-validations: + - message: Only config or data could be populated at once + rule: '!has(self.data) || !has(self.config)' + airGapped: + description: |- + AirGapped is a boolean value to define if the bootstrapping should be air-gapped, + basically supposing that online container registries and RKE2 install scripts are not reachable. + type: boolean + cisProfile: + description: CISProfile activates CIS compliance of RKE2 for a + certain profile + enum: + - cis + - cis-1.23 + - cis-1.5 + - cis-1.6 + type: string + containerRuntimeEndpoint: + description: ContainerRuntimeEndpoint Disable embedded containerd + and use alternative CRI implementation. + type: string + dataDir: + description: DataDir Folder to hold state. + type: string + enableContainerdSElinux: + description: |- + EnableContainerdSElinux defines the policy for enabling SELinux for Containerd + if value is true, Containerd will run with selinux-enabled=true flag + if value is false, Containerd will run without the above flag + type: boolean + format: + description: Format specifies the output format of the bootstrap + data. Defaults to cloud-config. + enum: + - cloud-config + - ignition + type: string + imageCredentialProviderConfigMap: + description: |- + ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config + The config map should contain a key "credential-config.yaml" with YAML file content and + a key "credential-provider-binaries" with the a path to the binaries for the credential provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + kubeProxy: + description: KubeProxyArgs Customized flag for kube-proxy process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubelet: + description: KubeletArgs Customized flag for kubelet process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubeletPath: + description: KubeletPath Override kubelet binary path. + type: string + loadBalancerPort: + description: |- + LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are + not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444). + type: integer + nodeAnnotations: + additionalProperties: + type: string + description: |- + NodeAnnotations are annotations that are created on nodes post bootstrap phase. + Unfortunately it is not possible to apply annotations via kubelet + using current bootstrap configurations. + Issue: https://github.com/kubernetes/kubernetes/issues/108046 + type: object + nodeLabels: + description: NodeLabels Registering and starting kubelet with + set of labels. + items: + type: string + type: array + nodeName: + description: NodeNamePrefix Prefix to the Node Name that CAPI + will generate. + type: string + nodeTaints: + description: NodeTaints Registering kubelet with set of taints. + items: + type: string + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + protectKernelDefaults: + description: |- + ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults. + if false, kernel tunable can be different from kubelet defaults + type: boolean + resolvConf: + description: ResolvConf is a reference to a ConfigMap containing + resolv.conf content for the node. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + runtimeImage: + description: RuntimeImage override image to use for runtime binaries + (containerd, kubectl, crictl, etc). + type: string + snapshotter: + description: 'Snapshotter override default containerd snapshotter + (default: "overlayfs").' + type: string + systemDefaultRegistry: + description: SystemDefaultRegistry Private registry to be used + for all system images. + type: string + version: + description: Version specifies the rke2 version. + type: string + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files in + cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content to + populate the file. + properties: + secret: + description: SecretFileSource represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the RKE2BootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, e.g. + "root:root". + type: string + path: + description: Path specifies the full path on disk where to store + the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + infrastructureRef: + description: |- + InfrastructureRef is a required reference to a custom resource + offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + manifestsConfigMapReference: + description: |- + ManifestsConfigMapReference references a ConfigMap which contains Kubernetes manifests to be deployed automatically on the cluster + Each data entry in the ConfigMap will be will be copied to a folder on the control plane nodes that RKE2 scans and uses to deploy manifests. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: |- + NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + type: string + postRKE2Commands: + description: PostRKE2Commands specifies extra commands to run after + rke2 setup runs. + items: + type: string + type: array + preRKE2Commands: + description: PreRKE2Commands specifies extra commands to run before + rke2 setup runs. + items: + type: string + type: array + privateRegistriesConfig: + description: PrivateRegistriesConfig defines the containerd configuration + for private registries and local registry mirrors. + properties: + configs: + additionalProperties: + description: RegistryConfig contains configuration used to communicate + with the registry. + properties: + authSecret: + description: |- + Auth si a reference to a Secret containing information to authenticate to the registry. + The Secret must provite a username and a password data entry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + tls: + description: |- + TLS is a pair of CA/Cert/Key which then are used when creating the transport + that communicates with the registry. + properties: + insecureSkipVerify: + description: InsecureSkipVerify may be set to false + to skip verifying the registry's certificate, default + is true. + type: boolean + tlsConfigSecret: + description: |- + TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt + which describe the TLS configuration necessary to connect to the registry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + description: |- + Configs are configs for each registry. + The key is the FDQN or IP of the registry. + type: object + mirrors: + additionalProperties: + description: Mirror contains the config related to the registry + mirror. + properties: + endpoint: + description: |- + Endpoints are endpoints for a namespace. CRI plugin will try the endpoints + one by one until a working one is found. The endpoint must be a valid url + with host specified. + The scheme, host and path from the endpoint URL will be used. + items: + type: string + type: array + rewrite: + additionalProperties: + type: string + description: |- + Rewrites are repository rewrite rules for a namespace. When fetching image resources + from an endpoint and a key matches the repository via regular expression matching + it will be replaced with the corresponding value from the map in the resource request. + type: object + type: object + description: Mirrors are namespace to mirror mapping for all namespaces. + type: object + type: object + registrationAddress: + description: |- + RegistrationAddress is an explicit address to use when registering a node. This is required if + the registration type is "address". Its for scenarios where a load-balancer or VIP is used. + type: string + registrationMethod: + default: internal-first + description: RegistrationMethod is the method to use for registering + nodes into the RKE2 cluster. + enum: + - internal-first + - internal-only-ips + - external-only-ips + - address + type: string + replicas: + description: Replicas is the number of replicas for the Control Plane. + format: int32 + type: integer + rolloutStrategy: + default: + rollingUpdate: + maxSurge: 1 + type: RollingUpdate + description: The RolloutStrategy to use to replace control plane machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if RolloutStrategyType + = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of control planes that can be scheduled above or under the + desired number of control planes. + Value can be an absolute number 1 or 0. + Defaults to 1. + Example: when this is set to 1, the control plane can be scaled + up immediately when the rolling update starts. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + Type of rollout. Currently the only supported strategy is "RollingUpdate". + Default is RollingUpdate. + type: string + type: object + serverConfig: + description: ServerConfig specifies configuration for the agent nodes. + properties: + advertiseAddress: + description: 'AdvertiseAddress IP address that apiserver uses + to advertise to members of the cluster (default: node-external-ip/node-ip).' + type: string + auditPolicySecret: + description: AuditPolicySecret path to the file that defines the + audit policy configuration. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + bindAddress: + description: 'BindAddress describes the rke2 bind address (default: + 0.0.0.0).' + type: string + cloudControllerManager: + description: CloudControllerManager defines optional custom configuration + of the Cloud Controller Manager. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + cloudProviderConfigMap: + description: |- + CloudProviderConfigMap is a reference to a ConfigMap containing Cloud provider configuration. + The config map must contain a key named cloud-config. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + cloudProviderName: + description: CloudProviderName cloud provider name. + type: string + clusterDNS: + description: 'ClusterDNS is the cluster IP for CoreDNS service. + Should be in your service-cidr range (default: 10.43.0.10).' + type: string + clusterDomain: + description: 'ClusterDomain is the cluster domain name (default: + "cluster.local").' + type: string + cni: + description: |- + CNI describes the CNI Plugins to deploy, one of none, calico, canal, cilium; + optionally with multus as the first value to enable the multus meta-plugin (default: canal). + enum: + - none + - calico + - canal + - cilium + type: string + cniMultusEnable: + description: |- + CNIMultusEnable enables multus as the first CNI plugin (default: false). + This option will automatically make Multus a primary CNI, and the value, if specified in the CNI field, as a secondary CNI plugin. + type: boolean + disableComponents: + description: DisableComponents lists Kubernetes components and + RKE2 plugin components that will be disabled. + properties: + kubernetesComponents: + description: KubernetesComponents is a list of Kubernetes + components to disable. + items: + description: 'DisabledKubernetesComponent is an enum field + that can take one of the following values: scheduler, + kubeProxy or cloudController.' + enum: + - scheduler + - kubeProxy + - cloudController + type: string + type: array + pluginComponents: + description: PluginComponents is a list of PluginComponents + to disable. + items: + description: DisabledPluginComponent selects a plugin Components + to be disabled. + enum: + - rke2-coredns + - rke2-ingress-nginx + - rke2-metrics-server + type: string + type: array + type: object + etcd: + description: Etcd defines optional custom configuration of ETCD. + properties: + backupConfig: + description: 'BackupConfig defines how RKE2 will snapshot + ETCD: target storage, schedule, etc.' + properties: + directory: + description: Directory to save db snapshots. + type: string + disableAutomaticSnapshots: + description: |- + DisableAutomaticSnapshots defines the policy for ETCD snapshots. + true means automatic snapshots will be scheduled, false means automatic snapshots will not be scheduled. + type: boolean + retention: + description: 'Retention Number of snapshots to retain + Default: 5 (default: 5).' + type: string + s3: + description: S3 Enable backup to an S3-compatible Object + Store. + properties: + bucket: + description: Bucket S3 bucket name. + type: string + endpoint: + description: 'Endpoint S3 endpoint url (default: "s3.amazonaws.com").' + type: string + endpointCAsecret: + description: |- + EndpointCA references the Secret that contains a custom CA that should be trusted to connect to S3 endpoint. + The secret must contain a key named "ca.pem" that contains the CA certificate. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + enforceSslVerify: + description: EnforceSSLVerify may be set to false + to skip verifying the registry's certificate, default + is true. + type: boolean + folder: + description: Folder S3 folder. + type: string + region: + description: 'Region S3 region / bucket location (optional) + (default: "us-east-1").' + type: string + s3CredentialSecret: + description: |- + S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket. + The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key". + If empty, the controller will default to IAM authentication + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + required: + - endpoint + type: object + scheduleCron: + description: 'ScheduleCron Snapshot interval time in cron + spec. eg. every 5 hours ''* */5 * * *'' (default: "0 + */12 * * *").' + type: string + snapshotName: + description: 'SnapshotName Set the base name of etcd snapshots. + Default: etcd-snapshot- (default: "etcd-snapshot").' + type: string + type: object + customConfig: + description: CustomConfig defines the custom settings for + ETCD. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component + command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to + be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for the + Kubernetes Component + type: string + type: object + exposeMetrics: + description: |- + ExposeEtcdMetrics defines the policy for ETCD Metrics exposure. + if value is true, ETCD metrics will be exposed + if value is false, ETCD metrics will NOT be exposed + type: boolean + type: object + kubeAPIServer: + description: KubeAPIServer defines optional custom configuration + of the Kube API Server. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubeControllerManager: + description: KubeControllerManager defines optional custom configuration + of the Kube Controller Manager. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubeScheduler: + description: KubeScheduler defines optional custom configuration + of the Kube Scheduler. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + pauseImage: + description: PauseImage Override image to use for pause. + type: string + serviceNodePortRange: + description: 'ServiceNodePortRange is the port range to reserve + for services with NodePort visibility (default: "30000-32767").' + type: string + tlsSan: + description: TLSSan Add additional hostname or IP as a Subject + Alternative Name in the TLS cert. + items: + type: string + type: array + type: object + required: + - infrastructureRef + type: object + status: + description: RKE2ControlPlaneStatus defines the observed state of RKE2ControlPlane. + properties: + availableServerIPs: + description: AvailableServerIPs is a list of the Control Plane IP + adds that can be used to register further nodes. + items: + type: string + type: array + conditions: + description: Conditions defines current service state of the RKE2Config. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors. + type: string + failureReason: + description: FailureReason will be set on non-retryable errors. + type: string + initialized: + description: Initialized indicates the target cluster has completed + initialization. + type: boolean + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready indicates the BootstrapData field is ready to be + consumed. + type: boolean + readyReplicas: + description: ReadyReplicas is the number of replicas current attached + to this ControlPlane Resource and that have Ready Status. + format: int32 + type: integer + replicas: + description: Replicas is the number of replicas current attached to + this ControlPlane Resource. + format: int32 + type: integer + unavailableReplicas: + description: UnavailableReplicas is the number of replicas current + attached to this ControlPlane Resource and that are up-to-date with + Control Plane config. + format: int32 + type: integer + updatedReplicas: + description: UpdatedReplicas is the number of replicas current attached + to this ControlPlane Resource and that are up-to-date with Control + Plane config. + format: int32 + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: RKE2ControlPlane is the Schema for the rke2controlplanes API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RKE2ControlPlaneSpec defines the desired state of RKE2ControlPlane. + properties: + agentConfig: + description: AgentConfig specifies configuration for the agent nodes. + properties: + additionalUserData: + description: |- + AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the + generated cloud-init/ignition script. + properties: + config: + description: |- + In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp". + type: string + data: + additionalProperties: + type: string + description: |- + Data allows to pass arbitrary set of key/value pairs consistent with + https://cloudinit.readthedocs.io/en/latest/reference/modules.html + to extend existing cloud-init configuration + type: object + strict: + description: Strict controls if Config should be strictly + parsed. If so, warnings are treated as errors. + type: boolean + type: object + x-kubernetes-validations: + - message: Only config or data could be populated at once + rule: '!has(self.data) || !has(self.config)' + airGapped: + description: |- + AirGapped is a boolean value to define if the bootstrapping should be air-gapped, + basically supposing that online container registries and RKE2 install scripts are not reachable. + type: boolean + airGappedChecksum: + description: |- + AirGappedChecksum is a string value with a sha256sum checksum to compare with checksum + of existing sha256sum-.txt file for packages already available on the machine + before performing air-gapped installation. + type: string + cisProfile: + description: CISProfile activates CIS compliance of RKE2 for a + certain profile + enum: + - cis + - cis-1.23 + - cis-1.5 + - cis-1.6 + type: string + containerRuntimeEndpoint: + description: ContainerRuntimeEndpoint Disable embedded containerd + and use alternative CRI implementation. + type: string + dataDir: + description: DataDir Folder to hold state. + type: string + enableContainerdSElinux: + description: |- + EnableContainerdSElinux defines the policy for enabling SELinux for Containerd + if value is true, Containerd will run with selinux-enabled=true flag + if value is false, Containerd will run without the above flag + type: boolean + format: + description: Format specifies the output format of the bootstrap + data. Defaults to cloud-config. + enum: + - cloud-config + - ignition + type: string + imageCredentialProviderConfigMap: + description: |- + ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config + The config map should contain a key "credential-config.yaml" with YAML file content and + a key "credential-provider-binaries" with the a path to the binaries for the credential provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + kubeProxy: + description: KubeProxyArgs Customized flag for kube-proxy process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubelet: + description: KubeletArgs Customized flag for kubelet process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubeletPath: + description: KubeletPath Override kubelet binary path. + type: string + loadBalancerPort: + description: |- + LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are + not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444). + type: integer + nodeAnnotations: + additionalProperties: + type: string + description: |- + NodeAnnotations are annotations that are created on nodes post bootstrap phase. + Unfortunately it is not possible to apply annotations via kubelet + using current bootstrap configurations. + Issue: https://github.com/kubernetes/kubernetes/issues/108046 + type: object + nodeLabels: + description: NodeLabels Registering and starting kubelet with + set of labels. + items: + type: string + type: array + nodeName: + description: NodeNamePrefix Prefix to the Node Name that CAPI + will generate. + type: string + nodeTaints: + description: NodeTaints Registering kubelet with set of taints. + items: + type: string + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + podSecurityAdmissionConfigFile: + description: |- + PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through + spec.Files field. + type: string + protectKernelDefaults: + description: |- + ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults. + if false, kernel tunable can be different from kubelet defaults + type: boolean + resolvConf: + description: ResolvConf is a reference to a ConfigMap containing + resolv.conf content for the node. