2765 lines
154 KiB
YAML
2765 lines
154 KiB
YAML
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
labels:
|
|
cluster.x-k8s.io/provider: bootstrap-rke2
|
|
control-plane: controller-manager
|
|
name: rke2-bootstrap-system
|
|
---
|
|
apiVersion: v1
|
|
data:
|
|
components: |
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
labels:
|
|
cluster.x-k8s.io/provider: bootstrap-rke2
|
|
control-plane: controller-manager
|
|
name: rke2-bootstrap-system
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
|
|
controller-gen.kubebuilder.io/version: v0.14.0
|
|
labels:
|
|
cluster.x-k8s.io/provider: bootstrap-rke2
|
|
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
|
|
name: rke2configs.bootstrap.cluster.x-k8s.io
|
|
spec:
|
|
conversion:
|
|
strategy: Webhook
|
|
webhook:
|
|
clientConfig:
|
|
caBundle: Cg==
|
|
service:
|
|
name: rke2-bootstrap-webhook-service
|
|
namespace: rke2-bootstrap-system
|
|
path: /convert
|
|
conversionReviewVersions:
|
|
- v1
|
|
- v1beta1
|
|
group: bootstrap.cluster.x-k8s.io
|
|
names:
|
|
kind: RKE2Config
|
|
listKind: RKE2ConfigList
|
|
plural: rke2configs
|
|
singular: rke2config
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: RKE2Config is the Schema for the rke2configs API.
|
|
properties:
|
|
apiVersion:
|
|
description: |-
|
|
APIVersion defines the versioned schema of this representation of an object.
|
|
Servers should convert recognized schemas to the latest internal value, and
|
|
may reject unrecognized values.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind is a string value representing the REST resource this object represents.
|
|
Servers may infer this from the endpoint the client submits requests to.
|
|
Cannot be updated.
|
|
In CamelCase.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: RKE2ConfigSpec defines the desired state of RKE2Config.
|
|
properties:
|
|
agentConfig:
|
|
description: AgentConfig specifies configuration for the agent nodes.
|
|
properties:
|
|
additionalUserData:
|
|
description: |-
|
|
AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the
|
|
generated cloud-init/ignition script.
|
|
properties:
|
|
config:
|
|
description: |-
|
|
In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
|
|
NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp".
|
|
Deprecated: Data is reserved for the arbitrary cloud-init data
|
|
type: string
|
|
data:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
Data allows to pass arbitrary set of key/value pairs consistent with
|
|
https://cloudinit.readthedocs.io/en/latest/reference/modules.html
|
|
to extend existing cloud-init configuration
|
|
type: object
|
|
strict:
|
|
description: Strict controls if Config should be strictly
|
|
parsed. If so, warnings are treated as errors.
|
|
type: boolean
|
|
type: object
|
|
x-kubernetes-validations:
|
|
- message: Only config or data could be populated at once
|
|
rule: '!has(self.data) || !has(self.config)'
|
|
airGapped:
|
|
description: |-
|
|
AirGapped is a boolean value to define if the bootstrapping should be air-gapped,
|
|
basically supposing that online container registries and RKE2 install scripts are not reachable.
|
|
type: boolean
|
|
cisProfile:
|
|
description: CISProfile activates CIS compliance of RKE2 for a
|
|
certain profile
|
|
enum:
|
|
- cis
|
|
- cis-1.23
|
|
- cis-1.5
|
|
- cis-1.6
|
|
type: string
|
|
containerRuntimeEndpoint:
|
|
description: ContainerRuntimeEndpoint Disable embedded containerd
|
|
and use alternative CRI implementation.
|
|
type: string
|
|
dataDir:
|
|
description: DataDir Folder to hold state.
|
|
type: string
|
|
enableContainerdSElinux:
|
|
description: |-
|
|
EnableContainerdSElinux defines the policy for enabling SELinux for Containerd
|
|
if value is true, Containerd will run with selinux-enabled=true flag
|
|
if value is false, Containerd will run without the above flag
|
|
type: boolean
|
|
format:
|
|
description: Format specifies the output format of the bootstrap
|
|
data. Defaults to cloud-config.
|
|
enum:
|
|
- cloud-config
|
|
- ignition
|
|
type: string
|
|
imageCredentialProviderConfigMap:
|
|
description: |-
|
|
ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config
|
|
The config map should contain a key "credential-config.yaml" with YAML file content and
|
|
a key "credential-provider-binaries" with the a path to the binaries for the credential provider.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
kubeProxy:
|
|
description: KubeProxyArgs Customized flag for kube-proxy process.
|
|
properties:
|
|
extraArgs:
|
|
description: 'ExtraArgs is a list of command line arguments
|
|
(format: flag=value) to pass to a Kubernetes Component command.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
extraEnv:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraEnv is a map of environment variables to
|
|
pass on to a Kubernetes Component command.
