apiVersion: v1 kind: Namespace metadata: labels: cluster.x-k8s.io/provider: control-plane-rke2 control-plane: controller-manager name: rke2-control-plane-system --- apiVersion: v1 data: components: | apiVersion: v1 kind: Namespace metadata: labels: cluster.x-k8s.io/provider: control-plane-rke2 control-plane: controller-manager name: rke2-control-plane-system --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert controller-gen.kubebuilder.io/version: v0.14.0 labels: cluster.x-k8s.io/provider: control-plane-rke2 cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1 name: rke2controlplanes.controlplane.cluster.x-k8s.io spec: conversion: strategy: Webhook webhook: clientConfig: caBundle: Cg== service: name: rke2-control-plane-webhook-service namespace: rke2-control-plane-system path: /convert conversionReviewVersions: - v1 - v1beta1 group: controlplane.cluster.x-k8s.io names: kind: RKE2ControlPlane listKind: RKE2ControlPlaneList plural: rke2controlplanes singular: rke2controlplane scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: RKE2ControlPlane is the Schema for the rke2controlplanes API. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: RKE2ControlPlaneSpec defines the desired state of RKE2ControlPlane. properties: agentConfig: description: AgentConfig specifies configuration for the agent nodes. properties: additionalUserData: description: |- AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the generated cloud-init/ignition script. properties: config: description: |- In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp". Deprecated: Data is reserved for the arbitrary cloud-init data type: string data: additionalProperties: type: string description: |- Data allows to pass arbitrary set of key/value pairs consistent with https://cloudinit.readthedocs.io/en/latest/reference/modules.html to extend existing cloud-init configuration type: object strict: description: Strict controls if Config should be strictly parsed. If so, warnings are treated as errors. type: boolean type: object x-kubernetes-validations: - message: Only config or data could be populated at once rule: '!has(self.data) || !has(self.config)' airGapped: description: |- AirGapped is a boolean value to define if the bootstrapping should be air-gapped, basically supposing that online container registries and RKE2 install scripts are not reachable. type: boolean cisProfile: description: CISProfile activates CIS compliance of RKE2 for a certain profile enum: - cis - cis-1.23 - cis-1.5 - cis-1.6 type: string containerRuntimeEndpoint: description: ContainerRuntimeEndpoint Disable embedded containerd and use alternative CRI implementation. type: string dataDir: description: DataDir Folder to hold state. type: string enableContainerdSElinux: description: |- EnableContainerdSElinux defines the policy for enabling SELinux for Containerd if value is true, Containerd will run with selinux-enabled=true flag if value is false, Containerd will run without the above flag type: boolean format: description: Format specifies the output format of the bootstrap data. Defaults to cloud-config. enum: - cloud-config - ignition type: string imageCredentialProviderConfigMap: description: |- ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config The config map should contain a key "credential-config.yaml" with YAML file content and a key "credential-provider-binaries" with the a path to the binaries for the credential provider. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic kubeProxy: description: KubeProxyArgs Customized flag for kube-proxy process. properties: extraArgs: description: 'ExtraArgs is a list of command line arguments (format: flag=value) to pass to a Kubernetes Component command.' items: type: string type: array extraEnv: additionalProperties: type: string description: ExtraEnv is a map of environment variables to pass on to a Kubernetes Component command. type: object extraMounts: additionalProperties: type: string description: ExtraMounts is a map of volume mounts to be added for the Kubernetes component StaticPod type: object overrideImage: description: OverrideImage is a string that references a container image to override the default one for the Kubernetes Component type: string type: object kubelet: description: KubeletArgs Customized flag for kubelet process. properties: extraArgs: description: 'ExtraArgs is a list of command line arguments (format: flag=value) to pass to a Kubernetes Component command.' items: type: string type: array extraEnv: additionalProperties: type: string description: ExtraEnv is a map of environment variables to pass on to a Kubernetes Component command. type: object extraMounts: additionalProperties: type: string description: ExtraMounts is a map of volume mounts to be added for the Kubernetes component StaticPod type: object overrideImage: description: OverrideImage is a string that references a container image to override the default one for the Kubernetes Component type: string type: object kubeletPath: description: KubeletPath Override kubelet binary path. type: string loadBalancerPort: description: |- LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444). type: integer nodeAnnotations: additionalProperties: type: string description: |- NodeAnnotations are annotations that are created on nodes post bootstrap phase. Unfortunately it is not possible to apply annotations via kubelet using current bootstrap configurations. Issue: https://github.com/kubernetes/kubernetes/issues/108046 type: object nodeLabels: description: NodeLabels Registering and starting kubelet with set of labels. items: type: string type: array nodeName: description: NodeNamePrefix Prefix to the Node Name that CAPI will generate. type: string nodeTaints: description: NodeTaints Registering kubelet with set of taints. items: type: string type: array ntp: description: NTP specifies NTP configuration properties: enabled: description: Enabled specifies whether NTP should be enabled type: boolean servers: description: Servers specifies which NTP servers to use items: type: string type: array type: object protectKernelDefaults: description: |- ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults. if false, kernel tunable can be different from kubelet defaults type: boolean resolvConf: description: ResolvConf is a reference to a ConfigMap containing resolv.conf content for the node. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic runtimeImage: description: RuntimeImage override image to use for runtime binaries (containerd, kubectl, crictl, etc). type: string snapshotter: description: 'Snapshotter override default containerd snapshotter (default: "overlayfs").' type: string systemDefaultRegistry: description: SystemDefaultRegistry Private registry to be used for all system images. type: string version: description: Version specifies the rke2 version. type: string type: object files: description: Files specifies extra files to be passed to user_data upon creation. items: description: File defines the input for generating write_files in cloud-init. properties: content: description: Content is the actual content of the file. type: string contentFrom: description: ContentFrom is a referenced source of content to populate the file. properties: secret: description: SecretFileSource represents a secret that should populate this file. properties: key: description: Key is the key in the secret's data map for this value. type: string name: description: Name of the secret in the RKE2BootstrapConfig's namespace to use. type: string required: - key - name type: object required: - secret type: object encoding: description: Encoding specifies the encoding of the file contents. enum: - base64 - gzip - gzip+base64 type: string owner: description: Owner specifies the ownership of the file, e.g. "root:root". type: string path: description: Path specifies the full path on disk where to store the file. type: string permissions: description: Permissions specifies the permissions to assign to the file, e.g. "0640". type: string required: - path type: object type: array infrastructureRef: description: |- InfrastructureRef is a required reference to a custom resource offered by an infrastructure provider. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic manifestsConfigMapReference: description: |- ManifestsConfigMapReference references a ConfigMap which contains Kubernetes manifests to be deployed automatically on the cluster Each data entry in the ConfigMap will be will be copied to a folder on the control plane nodes that RKE2 scans and uses to deploy manifests. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic nodeDrainTimeout: description: |- NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` type: string postRKE2Commands: description: PostRKE2Commands specifies extra commands to run after rke2 setup runs. items: type: string type: array preRKE2Commands: description: PreRKE2Commands specifies extra commands to run before rke2 setup runs. items: type: string type: array privateRegistriesConfig: description: PrivateRegistriesConfig defines the containerd configuration for private registries and local registry mirrors. properties: configs: additionalProperties: description: RegistryConfig contains configuration used to communicate with the registry. properties: authSecret: description: |- Auth si a reference to a Secret containing information to authenticate to the registry. The Secret must provite a username and a password data entry. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic tls: description: |- TLS is a pair of CA/Cert/Key which then are used when creating the transport that communicates with the registry. properties: insecureSkipVerify: description: InsecureSkipVerify may be set to false to skip verifying the registry's certificate, default is true. type: boolean tlsConfigSecret: description: |- TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt which describe the TLS configuration necessary to connect to the registry. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic type: object type: object description: |- Configs are configs for each registry. The key is the FDQN or IP of the registry. type: object mirrors: additionalProperties: description: Mirror contains the config related to the registry mirror. properties: endpoint: description: |- Endpoints are endpoints for a namespace. CRI plugin will try the endpoints one by one until a working one is found. The endpoint must be a valid url with host specified. The scheme, host and path from the endpoint URL will be used. items: type: string type: array rewrite: additionalProperties: type: string description: |- Rewrites are repository rewrite rules for a namespace. When fetching image resources from an endpoint and a key matches the repository via regular expression matching it will be replaced with the corresponding value from the map in the resource request. type: object type: object description: Mirrors are namespace to mirror mapping for all namespaces. type: object type: object registrationAddress: description: |- RegistrationAddress is an explicit address to use when registering a node. This is required if the registration type is "address". Its for scenarios where a load-balancer or VIP is used. type: string registrationMethod: default: internal-first description: RegistrationMethod is the method to use for registering nodes into the RKE2 cluster. enum: - internal-first - internal-only-ips - external-only-ips - address type: string replicas: description: Replicas is the number of replicas for the Control Plane. format: int32 type: integer rolloutStrategy: default: rollingUpdate: maxSurge: 1 type: RollingUpdate description: The RolloutStrategy to use to replace control plane machines with new ones. properties: rollingUpdate: description: Rolling update config params. Present only if RolloutStrategyType = RollingUpdate. properties: maxSurge: anyOf: - type: integer - type: string description: |- The maximum number of control planes that can be scheduled above or under the desired number of control planes. Value can be an absolute number 1 or 0. Defaults to 1. Example: when this is set to 1, the control plane can be scaled up immediately when the rolling update starts. x-kubernetes-int-or-string: true type: object type: description: |- Type of rollout. Currently the only supported strategy is "RollingUpdate". Default is RollingUpdate. type: string type: object serverConfig: description: ServerConfig specifies configuration for the agent nodes. properties: advertiseAddress: description: 'AdvertiseAddress IP address that apiserver uses to advertise to members of the cluster (default: node-external-ip/node-ip).' type: string auditPolicySecret: description: AuditPolicySecret path to the file that defines the audit policy configuration. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic bindAddress: description: 'BindAddress describes the rke2 bind address (default: 0.0.0.0).' type: string cloudControllerManager: description: CloudControllerManager defines optional custom configuration of the Cloud Controller Manager. properties: extraArgs: description: 'ExtraArgs is a list of command line arguments (format: flag=value) to pass to a Kubernetes Component command.' items: type: string type: array extraEnv: additionalProperties: type: string description: ExtraEnv is a map of environment variables to pass on to a Kubernetes Component command. type: object extraMounts: additionalProperties: type: string description: ExtraMounts is a map of volume mounts to be added for the Kubernetes component StaticPod type: object overrideImage: description: OverrideImage is a string that references a container image to override the default one for the Kubernetes Component type: string type: object cloudProviderConfigMap: description: |- CloudProviderConfigMap is a reference to a ConfigMap containing Cloud provider configuration. The config map must contain a key named cloud-config. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic cloudProviderName: description: CloudProviderName cloud provider name. type: string clusterDNS: description: 'ClusterDNS is the cluster IP for CoreDNS service. Should be in your service-cidr range (default: 10.43.0.10).' type: string clusterDomain: description: 'ClusterDomain is the cluster domain name (default: "cluster.local").' type: string cni: description: |- CNI describes the CNI Plugins to deploy, one of none, calico, canal, cilium; optionally with multus as the first value to enable the multus meta-plugin (default: canal). enum: - none - calico - canal - cilium type: string cniMultusEnable: description: |- CNIMultusEnable enables multus as the first CNI plugin (default: false). This option will automatically make Multus a primary CNI, and the value, if specified in the CNI field, as a secondary CNI plugin. type: boolean disableComponents: description: DisableComponents lists Kubernetes components and RKE2 plugin components that will be disabled. properties: kubernetesComponents: description: KubernetesComponents is a list of Kubernetes components to disable. items: description: 'DisabledKubernetesComponent is an enum field that can take one of the following values: scheduler, kubeProxy or cloudController.' enum: - scheduler - kubeProxy - cloudController type: string type: array pluginComponents: description: PluginComponents is a list of PluginComponents to disable. items: description: DisabledPluginComponent selects a plugin Components to be disabled. enum: - rke2-coredns - rke2-ingress-nginx - rke2-metrics-server type: string type: array type: object etcd: description: Etcd defines optional custom configuration of ETCD. properties: backupConfig: description: 'BackupConfig defines how RKE2 will snapshot ETCD: target storage, schedule, etc.' properties: directory: description: Directory to save db snapshots. type: string disableAutomaticSnapshots: description: |- DisableAutomaticSnapshots defines the policy for ETCD snapshots. true means automatic snapshots will be scheduled, false means automatic snapshots will not be scheduled. type: boolean retention: description: 'Retention Number of snapshots to retain Default: 5 (default: 5).' type: string s3: description: S3 Enable backup to an S3-compatible Object Store. properties: bucket: description: Bucket S3 bucket name. type: string endpoint: description: 'Endpoint S3 endpoint url (default: "s3.amazonaws.com").' type: string endpointCAsecret: description: |- EndpointCA references the Secret that contains a custom CA that should be trusted to connect to S3 endpoint. The secret must contain a key named "ca.pem" that contains the CA certificate. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic enforceSslVerify: description: EnforceSSLVerify may be set to false to skip verifying the registry's certificate, default is true. type: boolean folder: description: Folder S3 folder. type: string region: description: 'Region S3 region / bucket location (optional) (default: "us-east-1").' type: string s3CredentialSecret: description: |- S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket. The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key". properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic required: - endpoint - s3CredentialSecret type: object scheduleCron: description: 'ScheduleCron Snapshot interval time in cron spec. eg. every 5 hours ''* */5 * * *'' (default: "0 */12 * * *").' type: string snapshotName: description: 'SnapshotName Set the base name of etcd snapshots. Default: etcd-snapshot- (default: "etcd-snapshot").' type: string type: object customConfig: description: CustomConfig defines the custom settings for ETCD. properties: extraArgs: description: 'ExtraArgs is a list of command line arguments (format: flag=value) to pass to a Kubernetes Component command.' items: type: string type: array extraEnv: additionalProperties: type: string description: ExtraEnv is a map of environment variables to pass on to a Kubernetes Component command. type: object extraMounts: additionalProperties: type: string description: ExtraMounts is a map of volume mounts to be added for the Kubernetes component StaticPod type: object overrideImage: description: OverrideImage is a string that references a container image to override the default one for the Kubernetes Component type: string type: object exposeMetrics: description: |- ExposeEtcdMetrics defines the policy for ETCD Metrics exposure. if value is true, ETCD metrics will be exposed if value is false, ETCD metrics will NOT be exposed type: boolean type: object kubeAPIServer: description: KubeAPIServer defines optional custom configuration of the Kube API Server. properties: extraArgs: description: 'ExtraArgs is a list of command line arguments (format: flag=value) to pass to a Kubernetes Component command.' items: type: string type: array extraEnv: additionalProperties: type: string description: ExtraEnv is a map of environment variables to pass on to a Kubernetes Component command. type: object extraMounts: additionalProperties: type: string description: ExtraMounts is a map of volume mounts to be added for the Kubernetes component StaticPod type: object overrideImage: description: OverrideImage is a string that references a container image to override the default one for the Kubernetes Component type: string type: object kubeControllerManager: description: KubeControllerManager defines optional custom configuration of the Kube Controller Manager. properties: extraArgs: description: 'ExtraArgs is a list of command line arguments (format: flag=value) to pass to a Kubernetes Component command.' items: type: string type: array extraEnv: additionalProperties: type: string description: ExtraEnv is a map of environment variables to pass on to a Kubernetes Component command. type: object extraMounts: additionalProperties: type: string description: ExtraMounts is a map of volume mounts to be added for the Kubernetes component StaticPod type: object overrideImage: description: OverrideImage is a string that references a container image to override the default one for the Kubernetes Component type: string type: object kubeScheduler: description: KubeScheduler defines optional custom configuration of the Kube Scheduler. properties: extraArgs: description: 'ExtraArgs is a list of command line arguments (format: flag=value) to pass to a Kubernetes Component command.' items: type: string type: array extraEnv: additionalProperties: type: string description: ExtraEnv is a map of environment variables to pass on to a Kubernetes Component command. type: object extraMounts: additionalProperties: type: string description: ExtraMounts is a map of volume mounts to be added for the Kubernetes component StaticPod type: object overrideImage: description: OverrideImage is a string that references a container image to override the default one for the Kubernetes Component type: string type: object pauseImage: description: PauseImage Override image to use for pause. type: string serviceNodePortRange: description: 'ServiceNodePortRange is the port range to reserve for services with NodePort visibility (default: "30000-32767").' type: string tlsSan: description: TLSSan Add additional hostname or IP as a Subject Alternative Name in the TLS cert. items: type: string type: array type: object required: - infrastructureRef type: object status: description: RKE2ControlPlaneStatus defines the observed state of RKE2ControlPlane. properties: availableServerIPs: description: AvailableServerIPs is a list of the Control Plane IP adds that can be used to register further nodes. items: type: string type: array conditions: description: Conditions defines current service state of the RKE2Config. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- A human readable message indicating details about the transition. This field may be empty. type: string reason: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty. type: string severity: description: |- Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: description: |- Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime - status - type type: object type: array dataSecretName: description: DataSecretName is the name of the secret that stores the bootstrap data script. type: string failureMessage: description: FailureMessage will be set on non-retryable errors. type: string failureReason: description: FailureReason will be set on non-retryable errors. type: string initialized: description: Initialized indicates the target cluster has completed initialization. type: boolean observedGeneration: description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer ready: description: Ready indicates the BootstrapData field is ready to be consumed. type: boolean readyReplicas: description: ReadyReplicas is the number of replicas current attached to this ControlPlane Resource and that have Ready Status. format: int32 type: integer replicas: description: Replicas is the number of replicas current attached to this ControlPlane Resource. format: int32 type: integer unavailableReplicas: description: UnavailableReplicas is the number of replicas current attached to this ControlPlane Resource and that are up-to-date with Control Plane config. format: int32 type: integer updatedReplicas: description: UpdatedReplicas is the number of replicas current attached to this ControlPlane Resource and that are up-to-date with Control Plane config. format: int32 type: integer type: object type: object served: true storage: false subresources: status: {} - name: v1beta1 schema: openAPIV3Schema: description: RKE2ControlPlane is the Schema for the rke2controlplanes API. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: RKE2ControlPlaneSpec defines the desired state of RKE2ControlPlane. properties: agentConfig: description: AgentConfig specifies configuration for the agent nodes. properties: additionalUserData: description: |- AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the generated cloud-init/ignition script. properties: config: description: |- In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp". type: string data: additionalProperties: type: string description: |- Data allows to pass arbitrary set of key/value pairs consistent with https://cloudinit.readthedocs.io/en/latest/reference/modules.html to extend existing cloud-init configuration type: object strict: description: Strict controls if Config should be strictly parsed. If so, warnings are treated as errors. type: boolean type: object x-kubernetes-validations: - message: Only config or data could be populated at once rule: '!has(self.data) || !has(self.config)' airGapped: description: |- AirGapped is a boolean value to define if the bootstrapping should be air-gapped, basically supposing that online container registries and RKE2 install scripts are not reachable. type: boolean airGappedChecksum: description: |- AirGappedChecksum is a string value with a sha256sum checksum to compare with checksum of existing sha256sum-.txt file for packages already available on the machine before performing air-gapped installation. type: string cisProfile: description: CISProfile activates CIS compliance of RKE2 for a certain profile enum: - cis - cis-1.23 - cis-1.5 - cis-1.6 type: string containerRuntimeEndpoint: description: ContainerRuntimeEndpoint Disable embedded containerd and use alternative CRI implementation. type: string dataDir: description: DataDir Folder to hold state. type: string enableContainerdSElinux: description: |- EnableContainerdSElinux defines the policy for enabling SELinux for Containerd if value is true, Containerd will run with selinux-enabled=true flag if value is false, Containerd will run without the above flag type: boolean format: description: Format specifies the output format of the bootstrap data. Defaults to cloud-config. enum: - cloud-config - ignition type: string imageCredentialProviderConfigMap: description: |- ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config The config map should contain a key "credential-config.yaml" with YAML file content and a key "credential-provider-binaries" with the a path to the binaries for the credential provider. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic kubeProxy: description: KubeProxyArgs Customized flag for kube-proxy process. properties: extraArgs: description: 'ExtraArgs is a list of command line arguments (format: flag=value) to pass to a Kubernetes Component command.' items: type: string type: array extraEnv: additionalProperties: type: string description: ExtraEnv is a map of environment variables to pass on to a Kubernetes Component command. type: object extraMounts: additionalProperties: type: string description: ExtraMounts is a map of volume mounts to be added for the Kubernetes component StaticPod type: object overrideImage: description: OverrideImage is a string that references a container image to override the default one for the Kubernetes Component type: string type: object kubelet: description: KubeletArgs Customized flag for kubelet process. properties: extraArgs: description: 'ExtraArgs is a list of command line arguments (format: flag=value) to pass to a Kubernetes Component command.' items: type: string type: array extraEnv: additionalProperties: type: string description: ExtraEnv is a map of environment variables to pass on to a Kubernetes Component command. type: object extraMounts: additionalProperties: type: string description: ExtraMounts is a map of volume mounts to be added for the Kubernetes component StaticPod type: object overrideImage: description: OverrideImage is a string that references a container image to override the default one for the Kubernetes Component type: string type: object kubeletPath: description: KubeletPath Override kubelet binary path. type: string loadBalancerPort: description: |- LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444). type: integer nodeAnnotations: additionalProperties: type: string description: |- NodeAnnotations are annotations that are created on nodes post bootstrap phase. Unfortunately it is not possible to apply annotations via kubelet using current bootstrap configurations. Issue: https://github.com/kubernetes/kubernetes/issues/108046 type: object nodeLabels: description: NodeLabels Registering and starting kubelet with set of labels. items: type: string type: array nodeName: description: NodeNamePrefix Prefix to the Node Name that CAPI will generate. type: string nodeTaints: description: NodeTaints Registering kubelet with set of taints. items: type: string type: array ntp: description: NTP specifies NTP configuration properties: enabled: description: Enabled specifies whether NTP should be enabled type: boolean servers: description: Servers specifies which NTP servers to use items: type: string type: array type: object podSecurityAdmissionConfigFile: description: |- PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through spec.Files field. type: string protectKernelDefaults: description: |- ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults. if false, kernel tunable can be different from kubelet defaults type: boolean resolvConf: description: ResolvConf is a reference to a ConfigMap containing resolv.conf content for the node. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic runtimeImage: description: RuntimeImage override image to use for runtime binaries (containerd, kubectl, crictl, etc). type: string snapshotter: description: 'Snapshotter override default containerd snapshotter (default: "overlayfs").' type: string systemDefaultRegistry: description: SystemDefaultRegistry Private registry to be used for all system images. type: string type: object files: description: Files specifies extra files to be passed to user_data upon creation. items: description: File defines the input for generating write_files in cloud-init. properties: content: description: Content is the actual content of the file. type: string contentFrom: description: ContentFrom is a referenced source of content to populate the file. properties: secret: description: SecretFileSource represents a secret that should populate this file. properties: key: description: Key is the key in the secret's data map for this value. type: string name: description: Name of the secret in the RKE2BootstrapConfig's namespace to use. type: string required: - key - name type: object required: - secret type: object encoding: description: Encoding specifies the encoding of the file contents. enum: - base64 - gzip - gzip+base64 type: string owner: description: Owner specifies the ownership of the file, e.g. "root:root". type: string path: description: Path specifies the full path on disk where to store the file. type: string permissions: description: Permissions specifies the permissions to assign to the file, e.g. "0640". type: string required: - path type: object type: array infrastructureRef: description: |- InfrastructureRef is a required reference to a custom resource offered by an infrastructure provider. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic machineTemplate: description: |- MachineTemplate contains information about how machines should be shaped when creating or updating a control plane. properties: infrastructureRef: description: |- InfrastructureRef is a required reference to a custom resource offered by an infrastructure provider. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic metadata: description: |- Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata properties: annotations: additionalProperties: type: string description: |- Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations type: object labels: additionalProperties: type: string description: |- Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels type: object type: object nodeDrainTimeout: description: |- NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` type: string required: - infrastructureRef type: object manifestsConfigMapReference: description: |- ManifestsConfigMapReference references a ConfigMap which contains Kubernetes manifests to be deployed automatically on the cluster Each data entry in the ConfigMap will be will be copied to a folder on the control plane nodes that RKE2 scans and uses to deploy manifests. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic nodeDrainTimeout: description: |- NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` type: string postRKE2Commands: description: PostRKE2Commands specifies extra commands to run after rke2 setup runs. items: type: string type: array preRKE2Commands: description: PreRKE2Commands specifies extra commands to run before rke2 setup runs. items: type: string type: array privateRegistriesConfig: description: PrivateRegistriesConfig defines the containerd configuration for private registries and local registry mirrors. properties: configs: additionalProperties: description: RegistryConfig contains configuration used to communicate with the registry. properties: authSecret: description: |- Auth is a reference to a Secret containing information to authenticate to the registry. The Secret must provite a username and a password data entry. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic tls: description: |- TLS is a pair of CA/Cert/Key which then are used when creating the transport that communicates with the registry. properties: insecureSkipVerify: description: InsecureSkipVerify may be set to false to skip verifying the registry's certificate, default is true. type: boolean tlsConfigSecret: description: |- TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt which describe the TLS configuration necessary to connect to the registry. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic type: object type: object description: |- Configs are configs for each registry. The key is the FDQN or IP of the registry. type: object mirrors: additionalProperties: description: Mirror contains the config related to the registry mirror. properties: endpoint: description: |- Endpoints are endpoints for a namespace. CRI plugin will try the endpoints one by one until a working one is found. The endpoint must be a valid url with host specified. The scheme, host and path from the endpoint URL will be used. items: type: string type: array rewrite: additionalProperties: type: string description: |- Rewrites are repository rewrite rules for a namespace. When fetching image resources from an endpoint and a key matches the repository via regular expression matching it will be replaced with the corresponding value from the map in the resource request. type: object type: object description: Mirrors are namespace to mirror mapping for all namespaces. type: object type: object registrationAddress: description: |- RegistrationAddress is an explicit address to use when registering a node. This is required if the registration type is "address". Its for scenarios where a load-balancer or VIP is used. type: string registrationMethod: description: RegistrationMethod is the method to use for registering nodes into the RKE2 cluster. enum: - internal-first - internal-only-ips - external-only-ips - address - control-plane-endpoint - "" type: string replicas: description: Replicas is the number of replicas for the Control Plane. format: int32 type: integer rolloutStrategy: description: The RolloutStrategy to use to replace control plane machines with new ones. properties: rollingUpdate: description: Rolling update config params. Present only if RolloutStrategyType = RollingUpdate. properties: maxSurge: anyOf: - type: integer - type: string description: |- The maximum number of control planes that can be scheduled above or under the desired number of control planes. Value can be an absolute number 1 or 0. Defaults to 1. Example: when this is set to 1, the control plane can be scaled up immediately when the rolling update starts. x-kubernetes-int-or-string: true type: object type: description: |- Type of rollout. Currently the only supported strategy is "RollingUpdate". Default is RollingUpdate. type: string type: object serverConfig: description: ServerConfig specifies configuration for the agent nodes. properties: advertiseAddress: description: 'AdvertiseAddress IP address that apiserver uses to advertise to members of the cluster (default: node-external-ip/node-ip).' type: string auditPolicySecret: description: AuditPolicySecret path to the file that defines the audit policy configuration. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic bindAddress: description: 'BindAddress describes the rke2 bind address (default: 0.0.0.0).' type: string cloudControllerManager: description: CloudControllerManager defines optional custom configuration of the Cloud Controller Manager. properties: extraArgs: description: 'ExtraArgs is a list of command line arguments (format: flag=value) to pass to a Kubernetes Component command.' items: type: string type: array extraEnv: additionalProperties: type: string description: ExtraEnv is a map of environment variables to pass on to a Kubernetes Component command. type: object extraMounts: additionalProperties: type: string description: ExtraMounts is a map of volume mounts to be added for the Kubernetes component StaticPod type: object overrideImage: description: OverrideImage is a string that references a container image to override the default one for the Kubernetes Component type: string type: object cloudProviderConfigMap: description: |- CloudProviderConfigMap is a reference to a ConfigMap containing Cloud provider configuration. The config map must contain a key named cloud-config. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic cloudProviderName: description: CloudProviderName cloud provider name. type: string clusterDNS: description: 'ClusterDNS is the cluster IP for CoreDNS service. Should be in your service-cidr range (default: 10.43.0.10).' type: string clusterDomain: description: 'ClusterDomain is the cluster domain name (default: "cluster.local").' type: string cni: description: |- CNI describes the CNI Plugins to deploy, one of none, calico, canal, cilium; optionally with multus as the first value to enable the multus meta-plugin (default: canal). enum: - none - calico - canal - cilium type: string cniMultusEnable: description: |- CNIMultusEnable enables multus as the first CNI plugin (default: false). This option will automatically make Multus a primary CNI, and the value, if specified in the CNI field, as a secondary CNI plugin. type: boolean disableComponents: description: DisableComponents lists Kubernetes components and RKE2 plugin components that will be disabled. properties: kubernetesComponents: description: KubernetesComponents is a list of Kubernetes components to disable. items: description: 'DisabledKubernetesComponent is an enum field that can take one of the following values: scheduler, kubeProxy or cloudController.' enum: - scheduler - kubeProxy - cloudController type: string type: array pluginComponents: description: PluginComponents is a list of PluginComponents to disable. items: description: DisabledPluginComponent selects a plugin Components to be disabled. enum: - rke2-coredns - rke2-ingress-nginx - rke2-metrics-server type: string type: array type: object etcd: description: Etcd defines optional custom configuration of ETCD. properties: backupConfig: description: 'BackupConfig defines how RKE2 will snapshot ETCD: target storage, schedule, etc.' properties: directory: description: Directory to save db snapshots. type: string disableAutomaticSnapshots: description: |- DisableAutomaticSnapshots defines the policy for ETCD snapshots. true means automatic snapshots will be scheduled, false means automatic snapshots will not be scheduled. type: boolean retention: description: 'Retention Number of snapshots to retain Default: 5 (default: 5).' type: string s3: description: S3 Enable backup to an S3-compatible Object Store. properties: bucket: description: Bucket S3 bucket name. type: string endpoint: description: 'Endpoint S3 endpoint url (default: "s3.amazonaws.com").' type: string endpointCAsecret: description: |- EndpointCA references the Secret that contains a custom CA that should be trusted to connect to S3 endpoint. The secret must contain a key named "ca.pem" that contains the CA certificate. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic enforceSslVerify: description: EnforceSSLVerify may be set to false to skip verifying the registry's certificate, default is true. type: boolean folder: description: Folder S3 folder. type: string region: description: 'Region S3 region / bucket location (optional) (default: "us-east-1").' type: string s3CredentialSecret: description: |- S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket. The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key". properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic required: - endpoint - s3CredentialSecret type: object scheduleCron: description: 'ScheduleCron Snapshot interval time in cron spec. eg. every 5 hours ''* */5 * * *'' (default: "0 */12 * * *").' type: string snapshotName: description: 'SnapshotName Set the base name of etcd snapshots. Default: etcd-snapshot- (default: "etcd-snapshot").' type: string type: object customConfig: description: CustomConfig defines the custom settings for ETCD. properties: extraArgs: description: 'ExtraArgs is a list of command line arguments (format: flag=value) to pass to a Kubernetes Component command.' items: type: string type: array extraEnv: additionalProperties: type: string description: ExtraEnv is a map of environment variables to pass on to a Kubernetes Component command. type: object extraMounts: additionalProperties: type: string description: ExtraMounts is a map of volume mounts to be added for the Kubernetes component StaticPod type: object overrideImage: description: OverrideImage is a string that references a container image to override the default one for the Kubernetes Component type: string type: object exposeMetrics: description: |- ExposeEtcdMetrics defines the policy for ETCD Metrics exposure. if value is true, ETCD metrics will be exposed if value is false, ETCD metrics will NOT be exposed type: boolean type: object kubeAPIServer: description: KubeAPIServer defines optional custom configuration of the Kube API Server. properties: extraArgs: description: 'ExtraArgs is a list of command line arguments (format: flag=value) to pass to a Kubernetes Component command.' items: type: string type: array extraEnv: additionalProperties: type: string description: ExtraEnv is a map of environment variables to pass on to a Kubernetes Component command. type: object extraMounts: additionalProperties: type: string description: ExtraMounts is a map of volume mounts to be added for the Kubernetes component StaticPod type: object overrideImage: description: OverrideImage is a string that references a container image to override the default one for the Kubernetes Component type: string type: object kubeControllerManager: description: KubeControllerManager defines optional custom configuration of the Kube Controller Manager. properties: extraArgs: description: 'ExtraArgs is a list of command line arguments (format: flag=value) to pass to a Kubernetes Component command.' items: type: string type: array extraEnv: additionalProperties: type: string description: ExtraEnv is a map of environment variables to pass on to a Kubernetes Component command. type: object extraMounts: additionalProperties: type: string description: ExtraMounts is a map of volume mounts to be added for the Kubernetes component StaticPod type: object overrideImage: description: OverrideImage is a string that references a container image to override the default one for the Kubernetes Component type: string type: object kubeScheduler: description: KubeScheduler defines optional custom configuration of the Kube Scheduler. properties: extraArgs: description: 'ExtraArgs is a list of command line arguments (format: flag=value) to pass to a Kubernetes Component command.' items: type: string type: array extraEnv: additionalProperties: type: string description: ExtraEnv is a map of environment variables to pass on to a Kubernetes Component command. type: object extraMounts: additionalProperties: type: string description: ExtraMounts is a map of volume mounts to be added for the Kubernetes component StaticPod type: object overrideImage: description: OverrideImage is a string that references a container image to override the default one for the Kubernetes Component type: string type: object pauseImage: description: PauseImage Override image to use for pause. type: string serviceNodePortRange: description: 'ServiceNodePortRange is the port range to reserve for services with NodePort visibility (default: "30000-32767").' type: string tlsSan: description: TLSSan Add additional hostname or IP as a Subject Alternative Name in the TLS cert. items: type: string type: array type: object version: description: |- Version defines the desired Kubernetes version. This field takes precedence over RKE2ConfigSpec.AgentConfig.Version (which is deprecated). pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$ type: string required: - infrastructureRef - rolloutStrategy type: object status: description: RKE2ControlPlaneStatus defines the observed state of RKE2ControlPlane. properties: availableServerIPs: description: AvailableServerIPs is a list of the Control Plane IP adds that can be used to register further nodes. items: type: string type: array conditions: description: Conditions defines current service state of the RKE2Config. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- A human readable message indicating details about the transition. This field may be empty. type: string reason: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty. type: string severity: description: |- Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: description: |- Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime - status - type type: object type: array dataSecretName: description: DataSecretName is the name of the secret that stores the bootstrap data script. type: string failureMessage: description: FailureMessage will be set on non-retryable errors. type: string failureReason: description: FailureReason will be set on non-retryable errors. type: string initialized: description: Initialized indicates the target cluster has completed initialization. type: boolean observedGeneration: description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer ready: description: Ready indicates the BootstrapData field is ready to be consumed. type: boolean readyReplicas: description: ReadyReplicas is the number of replicas current attached to this ControlPlane Resource and that have Ready Status. format: int32 type: integer replicas: description: Replicas is the number of replicas current attached to this ControlPlane Resource. format: int32 type: integer unavailableReplicas: description: UnavailableReplicas is the number of replicas current attached to this ControlPlane Resource and that are up-to-date with Control Plane config. format: int32 type: integer updatedReplicas: description: UpdatedReplicas is the number of replicas current attached to this ControlPlane Resource and that are up-to-date with Control Plane config. format: int32 type: integer version: description: |- Version represents the minimum Kubernetes version for the control plane machines in the cluster. type: string type: object type: object served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert controller-gen.kubebuilder.io/version: v0.14.0 labels: cluster.x-k8s.io/provider: control-plane-rke2 cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1 name: rke2controlplanetemplates.controlplane.cluster.x-k8s.io spec: conversion: strategy: Webhook webhook: clientConfig: caBundle: Cg== service: name: rke2-control-plane-webhook-service namespace: rke2-control-plane-system path: /convert conversionReviewVersions: - v1 - v1beta1 group: controlplane.cluster.x-k8s.io names: categories: - cluster-api kind: RKE2ControlPlaneTemplate listKind: RKE2ControlPlaneTemplateList plural: rke2controlplanetemplates shortNames: - rke2ct singular: rke2controlplanetemplate scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: RKE2ControlPlaneTemplate is the Schema for the rke2controlplanetemplates API. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: RKE2ControlPlaneTemplateSpec defines the desired state of RKE2ControlPlaneTemplate. type: object status: description: RKE2ControlPlaneTemplateStatus defines the observed state of RKE2ControlPlaneTemplate. type: object type: object served: true storage: false subresources: status: {} - name: v1beta1 schema: openAPIV3Schema: description: RKE2ControlPlaneTemplate is the Schema for the rke2controlplanetemplates API. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: Spec is the control plane specification for the template resource. properties: template: description: RKE2ControlPlaneTemplateResource contains spec for RKE2ControlPlaneTemplate. properties: spec: description: Spec is the specification of the desired behavior of the control plane. properties: agentConfig: description: AgentConfig specifies configuration for the agent nodes. properties: additionalUserData: description: |- AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the generated cloud-init/ignition script. properties: config: description: |- In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp". type: string data: additionalProperties: type: string description: |- Data allows to pass arbitrary set of key/value pairs consistent with https://cloudinit.readthedocs.io/en/latest/reference/modules.html to extend existing cloud-init configuration type: object strict: description: Strict controls if Config should be strictly parsed. If so, warnings are treated as errors. type: boolean type: object x-kubernetes-validations: - message: Only config or data could be populated at once rule: '!has(self.data) || !has(self.config)' airGapped: description: |- AirGapped is a boolean value to define if the bootstrapping should be air-gapped, basically supposing that online container registries and RKE2 install scripts are not reachable. type: boolean airGappedChecksum: description: |- AirGappedChecksum is a string value with a sha256sum checksum to compare with checksum of existing sha256sum-.txt file for packages already available on the machine before performing air-gapped installation. type: string cisProfile: description: CISProfile activates CIS compliance of RKE2 for a certain profile enum: - cis - cis-1.23 - cis-1.5 - cis-1.6 type: string containerRuntimeEndpoint: description: ContainerRuntimeEndpoint Disable embedded containerd and use alternative CRI implementation. type: string dataDir: description: DataDir Folder to hold state. type: string enableContainerdSElinux: description: |- EnableContainerdSElinux defines the policy for enabling SELinux for Containerd if value is true, Containerd will run with selinux-enabled=true flag if value is false, Containerd will run without the above flag type: boolean format: description: Format specifies the output format of the bootstrap data. Defaults to cloud-config. enum: - cloud-config - ignition type: string imageCredentialProviderConfigMap: description: |- ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config The config map should contain a key "credential-config.yaml" with YAML file content and a key "credential-provider-binaries" with the a path to the binaries for the credential provider. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic kubeProxy: description: KubeProxyArgs Customized flag for kube-proxy process. properties: extraArgs: description: 'ExtraArgs is a list of command line arguments (format: flag=value) to pass to a Kubernetes Component command.' items: type: string type: array extraEnv: additionalProperties: type: string description: ExtraEnv is a map of environment variables to pass on to a Kubernetes Component command. type: object extraMounts: additionalProperties: type: string description: ExtraMounts is a map of volume mounts to be added for the Kubernetes component StaticPod type: object overrideImage: description: OverrideImage is a string that references a container image to override the default one for the Kubernetes Component type: string type: object kubelet: description: KubeletArgs Customized flag for kubelet process. properties: extraArgs: description: 'ExtraArgs is a list of command line arguments (format: flag=value) to pass to a Kubernetes Component command.' items: type: string type: array extraEnv: additionalProperties: type: string description: ExtraEnv is a map of environment variables to pass on to a Kubernetes Component command. type: object extraMounts: additionalProperties: type: string description: ExtraMounts is a map of volume mounts to be added for the Kubernetes component StaticPod type: object overrideImage: description: OverrideImage is a string that references a container image to override the default one for the Kubernetes Component type: string type: object kubeletPath: description: KubeletPath Override kubelet binary path. type: string loadBalancerPort: description: |- LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444). type: integer nodeAnnotations: additionalProperties: type: string description: |- NodeAnnotations are annotations that are created on nodes post bootstrap phase. Unfortunately it is not possible to apply annotations via kubelet using current bootstrap configurations. Issue: https://github.com/kubernetes/kubernetes/issues/108046 type: object nodeLabels: description: NodeLabels Registering and starting kubelet with set of labels. items: type: string type: array nodeName: description: NodeNamePrefix Prefix to the Node Name that CAPI will generate. type: string nodeTaints: description: NodeTaints Registering kubelet with set of taints. items: type: string type: array ntp: description: NTP specifies NTP configuration properties: enabled: description: Enabled specifies whether NTP should be enabled type: boolean servers: description: Servers specifies which NTP servers to use items: type: string type: array type: object podSecurityAdmissionConfigFile: description: |- PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through spec.Files field. type: string protectKernelDefaults: description: |- ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults. if false, kernel tunable can be different from kubelet defaults type: boolean resolvConf: description: ResolvConf is a reference to a ConfigMap containing resolv.conf content for the node. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic runtimeImage: description: RuntimeImage override image to use for runtime binaries (containerd, kubectl, crictl, etc). type: string snapshotter: description: 'Snapshotter override default containerd snapshotter (default: "overlayfs").' type: string systemDefaultRegistry: description: SystemDefaultRegistry Private registry to be used for all system images. type: string type: object files: description: Files specifies extra files to be passed to user_data upon creation. items: description: File defines the input for generating write_files in cloud-init. properties: content: description: Content is the actual content of the file. type: string contentFrom: description: ContentFrom is a referenced source of content to populate the file. properties: secret: description: SecretFileSource represents a secret that should populate this file. properties: key: description: Key is the key in the secret's data map for this value. type: string name: description: Name of the secret in the RKE2BootstrapConfig's namespace to use. type: string required: - key - name type: object required: - secret type: object encoding: description: Encoding specifies the encoding of the file contents. enum: - base64 - gzip - gzip+base64 type: string owner: description: Owner specifies the ownership of the file, e.g. "root:root". type: string path: description: Path specifies the full path on disk where to store the file. type: string permissions: description: Permissions specifies the permissions to assign to the file, e.g. "0640". type: string required: - path type: object type: array infrastructureRef: description: |- InfrastructureRef is a required reference to a custom resource offered by an infrastructure provider. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic machineTemplate: description: |- MachineTemplate contains information about how machines should be shaped when creating or updating a control plane. properties: infrastructureRef: description: |- InfrastructureRef is a required reference to a custom resource offered by an infrastructure provider. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic metadata: description: |- Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata properties: annotations: additionalProperties: type: string description: |- Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations type: object labels: additionalProperties: type: string description: |- Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels type: object type: object nodeDrainTimeout: description: |- NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` type: string required: - infrastructureRef type: object manifestsConfigMapReference: description: |- ManifestsConfigMapReference references a ConfigMap which contains Kubernetes manifests to be deployed automatically on the cluster Each data entry in the ConfigMap will be will be copied to a folder on the control plane nodes that RKE2 scans and uses to deploy manifests. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic nodeDrainTimeout: description: |- NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` type: string postRKE2Commands: description: PostRKE2Commands specifies extra commands to run after rke2 setup runs. items: type: string type: array preRKE2Commands: description: PreRKE2Commands specifies extra commands to run before rke2 setup runs. items: type: string type: array privateRegistriesConfig: description: PrivateRegistriesConfig defines the containerd configuration for private registries and local registry mirrors. properties: configs: additionalProperties: description: RegistryConfig contains configuration used to communicate with the registry. properties: authSecret: description: |- Auth is a reference to a Secret containing information to authenticate to the registry. The Secret must provite a username and a password data entry. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic tls: description: |- TLS is a pair of CA/Cert/Key which then are used when creating the transport that communicates with the registry. properties: insecureSkipVerify: description: InsecureSkipVerify may be set to false to skip verifying the registry's certificate, default is true. type: boolean tlsConfigSecret: description: |- TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt which describe the TLS configuration necessary to connect to the registry. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic type: object type: object description: |- Configs are configs for each registry. The key is the FDQN or IP of the registry. type: object mirrors: additionalProperties: description: Mirror contains the config related to the registry mirror. properties: endpoint: description: |- Endpoints are endpoints for a namespace. CRI plugin will try the endpoints one by one until a working one is found. The endpoint must be a valid url with host specified. The scheme, host and path from the endpoint URL will be used. items: type: string type: array rewrite: additionalProperties: type: string description: |- Rewrites are repository rewrite rules for a namespace. When fetching image resources from an endpoint and a key matches the repository via regular expression matching it will be replaced with the corresponding value from the map in the resource request. type: object type: object description: Mirrors are namespace to mirror mapping for all namespaces. type: object type: object registrationAddress: description: |- RegistrationAddress is an explicit address to use when registering a node. This is required if the registration type is "address". Its for scenarios where a load-balancer or VIP is used. type: string registrationMethod: description: RegistrationMethod is the method to use for registering nodes into the RKE2 cluster. enum: - internal-first - internal-only-ips - external-only-ips - address - control-plane-endpoint - "" type: string replicas: description: Replicas is the number of replicas for the Control Plane. format: int32 type: integer rolloutStrategy: description: The RolloutStrategy to use to replace control plane machines with new ones. properties: rollingUpdate: description: Rolling update config params. Present only if RolloutStrategyType = RollingUpdate. properties: maxSurge: anyOf: - type: integer - type: string description: |- The maximum number of control planes that can be scheduled above or under the desired number of control planes. Value can be an absolute number 1 or 0. Defaults to 1. Example: when this is set to 1, the control plane can be scaled up immediately when the rolling update starts. x-kubernetes-int-or-string: true type: object type: description: |- Type of rollout. Currently the only supported strategy is "RollingUpdate". Default is RollingUpdate. type: string type: object serverConfig: description: ServerConfig specifies configuration for the agent nodes. properties: advertiseAddress: description: 'AdvertiseAddress IP address that apiserver uses to advertise to members of the cluster (default: node-external-ip/node-ip).' type: string auditPolicySecret: description: AuditPolicySecret path to the file that defines the audit policy configuration. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic bindAddress: description: 'BindAddress describes the rke2 bind address (default: 0.0.0.0).' type: string cloudControllerManager: description: CloudControllerManager defines optional custom configuration of the Cloud Controller Manager. properties: extraArgs: description: 'ExtraArgs is a list of command line arguments (format: flag=value) to pass to a Kubernetes Component command.' items: type: string type: array extraEnv: additionalProperties: type: string description: ExtraEnv is a map of environment variables to pass on to a Kubernetes Component command. type: object extraMounts: additionalProperties: type: string description: ExtraMounts is a map of volume mounts to be added for the Kubernetes component StaticPod type: object overrideImage: description: OverrideImage is a string that references a container image to override the default one for the Kubernetes Component type: string type: object cloudProviderConfigMap: description: |- CloudProviderConfigMap is a reference to a ConfigMap containing Cloud provider configuration. The config map must contain a key named cloud-config. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic cloudProviderName: description: CloudProviderName cloud provider name. type: string clusterDNS: description: 'ClusterDNS is the cluster IP for CoreDNS service. Should be in your service-cidr range (default: 10.43.0.10).' type: string clusterDomain: description: 'ClusterDomain is the cluster domain name (default: "cluster.local").' type: string cni: description: |- CNI describes the CNI Plugins to deploy, one of none, calico, canal, cilium; optionally with multus as the first value to enable the multus meta-plugin (default: canal). enum: - none - calico - canal - cilium type: string cniMultusEnable: description: |- CNIMultusEnable enables multus as the first CNI plugin (default: false). This option will automatically make Multus a primary CNI, and the value, if specified in the CNI field, as a secondary CNI plugin. type: boolean disableComponents: description: DisableComponents lists Kubernetes components and RKE2 plugin components that will be disabled. properties: kubernetesComponents: description: KubernetesComponents is a list of Kubernetes components to disable. items: description: 'DisabledKubernetesComponent is an enum field that can take one of the following values: scheduler, kubeProxy or cloudController.' enum: - scheduler - kubeProxy - cloudController type: string type: array pluginComponents: description: PluginComponents is a list of PluginComponents to disable. items: description: DisabledPluginComponent selects a plugin Components to be disabled. enum: - rke2-coredns - rke2-ingress-nginx - rke2-metrics-server type: string type: array type: object etcd: description: Etcd defines optional custom configuration of ETCD. properties: backupConfig: description: 'BackupConfig defines how RKE2 will snapshot ETCD: target storage, schedule, etc.' properties: directory: description: Directory to save db snapshots. type: string disableAutomaticSnapshots: description: |- DisableAutomaticSnapshots defines the policy for ETCD snapshots. true means automatic snapshots will be scheduled, false means automatic snapshots will not be scheduled. type: boolean retention: description: 'Retention Number of snapshots to retain Default: 5 (default: 5).' type: string s3: description: S3 Enable backup to an S3-compatible Object Store. properties: bucket: description: Bucket S3 bucket name. type: string endpoint: description: 'Endpoint S3 endpoint url (default: "s3.amazonaws.com").' type: string endpointCAsecret: description: |- EndpointCA references the Secret that contains a custom CA that should be trusted to connect to S3 endpoint. The secret must contain a key named "ca.pem" that contains the CA certificate. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic enforceSslVerify: description: EnforceSSLVerify may be set to false to skip verifying the registry's certificate, default is true. type: boolean folder: description: Folder S3 folder. type: string region: description: 'Region S3 region / bucket location (optional) (default: "us-east-1").' type: string s3CredentialSecret: description: |- S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket. The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key". properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic required: - endpoint - s3CredentialSecret type: object scheduleCron: description: 'ScheduleCron Snapshot interval time in cron spec. eg. every 5 hours ''* */5 * * *'' (default: "0 */12 * * *").' type: string snapshotName: description: 'SnapshotName Set the base name of etcd snapshots. Default: etcd-snapshot- (default: "etcd-snapshot").' type: string type: object customConfig: description: CustomConfig defines the custom settings for ETCD. properties: extraArgs: description: 'ExtraArgs is a list of command line arguments (format: flag=value) to pass to a Kubernetes Component command.' items: type: string type: array extraEnv: additionalProperties: type: string description: ExtraEnv is a map of environment variables to pass on to a Kubernetes Component command. type: object extraMounts: additionalProperties: type: string description: ExtraMounts is a map of volume mounts to be added for the Kubernetes component StaticPod type: object overrideImage: description: OverrideImage is a string that references a container image to override the default one for the Kubernetes Component type: string type: object exposeMetrics: description: |- ExposeEtcdMetrics defines the policy for ETCD Metrics exposure. if value is true, ETCD metrics will be exposed if value is false, ETCD metrics will NOT be exposed type: boolean type: object kubeAPIServer: description: KubeAPIServer defines optional custom configuration of the Kube API Server. properties: extraArgs: description: 'ExtraArgs is a list of command line arguments (format: flag=value) to pass to a Kubernetes Component command.' items: type: string type: array extraEnv: additionalProperties: type: string description: ExtraEnv is a map of environment variables to pass on to a Kubernetes Component command. type: object extraMounts: additionalProperties: type: string description: ExtraMounts is a map of volume mounts to be added for the Kubernetes component StaticPod type: object overrideImage: description: OverrideImage is a string that references a container image to override the default one for the Kubernetes Component type: string type: object kubeControllerManager: description: KubeControllerManager defines optional custom configuration of the Kube Controller Manager. properties: extraArgs: description: 'ExtraArgs is a list of command line arguments (format: flag=value) to pass to a Kubernetes Component command.' items: type: string type: array extraEnv: additionalProperties: type: string description: ExtraEnv is a map of environment variables to pass on to a Kubernetes Component command. type: object extraMounts: additionalProperties: type: string description: ExtraMounts is a map of volume mounts to be added for the Kubernetes component StaticPod type: object overrideImage: description: OverrideImage is a string that references a container image to override the default one for the Kubernetes Component type: string type: object kubeScheduler: description: KubeScheduler defines optional custom configuration of the Kube Scheduler. properties: extraArgs: description: 'ExtraArgs is a list of command line arguments (format: flag=value) to pass to a Kubernetes Component command.' items: type: string type: array extraEnv: additionalProperties: type: string description: ExtraEnv is a map of environment variables to pass on to a Kubernetes Component command. type: object extraMounts: additionalProperties: type: string description: ExtraMounts is a map of volume mounts to be added for the Kubernetes component StaticPod type: object overrideImage: description: OverrideImage is a string that references a container image to override the default one for the Kubernetes Component type: string type: object pauseImage: description: PauseImage Override image to use for pause. type: string serviceNodePortRange: description: 'ServiceNodePortRange is the port range to reserve for services with NodePort visibility (default: "30000-32767").' type: string tlsSan: description: TLSSan Add additional hostname or IP as a Subject Alternative Name in the TLS cert. items: type: string type: array type: object version: description: |- Version defines the desired Kubernetes version. This field takes precedence over RKE2ConfigSpec.AgentConfig.Version (which is deprecated). pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$ type: string required: - infrastructureRef - rolloutStrategy type: object required: - spec type: object required: - template type: object status: description: Status is the current state of the control plane. properties: availableServerIPs: description: AvailableServerIPs is a list of the Control Plane IP adds that can be used to register further nodes. items: type: string type: array conditions: description: Conditions defines current service state of the RKE2Config. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- A human readable message indicating details about the transition. This field may be empty. type: string reason: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty. type: string severity: description: |- Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: description: |- Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime - status - type type: object type: array dataSecretName: description: DataSecretName is the name of the secret that stores the bootstrap data script. type: string failureMessage: description: FailureMessage will be set on non-retryable errors. type: string failureReason: description: FailureReason will be set on non-retryable errors. type: string initialized: description: Initialized indicates the target cluster has completed initialization. type: boolean observedGeneration: description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer ready: description: Ready indicates the BootstrapData field is ready to be consumed. type: boolean readyReplicas: description: ReadyReplicas is the number of replicas current attached to this ControlPlane Resource and that have Ready Status. format: int32 type: integer replicas: description: Replicas is the number of replicas current attached to this ControlPlane Resource. format: int32 type: integer unavailableReplicas: description: UnavailableReplicas is the number of replicas current attached to this ControlPlane Resource and that are up-to-date with Control Plane config. format: int32 type: integer updatedReplicas: description: UpdatedReplicas is the number of replicas current attached to this ControlPlane Resource and that are up-to-date with Control Plane config. format: int32 type: integer version: description: |- Version represents the minimum Kubernetes version for the control plane machines in the cluster. type: string type: object type: object served: true storage: true --- apiVersion: v1 kind: ServiceAccount metadata: labels: cluster.x-k8s.io/provider: control-plane-rke2 name: rke2-control-plane-manager namespace: rke2-control-plane-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: cluster.x-k8s.io/provider: control-plane-rke2 name: rke2-control-plane-leader-election-role namespace: rke2-control-plane-system rules: - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - create - update - patch - delete - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - events verbs: - create - patch --- aggregationRule: clusterRoleSelectors: - matchLabels: rke2.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true" apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: cluster.x-k8s.io/provider: control-plane-rke2 name: rke2-control-plane-aggregated-manager-role rules: [] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: cluster.x-k8s.io/provider: control-plane-rke2 rke2.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true" name: rke2-control-plane-manager-role rules: - apiGroups: - "" resources: - configmaps - events - secrets verbs: - create - delete - get - list - patch - update - watch - apiGroups: - authentication.k8s.io resources: - tokenreviews verbs: - create - apiGroups: - authorization.k8s.io resources: - subjectaccessreviews verbs: - create - apiGroups: - bootstrap.cluster.x-k8s.io resources: - rke2configs verbs: - create - delete - get - list - patch - watch - apiGroups: - cluster.x-k8s.io resources: - clusters - clusters/status - machinepools - machinepools/status - machines - machines/status - machinesets verbs: - create - delete - get - list - patch - update - watch - apiGroups: - controlplane.cluster.x-k8s.io resources: - rke2controlplanes verbs: - create - delete - get - list - patch - update - watch - apiGroups: - controlplane.cluster.x-k8s.io resources: - rke2controlplanes/finalizers verbs: - update - apiGroups: - controlplane.cluster.x-k8s.io resources: - rke2controlplanes/status verbs: - get - patch - update - apiGroups: - infrastructure.cluster.x-k8s.io resources: - '*' verbs: - create - delete - get - list - patch - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: cluster.x-k8s.io/provider: control-plane-rke2 name: rke2-control-plane-leader-election-rolebinding namespace: rke2-control-plane-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: rke2-control-plane-leader-election-role subjects: - kind: ServiceAccount name: rke2-control-plane-manager namespace: rke2-control-plane-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: cluster.x-k8s.io/provider: control-plane-rke2 name: rke2-control-plane-manager-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: rke2-control-plane-aggregated-manager-role subjects: - kind: ServiceAccount name: rke2-control-plane-manager namespace: rke2-control-plane-system --- apiVersion: v1 kind: Service metadata: labels: cluster.x-k8s.io/provider: control-plane-rke2 name: rke2-control-plane-webhook-service namespace: rke2-control-plane-system spec: ports: - port: 443 targetPort: webhook-server selector: cluster.x-k8s.io/provider: control-plane-rke2 --- apiVersion: apps/v1 kind: Deployment metadata: labels: cluster.x-k8s.io/provider: control-plane-rke2 control-plane: controller-manager name: rke2-control-plane-controller-manager namespace: rke2-control-plane-system spec: replicas: 1 selector: matchLabels: cluster.x-k8s.io/provider: control-plane-rke2 control-plane: controller-manager template: metadata: annotations: kubectl.kubernetes.io/default-container: manager labels: cluster.x-k8s.io/provider: control-plane-rke2 control-plane: controller-manager spec: containers: - args: - --leader-elect - --diagnostics-address=${CAPRKE2_DIAGNOSTICS_ADDRESS:=:8443} - --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false} command: - /manager env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_UID valueFrom: fieldRef: fieldPath: metadata.uid image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.8.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /healthz port: healthz name: manager ports: - containerPort: 9443 name: webhook-server protocol: TCP - containerPort: 9440 name: healthz protocol: TCP - containerPort: 8443 name: metrics protocol: TCP readinessProbe: httpGet: path: /readyz port: healthz resources: limits: cpu: 500m memory: 256Mi requests: cpu: 10m memory: 64Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false runAsGroup: 65532 runAsUser: 65532 volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault serviceAccountName: rke2-control-plane-manager terminationGracePeriodSeconds: 10 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master - effect: NoSchedule key: node-role.kubernetes.io/control-plane volumes: - name: cert secret: secretName: rke2-control-plane-webhook-service-cert --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: labels: cluster.x-k8s.io/provider: control-plane-rke2 name: rke2-control-plane-serving-cert namespace: rke2-control-plane-system spec: dnsNames: - rke2-control-plane-webhook-service.rke2-control-plane-system.svc - rke2-control-plane-webhook-service.rke2-control-plane-system.svc.cluster.local issuerRef: kind: Issuer name: rke2-control-plane-selfsigned-issuer secretName: rke2-control-plane-webhook-service-cert subject: organizations: - Rancher by SUSE --- apiVersion: cert-manager.io/v1 kind: Issuer metadata: labels: cluster.x-k8s.io/provider: control-plane-rke2 name: rke2-control-plane-selfsigned-issuer namespace: rke2-control-plane-system spec: selfSigned: {} --- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: annotations: cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert labels: cluster.x-k8s.io/provider: control-plane-rke2 name: rke2-control-plane-mutating-webhook-configuration webhooks: - admissionReviewVersions: - v1 clientConfig: service: name: rke2-control-plane-webhook-service namespace: rke2-control-plane-system path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-rke2controlplane failurePolicy: Fail name: mrke2controlplane.kb.io rules: - apiGroups: - controlplane.cluster.x-k8s.io apiVersions: - v1beta1 operations: - CREATE - UPDATE resources: - rke2controlplanes sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: rke2-control-plane-webhook-service namespace: rke2-control-plane-system path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-rke2controlplanetemplate failurePolicy: Fail name: mrke2controlplanetemplate.kb.io rules: - apiGroups: - controlplane.cluster.x-k8s.io apiVersions: - v1beta1 operations: - CREATE - UPDATE resources: - rke2controlplanetemplates sideEffects: None --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: annotations: cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert labels: cluster.x-k8s.io/provider: control-plane-rke2 name: rke2-control-plane-validating-webhook-configuration webhooks: - admissionReviewVersions: - v1 clientConfig: service: name: rke2-control-plane-webhook-service namespace: rke2-control-plane-system path: /validate-controlplane-cluster-x-k8s-io-v1beta1-rke2controlplane failurePolicy: Fail name: vrke2controlplane.kb.io rules: - apiGroups: - controlplane.cluster.x-k8s.io apiVersions: - v1beta1 operations: - CREATE - UPDATE resources: - rke2controlplanes sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: rke2-control-plane-webhook-service namespace: rke2-control-plane-system path: /validate-controlplane-cluster-x-k8s-io-v1beta1-rke2controlplanetemplate failurePolicy: Fail name: vrke2controlplanetemplate.kb.io rules: - apiGroups: - controlplane.cluster.x-k8s.io apiVersions: - v1beta1 operations: - CREATE - UPDATE resources: - rke2controlplanetemplates sideEffects: None metadata: | # maps release series of major.minor to cluster-api contract version # the contract version may change between minor or major versions, but *not* # between patch versions. # # update this file only when a new major or minor version is released apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 kind: Metadata releaseSeries: - major: 0 minor: 1 contract: v1beta1 - major: 0 minor: 2 contract: v1beta1 - major: 0 minor: 3 contract: v1beta1 - major: 0 minor: 4 contract: v1beta1 - major: 0 minor: 5 contract: v1beta1 - major: 0 minor: 6 contract: v1beta1 - major: 0 minor: 7 contract: v1beta1 - major: 0 minor: 8 contract: v1beta1 kind: ConfigMap metadata: creationTimestamp: null name: v0.8.0 namespace: rke2-control-plane-system labels: provider-components: rke2-control-plane