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + runtimeImage: + description: RuntimeImage override image to use for runtime binaries + (containerd, kubectl, crictl, etc). + type: string + snapshotter: + description: 'Snapshotter override default containerd snapshotter + (default: "overlayfs").' + type: string + systemDefaultRegistry: + description: SystemDefaultRegistry Private registry to be used + for all system images. + type: string + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files in + cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content to + populate the file. + properties: + configMap: + description: ConfigMapFileSource represents a config map + that should populate this file. + properties: + key: + description: Key is the key in the secret or config + map's data map for this value. + type: string + name: + description: Name of the secret/configmap in the RKE2BootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + secret: + description: SecretFileSource represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret or config + map's data map for this value. + type: string + name: + description: Name of the secret/configmap in the RKE2BootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + type: object + x-kubernetes-validations: + - message: Only configMap or secret can be populated at once + rule: '!(has(self.secret) && has(self.configMap))' + encoding: + description: Encoding specifies the encoding of the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, e.g. + "root:root". + type: string + path: + description: Path specifies the full path on disk where to store + the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + gzipUserData: + description: GzipUserData specifies if the user data should be gzipped. + type: boolean + infrastructureRef: + description: |- + InfrastructureRef is a required reference to a custom resource + offered by an infrastructure provider. + This field is deprecated. Use `.machineTemplate.infrastructureRef` instead. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + machineTemplate: + description: |- + MachineTemplate contains information about how machines + should be shaped when creating or updating a control plane. + properties: + infrastructureRef: + description: |- + InfrastructureRef is a required reference to a custom resource + offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + nodeDeletionTimeout: + description: |- + nodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine + hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. + If no value is provided, the default value for this property of the Machine resource will be used. + type: string + nodeDrainTimeout: + description: |- + NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + type: string + nodeVolumeDetachTimeout: + description: |- + nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + type: string + required: + - infrastructureRef + type: object + manifestsConfigMapReference: + description: |- + ManifestsConfigMapReference references a ConfigMap which contains Kubernetes manifests to be deployed automatically on the cluster + Each data entry in the ConfigMap will be will be copied to a folder on the control plane nodes that RKE2 scans and uses to deploy manifests. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: |- + NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + This field is deprecated. Use `.machineTemplate.nodeDrainTimeout` instead. + type: string + postRKE2Commands: + description: PostRKE2Commands specifies extra commands to run after + rke2 setup runs. + items: + type: string + type: array + preRKE2Commands: + description: PreRKE2Commands specifies extra commands to run before + rke2 setup runs. + items: + type: string + type: array + privateRegistriesConfig: + description: PrivateRegistriesConfig defines the containerd configuration + for private registries and local registry mirrors. + properties: + configs: + additionalProperties: + description: RegistryConfig contains configuration used to communicate + with the registry. + properties: + authSecret: + description: |- + Auth is a reference to a Secret containing information to authenticate to the registry. + The Secret must provite a username and a password data entry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + tls: + description: |- + TLS is a pair of CA/Cert/Key which then are used when creating the transport + that communicates with the registry. + properties: + insecureSkipVerify: + description: InsecureSkipVerify may be set to false + to skip verifying the registry's certificate, default + is true. + type: boolean + tlsConfigSecret: + description: |- + TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt + which describe the TLS configuration necessary to connect to the registry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + description: |- + Configs are configs for each registry. + The key is the FDQN or IP of the registry. + type: object + mirrors: + additionalProperties: + description: Mirror contains the config related to the registry + mirror. + properties: + endpoint: + description: |- + Endpoints are endpoints for a namespace. CRI plugin will try the endpoints + one by one until a working one is found. The endpoint must be a valid url + with host specified. + The scheme, host and path from the endpoint URL will be used. + items: + type: string + type: array + rewrite: + additionalProperties: + type: string + description: |- + Rewrites are repository rewrite rules for a namespace. When fetching image resources + from an endpoint and a key matches the repository via regular expression matching + it will be replaced with the corresponding value from the map in the resource request. + type: object + type: object + description: Mirrors are namespace to mirror mapping for all namespaces. + type: object + type: object + registrationAddress: + description: |- + RegistrationAddress is an explicit address to use when registering a node. This is required if + the registration type is "address". Its for scenarios where a load-balancer or VIP is used. + type: string + registrationMethod: + description: RegistrationMethod is the method to use for registering + nodes into the RKE2 cluster. + enum: + - internal-first + - internal-only-ips + - external-only-ips + - address + - control-plane-endpoint + - "" + type: string + remediationStrategy: + description: remediationStrategy is the RemediationStrategy that controls + how control plane machine remediation happens. + properties: + maxRetry: + description: "maxRetry is the Max number of retries while attempting + to remediate an unhealthy machine.\nA retry happens when a machine + that was created as a replacement for an unhealthy machine also + fails.\nFor example, given a control plane with three machines + M1, M2, M3:\n\n\tM1 become unhealthy; remediation happens, and + M1-1 is created as a replacement.\n\tIf M1-1 (replacement of + M1) has problems while bootstrapping it will become unhealthy, + and then be\n\tremediated; such operation is considered a retry, + remediation-retry #1.\n\tIf M1-2 (replacement of M1-1) becomes + unhealthy, remediation-retry #2 will happen, etc.\n\nA retry + could happen only after RetryPeriod from the previous retry.\nIf + a machine is marked as unhealthy after MinHealthyPeriod from + the previous remediation expired,\nthis is not considered a + retry anymore because the new issue is assumed unrelated from + the previous one.\n\nIf not set, the remedation will be retried + infinitely." + format: int32 + type: integer + minHealthyPeriod: + description: "minHealthyPeriod defines the duration after which + RKE2ControlPlane will consider any failure to a machine unrelated\nfrom + the previous one. In this case the remediation is not considered + a retry anymore, and thus the retry\ncounter restarts from 0. + For example, assuming MinHealthyPeriod is set to 1h (default)\n\n\tM1 + become unhealthy; remediation happens, and M1-1 is created as + a replacement.\n\tIf M1-1 (replacement of M1) has problems within + the 1hr after the creation, also\n\tthis machine will be remediated + and this operation is considered a retry - a problem related\n\tto + the original issue happened to M1 -.\n\n\tIf instead the problem + on M1-1 is happening after MinHealthyPeriod expired, e.g. four + days after\n\tm1-1 has been created as a remediation of M1, + the problem on M1-1 is considered unrelated to\n\tthe original + issue happened to M1.\n\nIf not set, this value is defaulted + to 1h." + type: string + retryPeriod: + description: |- + retryPeriod is the duration that RKE2ControlPlane should wait before remediating a machine being created as a replacement + for an unhealthy machine (a retry). + + If not set, a retry will happen immediately. + type: string + type: object + replicas: + description: Replicas is the number of replicas for the Control Plane. + format: int32 + type: integer + rolloutStrategy: + description: The RolloutStrategy to use to replace control plane machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if RolloutStrategyType + = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of control planes that can be scheduled above or under the + desired number of control planes. + Value can be an absolute number 1 or 0. + Defaults to 1. + Example: when this is set to 1, the control plane can be scaled + up immediately when the rolling update starts. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + Type of rollout. Currently the only supported strategy is "RollingUpdate". + Default is RollingUpdate. + type: string + type: object + serverConfig: + description: ServerConfig specifies configuration for the agent nodes. + properties: + advertiseAddress: + description: 'AdvertiseAddress IP address that apiserver uses + to advertise to members of the cluster (default: node-external-ip/node-ip).' + type: string + auditPolicySecret: + description: AuditPolicySecret path to the file that defines the + audit policy configuration. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + bindAddress: + description: 'BindAddress describes the rke2 bind address (default: + 0.0.0.0).' + type: string + cloudControllerManager: + description: CloudControllerManager defines optional custom configuration + of the Cloud Controller Manager. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + cloudProviderConfigMap: + description: |- + CloudProviderConfigMap is a reference to a ConfigMap containing Cloud provider configuration. + The config map must contain a key named cloud-config. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + cloudProviderName: + description: CloudProviderName cloud provider name. + type: string + clusterDNS: + description: 'ClusterDNS is the cluster IP for CoreDNS service. + Should be in your service-cidr range (default: 10.43.0.10).' + type: string + clusterDomain: + description: 'ClusterDomain is the cluster domain name (default: + "cluster.local").' + type: string + cni: + description: |- + CNI describes the CNI Plugins to deploy, one of none, calico, canal, cilium; + optionally with multus as the first value to enable the multus meta-plugin (default: canal). + enum: + - none + - calico + - canal + - cilium + type: string + cniMultusEnable: + description: |- + CNIMultusEnable enables multus as the first CNI plugin (default: false). + This option will automatically make Multus a primary CNI, and the value, if specified in the CNI field, as a secondary CNI plugin. + type: boolean + disableComponents: + description: DisableComponents lists Kubernetes components and + RKE2 plugin components that will be disabled. + properties: + kubernetesComponents: + description: KubernetesComponents is a list of Kubernetes + components to disable. + items: + description: 'DisabledKubernetesComponent is an enum field + that can take one of the following values: scheduler, + kubeProxy or cloudController.' + enum: + - scheduler + - kubeProxy + - cloudController + type: string + type: array + pluginComponents: + description: PluginComponents is a list of PluginComponents + to disable. + items: + description: DisabledPluginComponent selects a plugin Components + to be disabled. + enum: + - rke2-coredns + - rke2-ingress-nginx + - rke2-metrics-server + - rke2-snapshot-controller + - rke2-snapshot-controller-crd + - rke2-snapshot-validation-webhook + type: string + type: array + type: object + embeddedRegistry: + description: EmbeddedRegistry enables the embedded registry. + type: boolean + etcd: + description: Etcd defines optional custom configuration of ETCD. + properties: + backupConfig: + description: 'BackupConfig defines how RKE2 will snapshot + ETCD: target storage, schedule, etc.' + properties: + directory: + description: Directory to save db snapshots. + type: string + disableAutomaticSnapshots: + description: |- + DisableAutomaticSnapshots defines the policy for ETCD snapshots. + true means automatic snapshots will be scheduled, false means automatic snapshots will not be scheduled. + type: boolean + retention: + description: 'Retention Number of snapshots to retain + Default: 5 (default: 5).' + type: string + s3: + description: S3 Enable backup to an S3-compatible Object + Store. + properties: + bucket: + description: Bucket S3 bucket name. + type: string + endpoint: + description: 'Endpoint S3 endpoint url (default: "s3.amazonaws.com").' + type: string + endpointCAsecret: + description: |- + EndpointCA references the Secret that contains a custom CA that should be trusted to connect to S3 endpoint. + The secret must contain a key named "ca.pem" that contains the CA certificate. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + enforceSslVerify: + description: EnforceSSLVerify may be set to false + to skip verifying the registry's certificate, default + is true. + type: boolean + folder: + description: Folder S3 folder. + type: string + region: + description: 'Region S3 region / bucket location (optional) + (default: "us-east-1").' + type: string + s3CredentialSecret: + description: |- + S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket. + The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key". + If empty, the controller will default to IAM authentication + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + required: + - endpoint + type: object + scheduleCron: + description: 'ScheduleCron Snapshot interval time in cron + spec. eg. every 5 hours ''* */5 * * *'' (default: "0 + */12 * * *").' + type: string + snapshotName: + description: 'SnapshotName Set the base name of etcd snapshots. + Default: etcd-snapshot- (default: "etcd-snapshot").' + type: string + type: object + customConfig: + description: CustomConfig defines the custom settings for + ETCD. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component + command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to + be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for the + Kubernetes Component + type: string + type: object + exposeMetrics: + description: |- + ExposeEtcdMetrics defines the policy for ETCD Metrics exposure. + if value is true, ETCD metrics will be exposed + if value is false, ETCD metrics will NOT be exposed + type: boolean + type: object + externalDatastoreSecret: + description: |- + ExternalDatastoreSecret is a reference to a Secret that contains configuration about connecting to an external datastore. + The secret must contain a key named "endpoint" that contains the connection string for the external datastore. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + kubeAPIServer: + description: KubeAPIServer defines optional custom configuration + of the Kube API Server. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubeControllerManager: + description: KubeControllerManager defines optional custom configuration + of the Kube Controller Manager. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubeScheduler: + description: KubeScheduler defines optional custom configuration + of the Kube Scheduler. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + pauseImage: + description: PauseImage Override image to use for pause. + type: string + secretsEncryption: + description: SecretsEncrytion defines encryption at rest configuration + properties: + encryptionKeySecret: + description: EncyptionKey secret reference + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + provider: + description: Encryption provider + enum: + - aescbc + - secretbox + type: string + type: object + serviceNodePortRange: + description: 'ServiceNodePortRange is the port range to reserve + for services with NodePort visibility (default: "30000-32767").' + type: string + tlsSan: + description: TLSSan Add additional hostname or IP as a Subject + Alternative Name in the TLS cert. + items: + type: string + type: array + type: object + version: + description: |- + Version defines the desired Kubernetes version. + This field takes precedence over RKE2ConfigSpec.AgentConfig.Version (which is deprecated). + pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$ + type: string + required: + - rolloutStrategy + type: object + status: + description: RKE2ControlPlaneStatus defines the observed state of RKE2ControlPlane. + properties: + availableServerIPs: + description: AvailableServerIPs is a list of the Control Plane IP + adds that can be used to register further nodes. + items: + type: string + type: array + conditions: + description: Conditions defines current service state of the RKE2Config. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors. + type: string + failureReason: + description: FailureReason will be set on non-retryable errors. + type: string + initialized: + description: Initialized indicates the target cluster has completed + initialization. + type: boolean + lastRemediation: + description: lastRemediation stores info about last remediation performed. + properties: + machine: + description: machine is the machine name of the latest machine + being remediated. + maxLength: 253 + minLength: 1 + type: string + retryCount: + description: |- + retryCount used to keep track of remediation retry for the last remediated machine. + A retry happens when a machine that was created as a replacement for an unhealthy machine also fails. + type: integer + timestamp: + description: timestamp is when last remediation happened. It is + represented in RFC3339 form and is in UTC. + format: date-time + type: string + required: + - machine + - retryCount + - timestamp + type: object + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: |- + Ready denotes that the RKE2ControlPlane API Server became ready during initial provisioning + to receive requests. + NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning. + The value of this field is never updated after provisioning is completed. Please use conditions + to check the operational state of the control plane. + type: boolean + readyReplicas: + description: ReadyReplicas is the number of replicas current attached + to this ControlPlane Resource and that have Ready Status. + format: int32 + type: integer + replicas: + description: Replicas is the number of replicas current attached to + this ControlPlane Resource. + format: int32 + type: integer + unavailableReplicas: + description: UnavailableReplicas is the number of replicas current + attached to this ControlPlane Resource and that are up-to-date with + Control Plane config. + format: int32 + type: integer + updatedReplicas: + description: UpdatedReplicas is the number of replicas current attached + to this ControlPlane Resource and that are up-to-date with Control + Plane config. + format: int32 + type: integer + version: + description: |- + Version represents the minimum Kubernetes version for the control plane machines + in the cluster. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert + controller-gen.kubebuilder.io/version: v0.17.3 + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1 + name: rke2controlplanetemplates.controlplane.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: rke2-control-plane-webhook-service + namespace: rke2-control-plane-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: controlplane.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: RKE2ControlPlaneTemplate + listKind: RKE2ControlPlaneTemplateList + plural: rke2controlplanetemplates + shortNames: + - rke2ct + singular: rke2controlplanetemplate + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: RKE2ControlPlaneTemplate is the Schema for the rke2controlplanetemplates + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RKE2ControlPlaneTemplateSpec defines the desired state of + RKE2ControlPlaneTemplate. + type: object + status: + description: RKE2ControlPlaneTemplateStatus defines the observed state + of RKE2ControlPlaneTemplate. + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: RKE2ControlPlaneTemplate is the Schema for the rke2controlplanetemplates + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec is the control plane specification for the template + resource. + properties: + template: + description: RKE2ControlPlaneTemplateResource contains spec for RKE2ControlPlaneTemplate. + properties: + spec: + description: Spec is the specification of the desired behavior + of the control plane. + properties: + agentConfig: + description: AgentConfig specifies configuration for the agent + nodes. + properties: + additionalUserData: + description: |- + AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the + generated cloud-init/ignition script. + properties: + config: + description: |- + In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp". + type: string + data: + additionalProperties: + type: string + description: |- + Data allows to pass arbitrary set of key/value pairs consistent with + https://cloudinit.readthedocs.io/en/latest/reference/modules.html + to extend existing cloud-init configuration + type: object + strict: + description: Strict controls if Config should be strictly + parsed. If so, warnings are treated as errors. + type: boolean + type: object + x-kubernetes-validations: + - message: Only config or data could be populated at once + rule: '!has(self.data) || !has(self.config)' + airGapped: + description: |- + AirGapped is a boolean value to define if the bootstrapping should be air-gapped, + basically supposing that online container registries and RKE2 install scripts are not reachable. + type: boolean + airGappedChecksum: + description: |- + AirGappedChecksum is a string value with a sha256sum checksum to compare with checksum + of existing sha256sum-.txt file for packages already available on the machine + before performing air-gapped installation. + type: string + cisProfile: + description: CISProfile activates CIS compliance of RKE2 + for a certain profile + enum: + - cis + - cis-1.23 + - cis-1.5 + - cis-1.6 + type: string + containerRuntimeEndpoint: + description: ContainerRuntimeEndpoint Disable embedded + containerd and use alternative CRI implementation. + type: string + dataDir: + description: DataDir Folder to hold state. + type: string + enableContainerdSElinux: + description: |- + EnableContainerdSElinux defines the policy for enabling SELinux for Containerd + if value is true, Containerd will run with selinux-enabled=true flag + if value is false, Containerd will run without the above flag + type: boolean + format: + description: Format specifies the output format of the + bootstrap data. Defaults to cloud-config. + enum: + - cloud-config + - ignition + type: string + imageCredentialProviderConfigMap: + description: |- + ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config + The config map should contain a key "credential-config.yaml" with YAML file content and + a key "credential-provider-binaries" with the a path to the binaries for the credential provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + kubeProxy: + description: KubeProxyArgs Customized flag for kube-proxy + process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a Kubernetes + Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for + the Kubernetes Component + type: string + type: object + kubelet: + description: KubeletArgs Customized flag for kubelet process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a Kubernetes + Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for + the Kubernetes Component + type: string + type: object + kubeletPath: + description: KubeletPath Override kubelet binary path. + type: string + loadBalancerPort: + description: |- + LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are + not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444). + type: integer + nodeAnnotations: + additionalProperties: + type: string + description: |- + NodeAnnotations are annotations that are created on nodes post bootstrap phase. + Unfortunately it is not possible to apply annotations via kubelet + using current bootstrap configurations. + Issue: https://github.com/kubernetes/kubernetes/issues/108046 + type: object + nodeLabels: + description: NodeLabels Registering and starting kubelet + with set of labels. + items: + type: string + type: array + nodeName: + description: NodeNamePrefix Prefix to the Node Name that + CAPI will generate. + type: string + nodeTaints: + description: NodeTaints Registering kubelet with set of + taints. + items: + type: string + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should + be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to + use + items: + type: string + type: array + type: object + podSecurityAdmissionConfigFile: + description: |- + PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through + spec.Files field. + type: string + protectKernelDefaults: + description: |- + ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults. + if false, kernel tunable can be different from kubelet defaults + type: boolean + resolvConf: + description: ResolvConf is a reference to a ConfigMap + containing resolv.conf content for the node. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + runtimeImage: + description: RuntimeImage override image to use for runtime + binaries (containerd, kubectl, crictl, etc). + type: string + snapshotter: + description: 'Snapshotter override default containerd + snapshotter (default: "overlayfs").' + type: string + systemDefaultRegistry: + description: SystemDefaultRegistry Private registry to + be used for all system images. + type: string + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + configMap: + description: ConfigMapFileSource represents a config + map that should populate this file. + properties: + key: + description: Key is the key in the secret or + config map's data map for this value. + type: string + name: + description: Name of the secret/configmap in + the RKE2BootstrapConfig's namespace to use. + type: string + required: + - key + - name + type: object + secret: + description: SecretFileSource represents a secret + that should populate this file. + properties: + key: + description: Key is the key in the secret or + config map's data map for this value. + type: string + name: + description: Name of the secret/configmap in + the RKE2BootstrapConfig's namespace to use. + type: string + required: + - key + - name + type: object + type: object + x-kubernetes-validations: + - message: Only configMap or secret can be populated + at once + rule: '!(has(self.secret) && has(self.configMap))' + encoding: + description: Encoding specifies the encoding of the + file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to + assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + gzipUserData: + description: GzipUserData specifies if the user data should + be gzipped. + type: boolean + infrastructureRef: + description: |- + InfrastructureRef is a required reference to a custom resource + offered by an infrastructure provider. + This field is deprecated. Use `.machineTemplate.infrastructureRef` instead. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + machineTemplate: + description: |- + MachineTemplate contains information about how machines + should be shaped when creating or updating a control plane. + properties: + infrastructureRef: + description: |- + InfrastructureRef is a required reference to a custom resource + offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + labels is a map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + nodeDeletionTimeout: + description: |- + nodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine + hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. + If no value is provided, the default value for this property of the Machine resource will be used. + type: string + nodeDrainTimeout: + description: |- + NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + type: string + nodeVolumeDetachTimeout: + description: |- + nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + type: string + required: + - infrastructureRef + type: object + manifestsConfigMapReference: + description: |- + ManifestsConfigMapReference references a ConfigMap which contains Kubernetes manifests to be deployed automatically on the cluster + Each data entry in the ConfigMap will be will be copied to a folder on the control plane nodes that RKE2 scans and uses to deploy manifests. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: |- + NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + This field is deprecated. Use `.machineTemplate.nodeDrainTimeout` instead. + type: string + postRKE2Commands: + description: PostRKE2Commands specifies extra commands to + run after rke2 setup runs. + items: + type: string + type: array + preRKE2Commands: + description: PreRKE2Commands specifies extra commands to run + before rke2 setup runs. + items: + type: string + type: array + privateRegistriesConfig: + description: PrivateRegistriesConfig defines the containerd + configuration for private registries and local registry + mirrors. + properties: + configs: + additionalProperties: + description: RegistryConfig contains configuration used + to communicate with the registry. + properties: + authSecret: + description: |- + Auth is a reference to a Secret containing information to authenticate to the registry. + The Secret must provite a username and a password data entry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + tls: + description: |- + TLS is a pair of CA/Cert/Key which then are used when creating the transport + that communicates with the registry. + properties: + insecureSkipVerify: + description: InsecureSkipVerify may be set to + false to skip verifying the registry's certificate, + default is true. + type: boolean + tlsConfigSecret: + description: |- + TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt + which describe the TLS configuration necessary to connect to the registry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + description: |- + Configs are configs for each registry. + The key is the FDQN or IP of the registry. + type: object + mirrors: + additionalProperties: + description: Mirror contains the config related to the + registry mirror. + properties: + endpoint: + description: |- + Endpoints are endpoints for a namespace. CRI plugin will try the endpoints + one by one until a working one is found. The endpoint must be a valid url + with host specified. + The scheme, host and path from the endpoint URL will be used. + items: + type: string + type: array + rewrite: + additionalProperties: + type: string + description: |- + Rewrites are repository rewrite rules for a namespace. When fetching image resources + from an endpoint and a key matches the repository via regular expression matching + it will be replaced with the corresponding value from the map in the resource request. + type: object + type: object + description: Mirrors are namespace to mirror mapping for + all namespaces. + type: object + type: object + registrationAddress: + description: |- + RegistrationAddress is an explicit address to use when registering a node. This is required if + the registration type is "address". Its for scenarios where a load-balancer or VIP is used. + type: string + registrationMethod: + description: RegistrationMethod is the method to use for registering + nodes into the RKE2 cluster. + enum: + - internal-first + - internal-only-ips + - external-only-ips + - address + - control-plane-endpoint + - "" + type: string + remediationStrategy: + description: remediationStrategy is the RemediationStrategy + that controls how control plane machine remediation happens. + properties: + maxRetry: + description: "maxRetry is the Max number of retries while + attempting to remediate an unhealthy machine.\nA retry + happens when a machine that was created as a replacement + for an unhealthy machine also fails.\nFor example, given + a control plane with three machines M1, M2, M3:\n\n\tM1 + become unhealthy; remediation happens, and M1-1 is created + as a replacement.\n\tIf M1-1 (replacement of M1) has + problems while bootstrapping it will become unhealthy, + and then be\n\tremediated; such operation is considered + a retry, remediation-retry #1.\n\tIf M1-2 (replacement + of M1-1) becomes unhealthy, remediation-retry #2 will + happen, etc.\n\nA retry could happen only after RetryPeriod + from the previous retry.\nIf a machine is marked as + unhealthy after MinHealthyPeriod from the previous remediation + expired,\nthis is not considered a retry anymore because + the new issue is assumed unrelated from the previous + one.\n\nIf not set, the remedation will be retried infinitely." + format: int32 + type: integer + minHealthyPeriod: + description: "minHealthyPeriod defines the duration after + which RKE2ControlPlane will consider any failure to + a machine unrelated\nfrom the previous one. In this + case the remediation is not considered a retry anymore, + and thus the retry\ncounter restarts from 0. For example, + assuming MinHealthyPeriod is set to 1h (default)\n\n\tM1 + become unhealthy; remediation happens, and M1-1 is created + as a replacement.\n\tIf M1-1 (replacement of M1) has + problems within the 1hr after the creation, also\n\tthis + machine will be remediated and this operation is considered + a retry - a problem related\n\tto the original issue + happened to M1 -.\n\n\tIf instead the problem on M1-1 + is happening after MinHealthyPeriod expired, e.g. four + days after\n\tm1-1 has been created as a remediation + of M1, the problem on M1-1 is considered unrelated to\n\tthe + original issue happened to M1.\n\nIf not set, this value + is defaulted to 1h." + type: string + retryPeriod: + description: |- + retryPeriod is the duration that RKE2ControlPlane should wait before remediating a machine being created as a replacement + for an unhealthy machine (a retry). + + If not set, a retry will happen immediately. + type: string + type: object + replicas: + description: Replicas is the number of replicas for the Control + Plane. + format: int32 + type: integer + rolloutStrategy: + description: The RolloutStrategy to use to replace control + plane machines with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only + if RolloutStrategyType = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of control planes that can be scheduled above or under the + desired number of control planes. + Value can be an absolute number 1 or 0. + Defaults to 1. + Example: when this is set to 1, the control plane can be scaled + up immediately when the rolling update starts. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + Type of rollout. Currently the only supported strategy is "RollingUpdate". + Default is RollingUpdate. + type: string + type: object + serverConfig: + description: ServerConfig specifies configuration for the + agent nodes. + properties: + advertiseAddress: + description: 'AdvertiseAddress IP address that apiserver + uses to advertise to members of the cluster (default: + node-external-ip/node-ip).' + type: string + auditPolicySecret: + description: AuditPolicySecret path to the file that defines + the audit policy configuration. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + bindAddress: + description: 'BindAddress describes the rke2 bind address + (default: 0.0.0.0).' + type: string + cloudControllerManager: + description: CloudControllerManager defines optional custom + configuration of the Cloud Controller Manager. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a Kubernetes + Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for + the Kubernetes Component + type: string + type: object + cloudProviderConfigMap: + description: |- + CloudProviderConfigMap is a reference to a ConfigMap containing Cloud provider configuration. + The config map must contain a key named cloud-config. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + cloudProviderName: + description: CloudProviderName cloud provider name. + type: string + clusterDNS: + description: 'ClusterDNS is the cluster IP for CoreDNS + service. Should be in your service-cidr range (default: + 10.43.0.10).' + type: string + clusterDomain: + description: 'ClusterDomain is the cluster domain name + (default: "cluster.local").' + type: string + cni: + description: |- + CNI describes the CNI Plugins to deploy, one of none, calico, canal, cilium; + optionally with multus as the first value to enable the multus meta-plugin (default: canal). + enum: + - none + - calico + - canal + - cilium + type: string + cniMultusEnable: + description: |- + CNIMultusEnable enables multus as the first CNI plugin (default: false). + This option will automatically make Multus a primary CNI, and the value, if specified in the CNI field, as a secondary CNI plugin. + type: boolean + disableComponents: + description: DisableComponents lists Kubernetes components + and RKE2 plugin components that will be disabled. + properties: + kubernetesComponents: + description: KubernetesComponents is a list of Kubernetes + components to disable. + items: + description: 'DisabledKubernetesComponent is an + enum field that can take one of the following + values: scheduler, kubeProxy or cloudController.' + enum: + - scheduler + - kubeProxy + - cloudController + type: string + type: array + pluginComponents: + description: PluginComponents is a list of PluginComponents + to disable. + items: + description: DisabledPluginComponent selects a plugin + Components to be disabled. + enum: + - rke2-coredns + - rke2-ingress-nginx + - rke2-metrics-server + - rke2-snapshot-controller + - rke2-snapshot-controller-crd + - rke2-snapshot-validation-webhook + type: string + type: array + type: object + embeddedRegistry: + description: EmbeddedRegistry enables the embedded registry. + type: boolean + etcd: + description: Etcd defines optional custom configuration + of ETCD. + properties: + backupConfig: + description: 'BackupConfig defines how RKE2 will snapshot + ETCD: target storage, schedule, etc.' + properties: + directory: + description: Directory to save db snapshots. + type: string + disableAutomaticSnapshots: + description: |- + DisableAutomaticSnapshots defines the policy for ETCD snapshots. + true means automatic snapshots will be scheduled, false means automatic snapshots will not be scheduled. + type: boolean + retention: + description: 'Retention Number of snapshots to + retain Default: 5 (default: 5).' + type: string + s3: + description: S3 Enable backup to an S3-compatible + Object Store. + properties: + bucket: + description: Bucket S3 bucket name. + type: string + endpoint: + description: 'Endpoint S3 endpoint url (default: + "s3.amazonaws.com").' + type: string + endpointCAsecret: + description: |- + EndpointCA references the Secret that contains a custom CA that should be trusted to connect to S3 endpoint. + The secret must contain a key named "ca.pem" that contains the CA certificate. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + enforceSslVerify: + description: EnforceSSLVerify may be set to + false to skip verifying the registry's certificate, + default is true. + type: boolean + folder: + description: Folder S3 folder. + type: string + region: + description: 'Region S3 region / bucket location + (optional) (default: "us-east-1").' + type: string + s3CredentialSecret: + description: |- + S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket. + The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key". + If empty, the controller will default to IAM authentication + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + required: + - endpoint + type: object + scheduleCron: + description: 'ScheduleCron Snapshot interval time + in cron spec. eg. every 5 hours ''* */5 * * + *'' (default: "0 */12 * * *").' + type: string + snapshotName: + description: 'SnapshotName Set the base name of + etcd snapshots. Default: etcd-snapshot- + (default: "etcd-snapshot").' + type: string + type: object + customConfig: + description: CustomConfig defines the custom settings + for ETCD. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a + Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment + variables to pass on to a Kubernetes Component + command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one + for the Kubernetes Component + type: string + type: object + exposeMetrics: + description: |- + ExposeEtcdMetrics defines the policy for ETCD Metrics exposure. + if value is true, ETCD metrics will be exposed + if value is false, ETCD metrics will NOT be exposed + type: boolean + type: object + externalDatastoreSecret: + description: |- + ExternalDatastoreSecret is a reference to a Secret that contains configuration about connecting to an external datastore. + The secret must contain a key named "endpoint" that contains the connection string for the external datastore. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + kubeAPIServer: + description: KubeAPIServer defines optional custom configuration + of the Kube API Server. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a Kubernetes + Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for + the Kubernetes Component + type: string + type: object + kubeControllerManager: + description: KubeControllerManager defines optional custom + configuration of the Kube Controller Manager. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a Kubernetes + Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for + the Kubernetes Component + type: string + type: object + kubeScheduler: + description: KubeScheduler defines optional custom configuration + of the Kube Scheduler. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a Kubernetes + Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for + the Kubernetes Component + type: string + type: object + pauseImage: + description: PauseImage Override image to use for pause. + type: string + secretsEncryption: + description: SecretsEncrytion defines encryption at rest + configuration + properties: + encryptionKeySecret: + description: EncyptionKey secret reference + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + provider: + description: Encryption provider + enum: + - aescbc + - secretbox + type: string + type: object + serviceNodePortRange: + description: 'ServiceNodePortRange is the port range to + reserve for services with NodePort visibility (default: + "30000-32767").' + type: string + tlsSan: + description: TLSSan Add additional hostname or IP as a + Subject Alternative Name in the TLS cert. + items: + type: string + type: array + type: object + version: + description: |- + Version defines the desired Kubernetes version. + This field takes precedence over RKE2ConfigSpec.AgentConfig.Version (which is deprecated). + pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$ + type: string + required: + - rolloutStrategy + type: object + required: + - spec + type: object + required: + - template + type: object + status: + description: Status is the current state of the control plane. + properties: + availableServerIPs: + description: AvailableServerIPs is a list of the Control Plane IP + adds that can be used to register further nodes. + items: + type: string + type: array + conditions: + description: Conditions defines current service state of the RKE2Config. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors. + type: string + failureReason: + description: FailureReason will be set on non-retryable errors. + type: string + initialized: + description: Initialized indicates the target cluster has completed + initialization. + type: boolean + lastRemediation: + description: lastRemediation stores info about last remediation performed. + properties: + machine: + description: machine is the machine name of the latest machine + being remediated. + maxLength: 253 + minLength: 1 + type: string + retryCount: + description: |- + retryCount used to keep track of remediation retry for the last remediated machine. + A retry happens when a machine that was created as a replacement for an unhealthy machine also fails. + type: integer + timestamp: + description: timestamp is when last remediation happened. It is + represented in RFC3339 form and is in UTC. + format: date-time + type: string + required: + - machine + - retryCount + - timestamp + type: object + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: |- + Ready denotes that the RKE2ControlPlane API Server became ready during initial provisioning + to receive requests. + NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning. + The value of this field is never updated after provisioning is completed. Please use conditions + to check the operational state of the control plane. + type: boolean + readyReplicas: + description: ReadyReplicas is the number of replicas current attached + to this ControlPlane Resource and that have Ready Status. + format: int32 + type: integer + replicas: + description: Replicas is the number of replicas current attached to + this ControlPlane Resource. + format: int32 + type: integer + unavailableReplicas: + description: UnavailableReplicas is the number of replicas current + attached to this ControlPlane Resource and that are up-to-date with + Control Plane config. + format: int32 + type: integer + updatedReplicas: + description: UpdatedReplicas is the number of replicas current attached + to this ControlPlane Resource and that are up-to-date with Control + Plane config. + format: int32 + type: integer + version: + description: |- + Version represents the minimum Kubernetes version for the control plane machines + in the cluster. + type: string + type: object + type: object + served: true + storage: true + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + name: rke2-control-plane-manager + namespace: rke2-control-plane-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + name: rke2-control-plane-leader-election-role + namespace: rke2-control-plane-system + rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + --- + aggregationRule: + clusterRoleSelectors: + - matchLabels: + rke2.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true" + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + name: rke2-control-plane-aggregated-manager-role + rules: [] + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + rke2.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true" + name: rke2-control-plane-manager-role + rules: + - apiGroups: + - "" + resources: + - configmaps + - events + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - bootstrap.cluster.x-k8s.io + resources: + - rke2configs + verbs: + - create + - delete + - get + - list + - patch + - watch + - apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + - machinepools + - machinepools/status + - machines + - machines/status + - machinesets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - rke2controlplanes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - rke2controlplanes/finalizers + verbs: + - update + - apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - rke2controlplanes/status + verbs: + - get + - patch + - update + - apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - watch + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + name: rke2-control-plane-leader-election-rolebinding + namespace: rke2-control-plane-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rke2-control-plane-leader-election-role + subjects: + - kind: ServiceAccount + name: rke2-control-plane-manager + namespace: rke2-control-plane-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + name: rke2-control-plane-manager-rolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rke2-control-plane-aggregated-manager-role + subjects: + - kind: ServiceAccount + name: rke2-control-plane-manager + namespace: rke2-control-plane-system + --- + apiVersion: v1 + kind: Service + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + name: rke2-control-plane-webhook-service + namespace: rke2-control-plane-system + spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: control-plane-rke2 + --- + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + control-plane: controller-manager + name: rke2-control-plane-controller-manager + namespace: rke2-control-plane-system + spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: control-plane-rke2 + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + control-plane: controller-manager + spec: + containers: + - args: + - --leader-elect + - --diagnostics-address=${CAPRKE2_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false} + - --v=${CAPRKE2_DEBUG_LEVEL:=0} + - --concurrency=${CONCURRENCY_NUMBER:=10} + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.21.1 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: rke2-control-plane-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + secretName: rke2-controlplane-webhook-service-cert + --- + apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + name: rke2-control-plane-serving-cert + namespace: rke2-control-plane-system + spec: + dnsNames: + - rke2-control-plane-webhook-service.rke2-control-plane-system.svc + - rke2-control-plane-webhook-service.rke2-control-plane-system.svc.cluster.local + issuerRef: + kind: Issuer + name: rke2-control-plane-selfsigned-issuer + secretName: rke2-controlplane-webhook-service-cert + subject: + organizations: + - Rancher by SUSE + --- + apiVersion: cert-manager.io/v1 + kind: Issuer + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + name: rke2-control-plane-selfsigned-issuer + namespace: rke2-control-plane-system + spec: + selfSigned: {} + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: MutatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + name: rke2-control-plane-mutating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: rke2-control-plane-webhook-service + namespace: rke2-control-plane-system + path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-rke2controlplane + failurePolicy: Fail + name: mrke2controlplane.kb.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - rke2controlplanes + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: rke2-control-plane-webhook-service + namespace: rke2-control-plane-system + path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-rke2controlplanetemplate + failurePolicy: Fail + name: mrke2controlplanetemplate.kb.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - rke2controlplanetemplates + sideEffects: None + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + name: rke2-control-plane-validating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: rke2-control-plane-webhook-service + namespace: rke2-control-plane-system + path: /validate-controlplane-cluster-x-k8s-io-v1beta1-rke2controlplane + failurePolicy: Fail + name: vrke2controlplane.kb.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - rke2controlplanes + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: rke2-control-plane-webhook-service + namespace: rke2-control-plane-system + path: /validate-controlplane-cluster-x-k8s-io-v1beta1-rke2controlplanetemplate + failurePolicy: Fail + name: vrke2controlplanetemplate.kb.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - rke2controlplanetemplates + sideEffects: None + metadata: | + # maps release series of major.minor to cluster-api contract version + # the contract version may change between minor or major versions, but *not* + # between patch versions. + # + # update this file only when a new major or minor version is released + apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 + kind: Metadata + releaseSeries: + - major: 0 + minor: 1 + contract: v1beta1 + - major: 0 + minor: 2 + contract: v1beta1 + - major: 0 + minor: 3 + contract: v1beta1 + - major: 0 + minor: 4 + contract: v1beta1 + - major: 0 + minor: 5 + contract: v1beta1 + - major: 0 + minor: 6 + contract: v1beta1 + - major: 0 + minor: 7 + contract: v1beta1 + - major: 0 + minor: 8 + contract: v1beta1 + - major: 0 + minor: 9 + contract: v1beta1 + - major: 0 + minor: 10 + contract: v1beta1 + - major: 0 + minor: 11 + contract: v1beta1 + - major: 0 + minor: 12 + contract: v1beta1 + - major: 0 + minor: 13 + contract: v1beta1 + - major: 0 + minor: 14 + contract: v1beta1 + - major: 0 + minor: 15 + contract: v1beta1 + - major: 0 + minor: 16 + contract: v1beta1 + - major: 0 + minor: 17 + contract: v1beta1 + - major: 0 + minor: 18 + contract: v1beta1 + - major: 0 + minor: 19 + contract: v1beta1 + - major: 0 + minor: 20 + contract: v1beta1 + - major: 0 + minor: 21 + contract: v1beta1 +kind: ConfigMap +metadata: + creationTimestamp: null + name: v0.21.1 + namespace: rke2-control-plane-system + labels: + provider-components: rke2-controlplane {{- end }} -{{- end }} \ No newline at end of file diff --git a/rancher-turtles-providers-chart/templates/infrastructure-metal3.yaml b/rancher-turtles-providers-chart/templates/infrastructure-metal3.yaml index 0c5afbb..aa7ab10 100644 --- a/rancher-turtles-providers-chart/templates/infrastructure-metal3.yaml +++ b/rancher-turtles-providers-chart/templates/infrastructure-metal3.yaml @@ -9,27 +9,6 @@ metadata: {{- end }} --- apiVersion: turtles-capi.cattle.io/v1alpha1 -kind: ClusterctlConfig -metadata: - name: clusterctl-config - namespace: cattle-turtles-system -spec: - providers: - - name: metal3 - url: "https://github.com/rancher-sandbox/cluster-api-provider-metal3/releases/v1.10.4/infrastructure-components.yaml" - type: InfrastructureProvider - - name: metal3ipam - url: "https://github.com/rancher-sandbox/ip-address-manager/releases/v1.10.4/ipam-components.yaml" - type: IPAMProvider - images: - - name: control-plane-rke2 - repository: "registry.suse.com/rancher" - - name: bootstrap-rke2 - repository: "registry.suse.com/rancher" - - name: addon-fleet - repository: "registry.suse.com/rancher" ---- -apiVersion: turtles-capi.cattle.io/v1alpha1 kind: CAPIProvider metadata: name: metal3 @@ -48,58 +27,3628 @@ spec: name: {{ index .Values "providers" "infrastructureMetal3" "configSecret" "name" }} namespace: {{ index .Values "providers" "infrastructureMetal3" "configSecret" "namespace" }} {{- end }} -{{- if index .Values "providers" "infrastructureMetal3" "fetchConfig" }} fetchConfig: - {{- if index .Values "providers" "infrastructureMetal3" "fetchConfig" "url" }} - url: {{ index .Values "providers" "infrastructureMetal3" "fetchConfig" "url" }} - {{- end }} - {{- if index .Values "providers" "infrastructureMetal3" "fetchConfig" "oci" }} - oci: {{ index .Values "providers" "infrastructureMetal3" "fetchConfig" "oci" }} - {{- end }} -{{- end }} + selector: + matchLabels: + provider-components: metal3 # Workaround for https://github.com/rancher-sandbox/cluster-api-provider-metal3/issues/1 deployment: containers: - name: manager imageUrl: "registry.suse.com/rancher/cluster-api-provider-metal3:v1.10.4" -{{- end }} - -{{- if index .Values "providers" "ipamMetal3" "enabled" }} -{{- $ipamnamespace := index .Values "providers" "ipamMetal3" "namespace" }} -{{- if not (lookup "v1" "Namespace" "" $ipamnamespace) }} --- apiVersion: v1 -kind: Namespace +data: + components: | + apiVersion: v1 + kind: Namespace + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + pod-security.kubernetes.io/enforce: restricted + name: capm3-system + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert + controller-gen.kubebuilder.io/version: v0.16.5 + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + cluster.x-k8s.io/v1beta1: v1beta1 + name: metal3clusters.infrastructure.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Metal3Cluster + listKind: Metal3ClusterList + plural: metal3clusters + shortNames: + - m3c + - m3cluster + - m3clusters + - metal3c + - metal3cluster + singular: metal3cluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of Metal3Cluster + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: metal3Cluster is Ready + jsonPath: .status.ready + name: Ready + type: string + - description: Most recent error + jsonPath: .status.failureReason + name: Error + type: string + - description: Cluster to which this BMCluster belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Control plane endpoint + jsonPath: .spec.controlPlaneEndpoint + name: Endpoint + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Metal3Cluster is the Schema for the metal3clusters API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Metal3ClusterSpec defines the desired state of Metal3Cluster. + properties: + cloudProviderEnabled: + description: |- + Determines if the cluster is to be deployed with an external cloud provider. + If set to false, CAPM3 will use node labels to set providerID on the kubernetes nodes. + If set to true, providerID is set on nodes by other entities and CAPM3 uses the value of the providerID on the m3m resource. + Default value is true, it is set in the webhook. + type: boolean + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: Host is the hostname on which the API server is serving. + type: string + port: + description: Port is the port on which the API server is serving. + type: integer + required: + - host + - port + type: object + noCloudProvider: + description: |- + Determines if the cluster is not to be deployed with an external cloud provider. + If set to true, CAPM3 will use node labels to set providerID on the kubernetes nodes. + If set to false, providerID is set on nodes by other entities and CAPM3 uses the value of the providerID on the m3m resource. + + Deprecated: This field is deprecated, use cloudProviderEnabled instead + type: boolean + type: object + status: + description: Metal3ClusterStatus defines the observed state of Metal3Cluster. + properties: + conditions: + description: Conditions defines current service state of the Metal3Cluster. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: |- + FailureMessage indicates that there is a fatal problem reconciling the + state, and will be set to a descriptive error message. + type: string + failureReason: + description: |- + FailureReason indicates that there is a fatal problem reconciling the + state, and will be set to a token value suitable for + programmatic interpretation. + type: string + lastUpdated: + description: LastUpdated identifies when this status was last observed. + format: date-time + type: string + ready: + description: |- + Ready denotes that the Metal3 cluster (infrastructure) is ready. In + Baremetal case, it does not mean anything for now as no infrastructure + steps need to be performed. Required by Cluster API. Set to True by the + metal3Cluster controller after creation. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert + controller-gen.kubebuilder.io/version: v0.16.5 + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + cluster.x-k8s.io/v1beta1: v1beta1 + name: metal3clustertemplates.infrastructure.cluster.x-k8s.io + spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Metal3ClusterTemplate + listKind: Metal3ClusterTemplateList + plural: metal3clustertemplates + shortNames: + - m3ct + singular: metal3clustertemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Metal3ClusterTemplate is the Schema for the metal3clustertemplates + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Metal3ClusterTemplateSpec defines the desired state of Metal3ClusterTemplate. + properties: + template: + description: Metal3ClusterTemplateResource describes the data for + creating a Metal3Cluster from a template. + properties: + spec: + description: Metal3ClusterSpec defines the desired state of Metal3Cluster. + properties: + cloudProviderEnabled: + description: |- + Determines if the cluster is to be deployed with an external cloud provider. + If set to false, CAPM3 will use node labels to set providerID on the kubernetes nodes. + If set to true, providerID is set on nodes by other entities and CAPM3 uses the value of the providerID on the m3m resource. + Default value is true, it is set in the webhook. + type: boolean + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint + used to communicate with the control plane. + properties: + host: + description: Host is the hostname on which the API server + is serving. + type: string + port: + description: Port is the port on which the API server + is serving. + type: integer + required: + - host + - port + type: object + noCloudProvider: + description: |- + Determines if the cluster is not to be deployed with an external cloud provider. + If set to true, CAPM3 will use node labels to set providerID on the kubernetes nodes. + If set to false, providerID is set on nodes by other entities and CAPM3 uses the value of the providerID on the m3m resource. + + Deprecated: This field is deprecated, use cloudProviderEnabled instead + type: boolean + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert + controller-gen.kubebuilder.io/version: v0.16.5 + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + cluster.x-k8s.io/v1beta1: v1beta1 + name: metal3dataclaims.infrastructure.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Metal3DataClaim + listKind: Metal3DataClaimList + plural: metal3dataclaims + shortNames: + - m3dc + - m3dataclaim + - m3dataclaims + - metal3dc + - metal3dataclaim + singular: metal3dataclaim + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of Metal3DataClaim + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Metal3DataClaim is the Schema for the metal3datas API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Metal3DataClaimSpec defines the desired state of Metal3DataClaim. + properties: + template: + description: Template is the Metal3DataTemplate this was generated + for. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + required: + - template + type: object + status: + description: Metal3DataClaimStatus defines the observed state of Metal3DataClaim. + properties: + errorMessage: + description: ErrorMessage contains the error message + type: string + renderedData: + description: RenderedData references the Metal3Data when ready + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert + clusterctl.cluster.x-k8s.io/skip-crd-name-preflight-check: "" + controller-gen.kubebuilder.io/version: v0.16.5 + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + cluster.x-k8s.io/v1beta1: v1beta1 + name: metal3datas.infrastructure.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Metal3Data + listKind: Metal3DataList + plural: metal3datas + shortNames: + - m3d + - m3data + - m3datas + - metal3d + - metal3data + singular: metal3data + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of Metal3Data + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Metal3Data is the Schema for the metal3datas API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Metal3DataSpec defines the desired state of Metal3Data. + properties: + claim: + description: DataClaim points to the Metal3DataClaim the Metal3Data + was created for. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + index: + description: Index stores the index value of this instance in the + Metal3DataTemplate. + type: integer + metaData: + description: MetaData points to the rendered MetaData secret. + properties: + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + networkData: + description: NetworkData points to the rendered NetworkData secret. + properties: + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + template: + description: DataTemplate is the Metal3DataTemplate this was generated + from. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + templateReference: + description: |- + TemplateReference refers to the Template the Metal3MachineTemplate refers to. + It can be matched against the key or it may also point to the name of the template + Metal3Data refers to. + + Deprecated: This field is deprecated and will be removed in a future release. + type: string + required: + - claim + - template + type: object + status: + description: Metal3DataStatus defines the observed state of Metal3Data. + properties: + errorMessage: + description: ErrorMessage contains the error message + type: string + ready: + description: Ready is a flag set to True if the secrets were rendered + properly + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert + controller-gen.kubebuilder.io/version: v0.16.5 + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + cluster.x-k8s.io/v1beta1: v1beta1 + name: metal3datatemplates.infrastructure.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Metal3DataTemplate + listKind: Metal3DataTemplateList + plural: metal3datatemplates + shortNames: + - m3dt + - m3datatemplate + - m3datatemplates + - metal3dt + - metal3datatemplate + singular: metal3datatemplate + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this template belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Time duration since creation of Metal3DataTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Metal3DataTemplate is the Schema for the metal3datatemplates + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Metal3DataTemplateSpec defines the desired state of Metal3DataTemplate. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + metaData: + description: MetaData contains the information needed to generate + the metadata secret + properties: + dnsServersFromIPPool: + description: DNSServersFromPool is the list of metadata items + to be rendered as dns servers. + items: + properties: + apiGroup: + description: APIGroup is the api group of the IP pool. + type: string + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + kind: + description: Kind is the kind of the IP pool + type: string + name: + description: Name is the name of the IP pool used to fetch + the value to set in the metadata map for cloud-init + type: string + required: + - apiGroup + - key + - kind + - name + type: object + type: array + fromAnnotations: + description: |- + FromAnnotations is the list of metadata items to be fetched from object + Annotations + items: + description: |- + MetaDataFromAnnotation contains the information to fetch an annotation + content, if the label does not exist, it is rendered as empty string. + properties: + annotation: + description: Annotation is the key of the Annotation to + fetch + type: string + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + object: + description: Object is the type of the object from which + we retrieve the name + enum: + - machine + - metal3machine + - baremetalhost + type: string + required: + - annotation + - key + - object + type: object + type: array + fromHostInterfaces: + description: |- + FromHostInterfaces is the list of metadata items to be rendered as MAC + addresses of the host interfaces. + items: + description: MetaDataHostInterface contains the information + to render the object name. + properties: + interface: + description: |- + Interface is the name of the interface in the BareMetalHost Status Hardware + Details list of interfaces from which to fetch the MAC address. + type: string + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + required: + - interface + - key + type: object + type: array + fromLabels: + description: FromLabels is the list of metadata items to be fetched + from object labels + items: + description: |- + MetaDataFromLabel contains the information to fetch a label content, if the + label does not exist, it is rendered as empty string. + properties: + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + label: + description: Label is the key of the label to fetch + type: string + object: + description: Object is the type of the object from which + we retrieve the name + enum: + - machine + - metal3machine + - baremetalhost + type: string + required: + - key + - label + - object + type: object + type: array + gatewaysFromIPPool: + description: GatewaysFromPool is the list of metadata items to + be rendered as gateway addresses. + items: + properties: + apiGroup: + description: APIGroup is the api group of the IP pool. + type: string + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + kind: + description: Kind is the kind of the IP pool + type: string + name: + description: Name is the name of the IP pool used to fetch + the value to set in the metadata map for cloud-init + type: string + required: + - apiGroup + - key + - kind + - name + type: object + type: array + indexes: + description: |- + Indexes is the list of metadata items to be rendered from the index of the + Metal3Data + items: + description: MetaDataIndex contains the information to render + the index. + properties: + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + offset: + description: Offset is the offset to apply to the index + when rendering it + type: integer + prefix: + description: Prefix is the prefix string + type: string + step: + default: 1 + description: Step is the multiplier of the index + type: integer + suffix: + description: Suffix is the suffix string + type: string + required: + - key + type: object + type: array + ipAddressesFromIPPool: + description: IPAddressesFromPool is the list of metadata items + to be rendered as ip addresses. + items: + properties: + apiGroup: + description: APIGroup is the api group of the IP pool. + type: string + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + kind: + description: Kind is the kind of the IP pool + type: string + name: + description: Name is the name of the IP pool used to fetch + the value to set in the metadata map for cloud-init + type: string + required: + - apiGroup + - key + - kind + - name + type: object + type: array + namespaces: + description: Namespaces is the list of metadata items to be rendered + from the namespace + items: + description: MetaDataNamespace contains the information to render + the namespace. + properties: + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + required: + - key + type: object + type: array + objectNames: + description: |- + ObjectNames is the list of metadata items to be rendered from the name + of objects. + items: + description: MetaDataObjectName contains the information to + render the object name. + properties: + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + object: + description: Object is the type of the object from which + we retrieve the name + enum: + - machine + - metal3machine + - baremetalhost + type: string + required: + - key + - object + type: object + type: array + prefixesFromIPPool: + description: PrefixesFromPool is the list of metadata items to + be rendered as network prefixes. + items: + properties: + apiGroup: + description: APIGroup is the api group of the IP pool. + type: string + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + kind: + description: Kind is the kind of the IP pool + type: string + name: + description: Name is the name of the IP pool used to fetch + the value to set in the metadata map for cloud-init + type: string + required: + - apiGroup + - key + - kind + - name + type: object + type: array + strings: + description: Strings is the list of metadata items to be rendered + from strings + items: + description: MetaDataString contains the information to render + the string. + properties: + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + value: + description: Value is the string to render. + type: string + required: + - key + - value + type: object + type: array + type: object + networkData: + description: |- + NetworkData contains the information needed to generate the networkdata + secret + properties: + links: + description: Links is a structure containing lists of different + types objects + properties: + bonds: + description: Bonds contains a list of Bond links + items: + description: NetworkDataLinkBond represents a bond link + object. + properties: + bondLinks: + description: BondLinks is the list of links that are + part of the bond. + items: + type: string + type: array + bondMode: + description: |- + BondMode is the mode of bond used. It can be one of + balance-rr, active-backup, balance-xor, broadcast, balance-tlb, balance-alb, 802.3ad + enum: + - balance-rr + - active-backup + - balance-xor + - broadcast + - balance-tlb + - balance-alb + - 802.3ad + type: string + bondXmitHashPolicy: + description: Selects the transmit hash policy used for + port selection in balance-xor and 802.3ad modes + enum: + - layer2 + - layer3+4 + - layer2+3 + type: string + id: + description: Id is the ID of the interface (used for + naming) + type: string + macAddress: + description: |- + MACAddress is the MAC address of the interface, containing the object + used to render it. + properties: + fromAnnotation: + description: |- + FromAnnotation references an object Annotation to retrieve the + MAC address from + properties: + annotation: + description: Annotation is the key of the Annotation + to fetch + type: string + object: + description: Object is the type of the object + from which we retrieve the name + enum: + - machine + - metal3machine + - baremetalhost + type: string + required: + - annotation + - object + type: object + fromHostInterface: + description: |- + FromHostInterface contains the name of the interface in the BareMetalHost + Introspection details from which to fetch the MAC address + type: string + string: + description: String contains the MAC address given + as a string + type: string + type: object + mtu: + default: 1500 + description: MTU is the MTU of the interface + maximum: 9000 + type: integer + required: + - bondMode + - id + - macAddress + type: object + type: array + ethernets: + description: Ethernets contains a list of Ethernet links + items: + description: NetworkDataLinkEthernet represents an ethernet + link object. + properties: + id: + description: Id is the ID of the interface (used for + naming) + type: string + macAddress: + description: |- + MACAddress is the MAC address of the interface, containing the object + used to render it. + properties: + fromAnnotation: + description: |- + FromAnnotation references an object Annotation to retrieve the + MAC address from + properties: + annotation: + description: Annotation is the key of the Annotation + to fetch + type: string + object: + description: Object is the type of the object + from which we retrieve the name + enum: + - machine + - metal3machine + - baremetalhost + type: string + required: + - annotation + - object + type: object + fromHostInterface: + description: |- + FromHostInterface contains the name of the interface in the BareMetalHost + Introspection details from which to fetch the MAC address + type: string + string: + description: String contains the MAC address given + as a string + type: string + type: object + mtu: + default: 1500 + description: MTU is the MTU of the interface + maximum: 9000 + type: integer + type: + description: |- + Type is the type of the ethernet link. It can be one of: + bridge, dvs, hw_veb, hyperv, ovs, tap, vhostuser, vif, phy + enum: + - bridge + - dvs + - hw_veb + - hyperv + - ovs + - tap + - vhostuser + - vif + - phy + type: string + required: + - id + - macAddress + - type + type: object + type: array + vlans: + description: Vlans contains a list of Vlan links + items: + description: NetworkDataLinkVlan represents a vlan link + object. + properties: + id: + description: Id is the ID of the interface (used for + naming) + type: string + macAddress: + description: |- + MACAddress is the MAC address of the interface, containing the object + used to render it. + properties: + fromAnnotation: + description: |- + FromAnnotation references an object Annotation to retrieve the + MAC address from + properties: + annotation: + description: Annotation is the key of the Annotation + to fetch + type: string + object: + description: Object is the type of the object + from which we retrieve the name + enum: + - machine + - metal3machine + - baremetalhost + type: string + required: + - annotation + - object + type: object + fromHostInterface: + description: |- + FromHostInterface contains the name of the interface in the BareMetalHost + Introspection details from which to fetch the MAC address + type: string + string: + description: String contains the MAC address given + as a string + type: string + type: object + mtu: + default: 1500 + description: MTU is the MTU of the interface + maximum: 9000 + type: integer + vlanID: + description: VlanID is the Vlan ID + maximum: 4096 + type: integer + vlanLink: + description: VlanLink is the name of the link on which + the vlan should be added + type: string + required: + - id + - macAddress + - vlanID + - vlanLink + type: object + type: array + type: object + networks: + description: Networks is a structure containing lists of different + types objects + properties: + ipv4: + description: IPv4 contains a list of IPv4 static allocations + items: + description: NetworkDataIPv4 represents an ipv4 static network + object. + properties: + fromPoolRef: + description: FromPoolRef is a reference to a IP pool + to allocate an address from. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + id: + description: ID is the network ID (name) + type: string + ipAddressFromIPPool: + description: IPAddressFromIPPool contains the name of + the IP pool to use to get an ip address + type: string + link: + description: Link is the link on which the network applies + type: string + routes: + description: Routes contains a list of IPv4 routes + items: + description: NetworkDataRoutev4 represents an ipv4 + route object. + properties: + gateway: + description: Gateway is the IPv4 address of the + gateway + properties: + fromIPPool: + description: FromIPPool is the name of the + IPPool to fetch the gateway from + type: string + string: + description: String is the gateway given as + a string + pattern: ^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$ + type: string + type: object + network: + description: Network is the IPv4 network address + pattern: ^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$ + type: string + prefix: + description: Prefix is the mask of the network + as integer (max 32) + maximum: 32 + type: integer + services: + description: Services is a list of IPv4 services + properties: + dns: + description: DNS is a list of IPv4 DNS services + items: + description: IPAddressv4 is used for validation + of an IPv6 address. + pattern: ^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$ + type: string + type: array + dnsFromIPPool: + description: DNSFromIPPool is the name of + the IPPool from which to get the DNS servers + type: string + type: object + required: + - gateway + - network + type: object + type: array + required: + - id + - link + type: object + type: array + ipv4DHCP: + description: IPv4 contains a list of IPv4 DHCP allocations + items: + description: NetworkDataIPv4DHCP represents an ipv4 DHCP + network object. + properties: + id: + description: ID is the network ID (name) + type: string + link: + description: Link is the link on which the network applies + type: string + routes: + description: Routes contains a list of IPv4 routes + items: + description: NetworkDataRoutev4 represents an ipv4 + route object. + properties: + gateway: + description: Gateway is the IPv4 address of the + gateway + properties: + fromIPPool: + description: FromIPPool is the name of the + IPPool to fetch the gateway from + type: string + string: + description: String is the gateway given as + a string + pattern: ^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$ + type: string + type: object + network: + description: Network is the IPv4 network address + pattern: ^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$ + type: string + prefix: + description: Prefix is the mask of the network + as integer (max 32) + maximum: 32 + type: integer + services: + description: Services is a list of IPv4 services + properties: + dns: + description: DNS is a list of IPv4 DNS services + items: + description: IPAddressv4 is used for validation + of an IPv6 address. + pattern: ^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$ + type: string + type: array + dnsFromIPPool: + description: DNSFromIPPool is the name of + the IPPool from which to get the DNS servers + type: string + type: object + required: + - gateway + - network + type: object + type: array + required: + - id + - link + type: object + type: array + ipv6: + description: IPv4 contains a list of IPv6 static allocations + items: + description: NetworkDataIPv6 represents an ipv6 static network + object. + properties: + fromPoolRef: + description: FromPoolRef is a reference to a IP pool + to allocate an address from. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + id: + description: ID is the network ID (name) + type: string + ipAddressFromIPPool: + description: IPAddressFromIPPool contains the name of + the IPPool to use to get an ip address + type: string + link: + description: Link is the link on which the network applies + type: string + routes: + description: Routes contains a list of IPv6 routes + items: + description: NetworkDataRoutev6 represents an ipv6 + route object. + properties: + gateway: + description: Gateway is the IPv6 address of the + gateway + properties: + fromIPPool: + description: FromIPPool is the name of the + IPPool to fetch the gateway from + type: string + string: + description: String is the gateway given as + a string + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + type: object + network: + description: Network is the IPv6 network address + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + prefix: + description: Prefix is the mask of the network + as integer (max 128) + maximum: 128 + type: integer + services: + description: Services is a list of IPv6 services + properties: + dns: + description: DNS is a list of IPv6 DNS services + items: + description: IPAddressv6 is used for validation + of an IPv6 address. + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + type: array + dnsFromIPPool: + description: DNSFromIPPool is the name of + the IPPool from which to get the DNS servers + type: string + type: object + required: + - gateway + - network + type: object + type: array + required: + - id + - ipAddressFromIPPool + - link + type: object + type: array + ipv6DHCP: + description: IPv4 contains a list of IPv6 DHCP allocations + items: + description: NetworkDataIPv6DHCP represents an ipv6 DHCP + network object. + properties: + id: + description: ID is the network ID (name) + type: string + link: + description: Link is the link on which the network applies + type: string + routes: + description: Routes contains a list of IPv6 routes + items: + description: NetworkDataRoutev6 represents an ipv6 + route object. + properties: + gateway: + description: Gateway is the IPv6 address of the + gateway + properties: + fromIPPool: + description: FromIPPool is the name of the + IPPool to fetch the gateway from + type: string + string: + description: String is the gateway given as + a string + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + type: object + network: + description: Network is the IPv6 network address + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + prefix: + description: Prefix is the mask of the network + as integer (max 128) + maximum: 128 + type: integer + services: + description: Services is a list of IPv6 services + properties: + dns: + description: DNS is a list of IPv6 DNS services + items: + description: IPAddressv6 is used for validation + of an IPv6 address. + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + type: array + dnsFromIPPool: + description: DNSFromIPPool is the name of + the IPPool from which to get the DNS servers + type: string + type: object + required: + - gateway + - network + type: object + type: array + required: + - id + - link + type: object + type: array + ipv6SLAAC: + description: IPv4 contains a list of IPv6 SLAAC allocations + items: + description: NetworkDataIPv6DHCP represents an ipv6 DHCP + network object. + properties: + id: + description: ID is the network ID (name) + type: string + link: + description: Link is the link on which the network applies + type: string + routes: + description: Routes contains a list of IPv6 routes + items: + description: NetworkDataRoutev6 represents an ipv6 + route object. + properties: + gateway: + description: Gateway is the IPv6 address of the + gateway + properties: + fromIPPool: + description: FromIPPool is the name of the + IPPool to fetch the gateway from + type: string + string: + description: String is the gateway given as + a string + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + type: object + network: + description: Network is the IPv6 network address + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + prefix: + description: Prefix is the mask of the network + as integer (max 128) + maximum: 128 + type: integer + services: + description: Services is a list of IPv6 services + properties: + dns: + description: DNS is a list of IPv6 DNS services + items: + description: IPAddressv6 is used for validation + of an IPv6 address. + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + type: array + dnsFromIPPool: + description: DNSFromIPPool is the name of + the IPPool from which to get the DNS servers + type: string + type: object + required: + - gateway + - network + type: object + type: array + required: + - id + - link + type: object + type: array + type: object + services: + description: Services is a structure containing lists of different + types objects + properties: + dns: + description: DNS is a list of DNS services + items: + description: IPAddress is used for validation of an IP address. + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + type: array + dnsFromIPPool: + description: DNSFromIPPool is the name of the IPPool from + which to get the DNS servers + type: string + type: object + type: object + templateReference: + description: |- + TemplateReference refers to the Template the Metal3MachineTemplate refers to. + It can be matched against the key or it may also point to the name of the template + Metal3Data refers to. + + Deprecated: This field is deprecated and will be removed in a future release. + type: string + required: + - clusterName + type: object + status: + description: Metal3DataTemplateStatus defines the observed state of Metal3DataTemplate. + properties: + indexes: + additionalProperties: + type: integer + description: Indexes contains the map of Metal3Machine and index used + type: object + lastUpdated: + description: LastUpdated identifies when this status was last observed. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert + controller-gen.kubebuilder.io/version: v0.16.5 + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + cluster.x-k8s.io/v1beta1: v1beta1 + name: metal3machines.infrastructure.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Metal3Machine + listKind: Metal3MachineList + plural: metal3machines + shortNames: + - m3m + - m3machine + - m3machines + - metal3m + - metal3machine + singular: metal3machine + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of Metal3Machine + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Provider ID + jsonPath: .spec.providerID + name: ProviderID + type: string + - description: metal3machine is Ready + jsonPath: .status.ready + name: Ready + type: string + - description: Cluster to which this M3Machine belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: metal3machine current phase + jsonPath: .status.phase + name: Phase + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Metal3Machine is the Schema for the metal3machines API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Metal3MachineSpec defines the desired state of Metal3Machine. + properties: + automatedCleaningMode: + description: |- + When set to disabled, automated cleaning of host disks will be skipped + during provisioning and deprovisioning. + enum: + - metadata + - disabled + type: string + customDeploy: + description: A custom deploy procedure. + properties: + method: + description: |- + Custom deploy method name. + This name is specific to the deploy ramdisk used. If you don't have + a custom deploy ramdisk, you shouldn't use CustomDeploy. + type: string + required: + - method + type: object + dataTemplate: + description: |- + MetadataTemplate is a reference to a Metal3DataTemplate object containing + a template of metadata to be rendered. Metadata keys defined in the + metadataTemplate take precedence over keys defined in metadata field. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + hostSelector: + description: |- + HostSelector specifies matching criteria for labels on BareMetalHosts. + This is used to limit the set of BareMetalHost objects considered for + claiming for a metal3machine. + properties: + matchExpressions: + description: Label match expressions that must be true on a chosen + BareMetalHost + items: + properties: + key: + type: string + operator: + description: |- + Operator represents a key/field's relationship to value(s). + See labels.Requirement and fields.Requirement for more details. + type: string + values: + items: + type: string + type: array + required: + - key + - operator + - values + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: Key/value pairs of labels that must exist on a chosen + BareMetalHost + type: object + type: object + image: + description: Image is the image to be provisioned. + properties: + checksum: + description: Checksum is a md5sum, sha256sum or sha512sum value + or a URL to retrieve one. + type: string + checksumType: + description: |- + ChecksumType is the checksum algorithm for the image. + e.g md5, sha256, sha512 + enum: + - md5 + - sha256 + - sha512 + type: string + format: + description: DiskFormat contains the image disk format. + enum: + - raw + - qcow2 + - vdi + - vmdk + - live-iso + type: string + url: + description: URL is a location of an image to deploy. + type: string + required: + - checksum + - url + type: object + metaData: + description: |- + MetaData is an object storing the reference to the secret containing the + Metadata given by the user. + properties: + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + networkData: + description: |- + NetworkData is an object storing the reference to the secret containing the + network data given by the user. + properties: + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + providerID: + description: |- + ProviderID will be the Metal3 machine in ProviderID format + (metal3://) + type: string + userData: + description: |- + UserData references the Secret that holds user data needed by the bare metal + operator. The Namespace is optional; it will default to the metal3machine's + namespace if not specified. + properties: + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + type: object + status: + description: Metal3MachineStatus defines the observed state of Metal3Machine. + properties: + addresses: + description: |- + Addresses is a list of addresses assigned to the machine. + This field is copied from the infrastructure provider reference. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: address is the machine address. + maxLength: 256 + minLength: 1 + type: string + type: + description: type is the machine address type, one of Hostname, + ExternalIP, InternalIP, ExternalDNS or InternalDNS. + enum: + - Hostname + - ExternalIP + - InternalIP + - ExternalDNS + - InternalDNS + type: string + required: + - address + - type + type: object + type: array + conditions: + description: Conditions defines current service state of the Metal3Machine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: |- + FailureMessage will be set in the event that there is a terminal problem + reconciling the metal3machine and will contain a more verbose string suitable + for logging and human consumption. + + This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over + time (like service outages), but instead indicate that something is + fundamentally wrong with the metal3machine's spec or the configuration of + the controller, and that manual intervention is required. Examples + of terminal errors would be invalid combinations of settings in the + spec, values that are unsupported by the controller, or the + responsible controller itself being critically misconfigured. + + Any transient errors that occur during the reconciliation of + metal3machines can be added as events to the metal3machine object + and/or logged in the controller's output. + type: string + failureReason: + description: |- + FailureReason will be set in the event that there is a terminal problem + reconciling the metal3machine and will contain a succinct value suitable + for machine interpretation. + + This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over + time (like service outages), but instead indicate that something is + fundamentally wrong with the metal3machine's spec or the configuration of + the controller, and that manual intervention is required. Examples + of terminal errors would be invalid combinations of settings in the + spec, values that are unsupported by the controller, or the + responsible controller itself being critically misconfigured. + + Any transient errors that occur during the reconciliation of + metal3machines can be added as events to the metal3machine object + and/or logged in the controller's output. + type: string + lastUpdated: + description: LastUpdated identifies when this status was last observed. + format: date-time + type: string + metaData: + description: |- + MetaData is an object storing the reference to the secret containing the + Metadata used to deploy the BareMetalHost. + properties: + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + networkData: + description: |- + NetworkData is an object storing the reference to the secret containing the + network data used to deploy the BareMetalHost. + properties: + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + phase: + description: |- + Phase represents the current phase of machine actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + ready: + description: |- + Ready is the state of the metal3. + mhrivnak: " it would be good to document what this means, how to interpret + it, under what circumstances the value changes, etc." + type: boolean + renderedData: + description: |- + RenderedData is a reference to a rendered Metal3Data object containing + the references to metaData and networkData secrets. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + userData: + description: |- + UserData references the Secret that holds user data needed by the bare metal + operator. The Namespace is optional; it will default to the metal3machine's + namespace if not specified. + properties: + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert + controller-gen.kubebuilder.io/version: v0.16.5 + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + cluster.x-k8s.io/v1beta1: v1beta1 + name: metal3machinetemplates.infrastructure.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Metal3MachineTemplate + listKind: Metal3MachineTemplateList + plural: metal3machinetemplates + shortNames: + - m3mt + - m3machinetemplate + - m3machinetemplates + - metal3mt + - metal3machinetemplate + singular: metal3machinetemplate + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of Metal3MachineTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Metal3MachineTemplate is the Schema for the metal3machinetemplates + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Metal3MachineTemplateSpec defines the desired state of Metal3MachineTemplate. + properties: + nodeReuse: + default: false + description: |- + When set to True, CAPM3 Machine controller will + pick the same pool of BMHs' that were released during the upgrade operation. + type: boolean + template: + description: Metal3MachineTemplateResource describes the data needed + to create a Metal3Machine from a template. + properties: + spec: + description: Spec is the specification of the desired behavior + of the machine. + properties: + automatedCleaningMode: + description: |- + When set to disabled, automated cleaning of host disks will be skipped + during provisioning and deprovisioning. + enum: + - metadata + - disabled + type: string + customDeploy: + description: A custom deploy procedure. + properties: + method: + description: |- + Custom deploy method name. + This name is specific to the deploy ramdisk used. If you don't have + a custom deploy ramdisk, you shouldn't use CustomDeploy. + type: string + required: + - method + type: object + dataTemplate: + description: |- + MetadataTemplate is a reference to a Metal3DataTemplate object containing + a template of metadata to be rendered. Metadata keys defined in the + metadataTemplate take precedence over keys defined in metadata field. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + hostSelector: + description: |- + HostSelector specifies matching criteria for labels on BareMetalHosts. + This is used to limit the set of BareMetalHost objects considered for + claiming for a metal3machine. + properties: + matchExpressions: + description: Label match expressions that must be true + on a chosen BareMetalHost + items: + properties: + key: + type: string + operator: + description: |- + Operator represents a key/field's relationship to value(s). + See labels.Requirement and fields.Requirement for more details. + type: string + values: + items: + type: string + type: array + required: + - key + - operator + - values + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: Key/value pairs of labels that must exist + on a chosen BareMetalHost + type: object + type: object + image: + description: Image is the image to be provisioned. + properties: + checksum: + description: Checksum is a md5sum, sha256sum or sha512sum + value or a URL to retrieve one. + type: string + checksumType: + description: |- + ChecksumType is the checksum algorithm for the image. + e.g md5, sha256, sha512 + enum: + - md5 + - sha256 + - sha512 + type: string + format: + description: DiskFormat contains the image disk format. + enum: + - raw + - qcow2 + - vdi + - vmdk + - live-iso + type: string + url: + description: URL is a location of an image to deploy. + type: string + required: + - checksum + - url + type: object + metaData: + description: |- + MetaData is an object storing the reference to the secret containing the + Metadata given by the user. + properties: + name: + description: name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: namespace defines the space within which + the secret name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + networkData: + description: |- + NetworkData is an object storing the reference to the secret containing the + network data given by the user. + properties: + name: + description: name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: namespace defines the space within which + the secret name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + providerID: + description: |- + ProviderID will be the Metal3 machine in ProviderID format + (metal3://) + type: string + userData: + description: |- + UserData references the Secret that holds user data needed by the bare metal + operator. The Namespace is optional; it will default to the metal3machine's + namespace if not specified. + properties: + name: + description: name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: namespace defines the space within which + the secret name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true + subresources: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert + controller-gen.kubebuilder.io/version: v0.16.5 + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + cluster.x-k8s.io/v1beta1: v1beta1 + name: metal3remediations.infrastructure.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Metal3Remediation + listKind: Metal3RemediationList + plural: metal3remediations + shortNames: + - m3r + - m3remediation + singular: metal3remediation + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: How many times remediation controller should attempt to remediate + the host + jsonPath: .spec.strategy.retryLimit + name: Retry limit + type: string + - description: How many times remediation controller has tried to remediate the + node + jsonPath: .status.retryCount + name: Retry count + type: string + - description: Timestamp of the last remediation attempt + jsonPath: .status.lastRemediated + name: Last Remediated + type: string + - description: Type of the remediation strategy + jsonPath: .spec.strategy.type + name: Strategy + type: string + - description: Phase of the remediation + jsonPath: .status.phase + name: Phase + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Metal3Remediation is the Schema for the metal3remediations API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Metal3RemediationSpec defines the desired state of Metal3Remediation. + properties: + strategy: + description: Strategy field defines remediation strategy. + properties: + retryLimit: + description: Sets maximum number of remediation retries. + type: integer + timeout: + description: Sets the timeout between remediation retries. + type: string + type: + description: Type of remediation. + type: string + type: object + type: object + status: + description: Metal3RemediationStatus defines the observed state of Metal3Remediation. + properties: + lastRemediated: + description: LastRemediated identifies when the host was last remediated + format: date-time + type: string + phase: + description: |- + Phase represents the current phase of machine remediation. + E.g. Pending, Running, Done etc. + type: string + retryCount: + description: |- + RetryCount can be used as a counter during the remediation. + Field can hold number of reboots etc. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert + controller-gen.kubebuilder.io/version: v0.16.5 + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + cluster.x-k8s.io/v1beta1: v1beta1 + name: metal3remediationtemplates.infrastructure.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Metal3RemediationTemplate + listKind: Metal3RemediationTemplateList + plural: metal3remediationtemplates + shortNames: + - m3rt + - m3remediationtemplate + - m3remediationtemplates + - metal3rt + - metal3remediationtemplate + singular: metal3remediationtemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Metal3RemediationTemplate is the Schema for the metal3remediationtemplates + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Metal3RemediationTemplateSpec defines the desired state of + Metal3RemediationTemplate. + properties: + template: + description: Metal3RemediationTemplateResource describes the data + needed to create a Metal3Remediation from a template. + properties: + spec: + description: Spec is the specification of the desired behavior + of the Metal3Remediation. + properties: + strategy: + description: Strategy field defines remediation strategy. + properties: + retryLimit: + description: Sets maximum number of remediation retries. + type: integer + timeout: + description: Sets the timeout between remediation retries. + type: string + type: + description: Type of remediation. + type: string + type: object + type: object + required: + - spec + type: object + required: + - template + type: object + status: + description: Metal3RemediationTemplateStatus defines the observed state + of Metal3RemediationTemplate. + properties: + status: + description: Metal3RemediationStatus defines the observed state of + Metal3Remediation + properties: + lastRemediated: + description: LastRemediated identifies when the host was last + remediated + format: date-time + type: string + phase: + description: |- + Phase represents the current phase of machine remediation. + E.g. Pending, Running, Done etc. + type: string + retryCount: + description: |- + RetryCount can be used as a counter during the remediation. + Field can hold number of reboots etc. + type: integer + type: object + required: + - status + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-manager + namespace: capm3-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-leader-election-role + namespace: capm3-system + rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-manager-role + rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - list + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + - machinesets + verbs: + - get + - list + - watch + - apiGroups: + - cluster.x-k8s.io + resources: + - kubeadmcontrolplanes + - machinedeployments + - machines + - machines/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3clusters + - metal3dataclaims + - metal3datas + - metal3datatemplates + - metal3machines + - metal3machinetemplates + - metal3remediations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3clusters/status + - metal3dataclaims/status + - metal3datas/status + - metal3datatemplates/status + - metal3machines/status + - metal3remediations/status + verbs: + - get + - patch + - update + - apiGroups: + - ipam.cluster.x-k8s.io + resources: + - ipaddressclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ipam.cluster.x-k8s.io + resources: + - ipaddressclaims/status + verbs: + - get + - watch + - apiGroups: + - ipam.cluster.x-k8s.io + - ipam.metal3.io + resources: + - ipaddresses + verbs: + - get + - list + - watch + - apiGroups: + - ipam.cluster.x-k8s.io + - ipam.metal3.io + resources: + - ipaddresses/status + verbs: + - get + - apiGroups: + - ipam.metal3.io + resources: + - ipclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ipam.metal3.io + resources: + - ipclaims/status + verbs: + - get + - watch + - apiGroups: + - metal3.io + resources: + - baremetalhosts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - metal3.io + resources: + - baremetalhosts/status + verbs: + - get + - patch + - update + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - list + - watch + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-leader-election-rolebinding + namespace: capm3-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capm3-leader-election-role + subjects: + - kind: ServiceAccount + name: capm3-manager + namespace: capm3-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-manager-rolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capm3-manager-role + subjects: + - kind: ServiceAccount + name: capm3-manager + namespace: capm3-system + --- + apiVersion: v1 + data: + CAPM3_FAST_TRACK: ${CAPM3_FAST_TRACK:='false'} + kind: ConfigMap + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-capm3fasttrack-configmap + namespace: capm3-system + --- + apiVersion: v1 + kind: Service + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-webhook-service + namespace: capm3-system + spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: infrastructure-metal3 + --- + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + name: capm3-controller-manager + namespace: capm3-system + spec: + selector: + matchLabels: + cluster.x-k8s.io/provider: infrastructure-metal3 + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + template: + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + spec: + containers: + - args: + - --webhook-port=9443 + - --enableBMHNameBasedPreallocation=${ENABLE_BMH_NAME_BASED_PREALLOCATION:=false} + - --diagnostics-address=${CAPM3_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${CAPM3_INSECURE_DIAGNOSTICS:=false} + - --tls-min-version=${TLS_MIN_VERSION:=VersionTLS13} + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: capm3-capm3fasttrack-configmap + image: quay.io/metal3-io/cluster-api-provider-metal3:main + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: capm3-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: capm3-webhook-service-cert + --- + apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-serving-cert + namespace: capm3-system + spec: + dnsNames: + - capm3-webhook-service.capm3-system.svc + - capm3-webhook-service.capm3-system.svc.cluster.local + issuerRef: + kind: Issuer + name: capm3-selfsigned-issuer + secretName: capm3-webhook-service-cert + --- + apiVersion: cert-manager.io/v1 + kind: Issuer + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-selfsigned-issuer + namespace: capm3-system + spec: + selfSigned: {} + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: MutatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-mutating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3cluster + failurePolicy: Fail + matchPolicy: Equivalent + name: default.metal3cluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3clusters + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3clustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.metal3clustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3clustertemplates + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3data + failurePolicy: Fail + matchPolicy: Equivalent + name: default.metal3data.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3datas + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3dataclaim + failurePolicy: Fail + matchPolicy: Equivalent + name: default.metal3dataclaim.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3dataclaims + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3datatemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.metal3datatemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3datatemplates + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3machine + failurePolicy: Fail + matchPolicy: Equivalent + name: default.metal3machine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3machines + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3machinetemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.metal3machinetemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3machinetemplates + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3remediation + failurePolicy: Fail + matchPolicy: Equivalent + name: default.metal3remediation.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3remediations + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3remediationtemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.metal3remediationtemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3remediationtemplates + sideEffects: None + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-validating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3cluster + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.metal3cluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3clusters + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3clustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.metal3clustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3clustertemplates + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3data + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.metal3data.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3datas + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3dataclaim + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.metal3dataclaim.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3dataclaims + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3datatemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.metal3datatemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3datatemplates + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3machine + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.metal3machine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3machines + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3machinetemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.metal3machinetemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3machinetemplates + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3remediation + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.metal3remediation.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3remediations + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3remediationtemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.metal3remediationtemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3remediationtemplates + sideEffects: None + metadata: | + apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 + kind: Metadata + releaseSeries: + - major: 1 + minor: 10 + contract: v1beta1 + - major: 1 + minor: 9 + contract: v1beta1 + - major: 1 + minor: 8 + contract: v1beta1 + - major: 1 + minor: 7 + contract: v1beta1 + - major: 1 + minor: 6 + contract: v1beta1 + - major: 1 + minor: 5 + contract: v1beta1 + - major: 1 + minor: 4 + contract: v1beta1 + - major: 1 + minor: 3 + contract: v1beta1 + - major: 1 + minor: 2 + contract: v1beta1 + - major: 1 + minor: 1 + contract: v1beta1 +kind: ConfigMap metadata: - name: {{ index .Values "providers" "ipamMetal3" "namespace" }} -{{- end }} ---- -apiVersion: turtles-capi.cattle.io/v1alpha1 -kind: CAPIProvider -metadata: - name: metal3ipam - namespace: {{ index .Values "providers" "ipamMetal3" "namespace" }} -spec: - name: metal3ipam - type: ipam -{{- if index .Values "providers" "ipamMetal3" "version" }} - version: {{ index .Values "providers" "ipamMetal3" "version" }} -{{- end }} -{{- if index .Values "providers" "ipamMetal3" "enableAutomaticUpdate" }} - enableAutomaticUpdate: {{ index .Values "providers" "ipamMetal3" "enableAutomaticUpdate" }} -{{- end }} -{{- if or (index .Values "providers" "ipamMetal3" "configSecret") }} - configSecret: - name: {{ index .Values "providers" "ipamMetal3" "configSecret" "name" }} - namespace: {{ index .Values "providers" "ipamMetal3" "configSecret" "namespace" }} -{{- end }} -{{- if index .Values "providers" "ipamMetal3" "fetchConfig" }} - fetchConfig: - {{- if index .Values "providers" "ipamMetal3" "fetchConfig" "url" }} - url: {{ index .Values "providers" "ipamMetal3" "fetchConfig" "url" }} - {{- end }} - {{- if index .Values "providers" "ipamMetal3" "fetchConfig" "oci" }} - oci: {{ index .Values "providers" "ipamMetal3" "fetchConfig" "oci" }} - {{- end }} -{{- end }} + creationTimestamp: null + name: v1.10.4 + namespace: capm3-system + labels: + provider-components: metal3 {{- end }} diff --git a/rancher-turtles-providers-chart/templates/ipam-metal3.yaml b/rancher-turtles-providers-chart/templates/ipam-metal3.yaml new file mode 100644 index 0000000..a87703c --- /dev/null +++ b/rancher-turtles-providers-chart/templates/ipam-metal3.yaml @@ -0,0 +1,1063 @@ +{{- if index .Values "providers" "ipamMetal3" "enabled" }} +{{- $ipamnamespace := index .Values "providers" "ipamMetal3" "namespace" }} +{{- if not (lookup "v1" "Namespace" "" $ipamnamespace) }} +--- +apiVersion: v1 +kind: Namespace +metadata: + name: {{ index .Values "providers" "ipamMetal3" "namespace" }} +{{- end }} +--- +apiVersion: turtles-capi.cattle.io/v1alpha1 +kind: CAPIProvider +metadata: + name: metal3ipam + namespace: {{ index .Values "providers" "ipamMetal3" "namespace" }} +spec: + name: metal3ipam + type: ipam +{{- if index .Values "providers" "ipamMetal3" "version" }} + version: {{ index .Values "providers" "ipamMetal3" "version" }} +{{- end }} +{{- if index .Values "providers" "ipamMetal3" "enableAutomaticUpdate" }} + enableAutomaticUpdate: {{ index .Values "providers" "ipamMetal3" "enableAutomaticUpdate" }} +{{- end }} +{{- if or (index .Values "providers" "ipamMetal3" "configSecret") }} + configSecret: + name: {{ index .Values "providers" "ipamMetal3" "configSecret" "name" }} + namespace: {{ index .Values "providers" "ipamMetal3" "configSecret" "namespace" }} +{{- end }} + fetchConfig: + selector: + matchLabels: + provider-components: metal3ipam +--- +apiVersion: v1 +data: + components: | + apiVersion: v1 + kind: Namespace + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + control-plane: controller-manager + name: metal3-ipam-system + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: metal3-ipam-system/ipam-serving-cert + controller-gen.kubebuilder.io/version: v0.16.5 + labels: + cluster.x-k8s.io/provider: ipam-metal3 + cluster.x-k8s.io/v1alpha2: v1alpha2 + cluster.x-k8s.io/v1alpha3: v1alpha3_v1alpha4 + cluster.x-k8s.io/v1alpha4: v1alpha5 + cluster.x-k8s.io/v1beta1: v1beta1 + name: ipaddresses.ipam.metal3.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: ipam-webhook-service + namespace: metal3-ipam-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: ipam.metal3.io + names: + categories: + - metal3 + kind: IPAddress + listKind: IPAddressList + plural: ipaddresses + shortNames: + - ipa + - ipaddress + - m3ipa + - m3ipaddress + - m3ipaddresses + - metal3ipa + - metal3ipaddress + - metal3ipaddresses + singular: ipaddress + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of Metal3IPAddress + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: IPAddress is the Schema for the ipaddresses API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IPAddressSpec defines the desired state of IPAddress. + properties: + address: + description: Address contains the IP address + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + claim: + description: Claim points to the object the IPClaim was created for. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + dnsServers: + description: DNSServers is the list of dns servers + items: + description: IPAddress is used for validation of an IP address. + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + type: array + gateway: + description: Gateway is the gateway ip address + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + pool: + description: Pool is the IPPool this was generated from. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + prefix: + description: Prefix is the mask of the network as integer (max 128) + maximum: 128 + type: integer + required: + - address + - claim + - pool + type: object + type: object + served: true + storage: true + subresources: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: metal3-ipam-system/ipam-serving-cert + controller-gen.kubebuilder.io/version: v0.16.5 + labels: + cluster.x-k8s.io/provider: ipam-metal3 + cluster.x-k8s.io/v1alpha2: v1alpha2 + cluster.x-k8s.io/v1alpha3: v1alpha3_v1alpha4 + cluster.x-k8s.io/v1alpha4: v1alpha5 + cluster.x-k8s.io/v1beta1: v1beta1 + name: ipclaims.ipam.metal3.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: ipam-webhook-service + namespace: metal3-ipam-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: ipam.metal3.io + names: + categories: + - cluster-api + kind: IPClaim + listKind: IPClaimList + plural: ipclaims + shortNames: + - ipc + - ipclaim + - m3ipc + - m3ipclaim + - m3ipclaims + - metal3ipc + - metal3ipclaim + - metal3ipclaims + singular: ipclaim + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of Metal3IPClaim + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: IPClaim is the Schema for the ipclaims API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IPClaimSpec defines the desired state of IPClaim. + properties: + pool: + description: Pool is the IPPool this was generated from. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + required: + - pool + type: object + status: + description: IPClaimStatus defines the observed state of IPClaim. + properties: + address: + description: Address is the IPAddress that was generated for this + claim. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + errorMessage: + description: ErrorMessage contains the error message + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: metal3-ipam-system/ipam-serving-cert + controller-gen.kubebuilder.io/version: v0.16.5 + labels: + cluster.x-k8s.io/provider: ipam-metal3 + cluster.x-k8s.io/v1alpha2: v1alpha2 + cluster.x-k8s.io/v1alpha3: v1alpha3_v1alpha4 + cluster.x-k8s.io/v1alpha4: v1alpha5 + cluster.x-k8s.io/v1beta1: v1beta1 + name: ippools.ipam.metal3.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: ipam-webhook-service + namespace: metal3-ipam-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: ipam.metal3.io + names: + categories: + - cluster-api + kind: IPPool + listKind: IPPoolList + plural: ippools + shortNames: + - ipp + - ippool + - m3ipp + - m3ippool + - m3ippools + - metal3ipp + - metal3ippool + - metal3ippools + singular: ippool + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this template belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Time duration since creation of Metal3IPPool + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: IPPool is the Schema for the ippools API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IPPoolSpec defines the desired state of IPPool. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + type: string + dnsServers: + description: DNSServers is the list of dns servers + items: + description: IPAddress is used for validation of an IP address. + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + type: array + gateway: + description: Gateway is the gateway ip address + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + namePrefix: + description: namePrefix is the prefix used to generate the IPAddress + object names + minLength: 1 + type: string + pools: + description: Pools contains the list of IP addresses pools + items: + description: |- + MetaDataIPAddress contains the info to render th ip address. It is IP-version + agnostic. + properties: + dnsServers: + description: DNSServers is the list of dns servers + items: + description: IPAddress is used for validation of an IP address. + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + type: array + end: + description: |- + End is the last IP address that can be rendered. It is used as a validation + that the rendered IP is in bound. + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + gateway: + description: Gateway is the gateway ip address + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + prefix: + description: Prefix is the mask of the network as integer (max + 128) + maximum: 128 + type: integer + start: + description: Start is the first ip address that can be rendered + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + subnet: + description: |- + Subnet is used to validate that the rendered IP is in bounds. In case the + Start value is not given, it is derived from the subnet ip incremented by 1 + (`192.168.0.1` for `192.168.0.0/24`) + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))/([0-9]|[1-2][0-9]|3[0-2])$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))/([0-9]|[0-9][0-9]|1[0-1][0-9]|12[0-8])$)) + type: string + type: object + type: array + preAllocations: + additionalProperties: + description: IPAddress is used for validation of an IP address. + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + description: PreAllocations contains the preallocated IP addresses + type: object + prefix: + description: Prefix is the mask of the network as integer (max 128) + maximum: 128 + type: integer + required: + - namePrefix + type: object + status: + description: IPPoolStatus defines the observed state of IPPool. + properties: + indexes: + additionalProperties: + description: IPAddress is used for validation of an IP address. + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + description: Allocations contains the map of objects and IP addresses + they have + type: object + lastUpdated: + description: LastUpdated identifies when this status was last observed. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + name: ipam-manager + namespace: metal3-ipam-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + name: ipam-leader-election-role + namespace: metal3-ipam-system + rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + name: ipam-manager-role + rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - cluster.x-k8s.io + resources: + - clusters + verbs: + - get + - list + - watch + - apiGroups: + - cluster.x-k8s.io + resources: + - clusters/status + verbs: + - get + - apiGroups: + - ipam.cluster.x-k8s.io + resources: + - ipaddressclaims + - ipaddresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ipam.cluster.x-k8s.io + resources: + - ipaddressclaims/status + - ipaddresses/status + verbs: + - get + - patch + - update + - apiGroups: + - ipam.metal3.io + resources: + - ipaddresses + - ipclaims + - ippools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ipam.metal3.io + resources: + - ipaddresses/status + - ipclaims/status + - ippools/status + verbs: + - get + - patch + - update + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + name: ipam-leader-election-rolebinding + namespace: metal3-ipam-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ipam-leader-election-role + subjects: + - kind: ServiceAccount + name: ipam-manager + namespace: metal3-ipam-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + name: ipam-manager-rolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ipam-manager-role + subjects: + - kind: ServiceAccount + name: ipam-manager + namespace: metal3-ipam-system + --- + apiVersion: v1 + kind: Service + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + name: ipam-webhook-service + namespace: metal3-ipam-system + spec: + ports: + - port: 443 + targetPort: ipam-webhook + selector: + cluster.x-k8s.io/provider: ipam-metal3 + --- + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + name: ipam-controller-manager + namespace: metal3-ipam-system + spec: + selector: + matchLabels: + cluster.x-k8s.io/provider: ipam-metal3 + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + template: + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + spec: + containers: + - args: + - --webhook-port=9443 + - --diagnostics-address=${IPAM_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${IPAM_INSECURE_DIAGNOSTICS:=false} + - --tls-min-version=${TLS_MIN_VERSION:=VersionTLS13} + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.rancher.com/rancher/ip-address-manager:v1.10.4 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: ipam-webhook + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: ipam-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: ipam-webhook-service-cert + --- + apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + name: ipam-serving-cert + namespace: metal3-ipam-system + spec: + dnsNames: + - ipam-webhook-service.metal3-ipam-system.svc + - ipam-webhook-service.metal3-ipam-system.svc.cluster.local + issuerRef: + kind: Issuer + name: ipam-selfsigned-issuer + secretName: ipam-webhook-service-cert + --- + apiVersion: cert-manager.io/v1 + kind: Issuer + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + name: ipam-selfsigned-issuer + namespace: metal3-ipam-system + spec: + selfSigned: {} + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: MutatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: metal3-ipam-system/ipam-serving-cert + labels: + cluster.x-k8s.io/provider: ipam-metal3 + name: ipam-mutating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ipam-webhook-service + namespace: metal3-ipam-system + path: /mutate-ipam-metal3-io-v1alpha1-ipaddress + failurePolicy: Fail + matchPolicy: Equivalent + name: default.ipaddress.ipam.metal3.io + rules: + - apiGroups: + - ipam.metal3.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - ipaddresses + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ipam-webhook-service + namespace: metal3-ipam-system + path: /mutate-ipam-metal3-io-v1alpha1-ipclaim + failurePolicy: Fail + matchPolicy: Equivalent + name: default.ipclaim.ipam.metal3.io + rules: + - apiGroups: + - ipam.metal3.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - ipclaims + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ipam-webhook-service + namespace: metal3-ipam-system + path: /mutate-ipam-metal3-io-v1alpha1-ippool + failurePolicy: Fail + matchPolicy: Equivalent + name: default.ippool.ipam.metal3.io + rules: + - apiGroups: + - ipam.metal3.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - ippools + sideEffects: None + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: metal3-ipam-system/ipam-serving-cert + labels: + cluster.x-k8s.io/provider: ipam-metal3 + name: ipam-validating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ipam-webhook-service + namespace: metal3-ipam-system + path: /validate-ipam-metal3-io-v1alpha1-ipaddress + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.ipaddress.ipam.metal3.io + rules: + - apiGroups: + - ipam.metal3.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - ipaddresses + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ipam-webhook-service + namespace: metal3-ipam-system + path: /validate-ipam-metal3-io-v1alpha1-ipclaim + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.ipclaim.ipam.metal3.io + rules: + - apiGroups: + - ipam.metal3.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - ipclaims + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ipam-webhook-service + namespace: metal3-ipam-system + path: /validate-ipam-metal3-io-v1alpha1-ippool + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.ippool.ipam.metal3.io + rules: + - apiGroups: + - ipam.metal3.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - ippools + sideEffects: None + metadata: | + apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 + kind: Metadata + releaseSeries: + - major: 1 + minor: 10 + contract: v1beta1 + - major: 1 + minor: 9 + contract: v1beta1 + - major: 1 + minor: 8 + contract: v1beta1 + - major: 1 + minor: 7 + contract: v1beta1 + - major: 1 + minor: 6 + contract: v1beta1 + - major: 1 + minor: 5 + contract: v1beta1 + - major: 1 + minor: 4 + contract: v1beta1 + - major: 1 + minor: 3 + contract: v1beta1 + - major: 1 + minor: 2 + contract: v1beta1 + - major: 1 + minor: 1 + contract: v1beta1 +kind: ConfigMap +metadata: + creationTimestamp: null + name: v1.10.4 + namespace: metal3-ipam-system + labels: + provider-components: metal3ipam +{{- end }} diff --git a/rancher-turtles-providers-chart/values.schema.json b/rancher-turtles-providers-chart/values.schema.json index 170f605..60b1ad0 100644 --- a/rancher-turtles-providers-chart/values.schema.json +++ b/rancher-turtles-providers-chart/values.schema.json @@ -102,36 +102,6 @@ "maximum": 5 } } - }, - "fetchConfig": { - "type": "object", - "description": "Override default artifact source via URL or OCI (specify one).", - "oneOf": [ - { - "properties": { - "url": { - "type": "string", - "description": "The URL to be used for fetching the provider components and metadata." - } - }, - "additionalProperties": false, - "required": [ - "url" - ] - }, - { - "properties": { - "oci": { - "type": "string", - "description": "OCI to be used for fetching the provider components and metadata." - } - }, - "additionalProperties": false, - "required": [ - "oci" - ] - } - ] } } } diff --git a/rancher-turtles-providers-chart/values.yaml b/rancher-turtles-providers-chart/values.yaml index 6c35422..a0224ff 100644 --- a/rancher-turtles-providers-chart/values.yaml +++ b/rancher-turtles-providers-chart/values.yaml @@ -30,10 +30,6 @@ providers: # configSecret: # name: "" # namespace: "" - # fetchConfig: Override default artifact source via URL or OCI (specify one). - # fetchConfig: - # url: "https://github.com///releases" - # # oci: "ghcr.io//:" # manager: Optional controller manager settings. # manager: # syncPeriod: "5m" @@ -63,10 +59,6 @@ providers: # configSecret: # name: "" # namespace: "" - # fetchConfig: Override default artifact source via URL or OCI (specify one). - # fetchConfig: - # url: "https://github.com///releases" - # # oci: "ghcr.io//:" # manager: Optional controller manager settings. # manager: # syncPeriod: "5m" @@ -96,10 +88,6 @@ providers: # configSecret: # name: "" # namespace: "" - # fetchConfig: Override default artifact source via URL or OCI (specify one). - # fetchConfig: - # url: "https://github.com///releases" - # # oci: "ghcr.io//:" # manager: Optional controller manager settings. # manager: # syncPeriod: "5m"