|
|
type: object
|
|
extraMounts:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraMounts is a map of volume mounts to be added
|
|
for the Kubernetes component StaticPod
|
|
type: object
|
|
overrideImage:
|
|
description: OverrideImage is a string that references a container
|
|
image to override the default one for the Kubernetes Component
|
|
type: string
|
|
type: object
|
|
kubelet:
|
|
description: KubeletArgs Customized flag for kubelet process.
|
|
properties:
|
|
extraArgs:
|
|
description: 'ExtraArgs is a list of command line arguments
|
|
(format: flag=value) to pass to a Kubernetes Component command.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
extraEnv:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraEnv is a map of environment variables to
|
|
pass on to a Kubernetes Component command.
|
|
type: object
|
|
extraMounts:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraMounts is a map of volume mounts to be added
|
|
for the Kubernetes component StaticPod
|
|
type: object
|
|
overrideImage:
|
|
description: OverrideImage is a string that references a container
|
|
image to override the default one for the Kubernetes Component
|
|
type: string
|
|
type: object
|
|
kubeletPath:
|
|
description: KubeletPath Override kubelet binary path.
|
|
type: string
|
|
loadBalancerPort:
|
|
description: |-
|
|
LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are
|
|
not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444).
|
|
type: integer
|
|
nodeAnnotations:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
NodeAnnotations are annotations that are created on nodes post bootstrap phase.
|
|
Unfortunately it is not possible to apply annotations via kubelet
|
|
using current bootstrap configurations.
|
|
Issue: https://github.com/kubernetes/kubernetes/issues/108046
|
|
type: object
|
|
nodeLabels:
|
|
description: NodeLabels Registering and starting kubelet with
|
|
set of labels.
|
|
items:
|
|
type: string
|
|
type: array
|
|
nodeName:
|
|
description: NodeNamePrefix Prefix to the Node Name that CAPI
|
|
will generate.
|
|
type: string
|
|
nodeTaints:
|
|
description: NodeTaints Registering kubelet with set of taints.
|
|
items:
|
|
type: string
|
|
type: array
|
|
ntp:
|
|
description: NTP specifies NTP configuration
|
|
properties:
|
|
enabled:
|
|
description: Enabled specifies whether NTP should be enabled
|
|
type: boolean
|
|
servers:
|
|
description: Servers specifies which NTP servers to use
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
protectKernelDefaults:
|
|
description: |-
|
|
ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
|
|
if false, kernel tunable can be different from kubelet defaults
|
|
type: boolean
|
|
resolvConf:
|
|
description: ResolvConf is a reference to a ConfigMap containing
|
|
resolv.conf content for the node.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
runtimeImage:
|
|
description: RuntimeImage override image to use for runtime binaries
|
|
(containerd, kubectl, crictl, etc).
|
|
type: string
|
|
snapshotter:
|
|
description: 'Snapshotter override default containerd snapshotter
|
|
(default: "overlayfs").'
|
|
type: string
|
|
systemDefaultRegistry:
|
|
description: SystemDefaultRegistry Private registry to be used
|
|
for all system images.
|
|
type: string
|
|
version:
|
|
description: Version specifies the rke2 version.
|
|
type: string
|
|
type: object
|
|
files:
|
|
description: Files specifies extra files to be passed to user_data
|
|
upon creation.
|
|
items:
|
|
description: File defines the input for generating write_files in
|
|
cloud-init.
|
|
properties:
|
|
content:
|
|
description: Content is the actual content of the file.
|
|
type: string
|
|
contentFrom:
|
|
description: ContentFrom is a referenced source of content to
|
|
populate the file.
|
|
properties:
|
|
secret:
|
|
description: SecretFileSource represents a secret that should
|
|
populate this file.
|
|
properties:
|
|
key:
|
|
description: Key is the key in the secret's data map
|
|
for this value.
|
|
type: string
|
|
name:
|
|
description: Name of the secret in the RKE2BootstrapConfig's
|
|
namespace to use.
|
|
type: string
|
|
required:
|
|
- key
|
|
- name
|
|
type: object
|
|
required:
|
|
- secret
|
|
type: object
|
|
encoding:
|
|
description: Encoding specifies the encoding of the file contents.
|
|
enum:
|
|
- base64
|
|
- gzip
|
|
- gzip+base64
|
|
type: string
|
|
owner:
|
|
description: Owner specifies the ownership of the file, e.g.
|
|
"root:root".
|
|
type: string
|
|
path:
|
|
description: Path specifies the full path on disk where to store
|
|
the file.
|
|
type: string
|
|
permissions:
|
|
description: Permissions specifies the permissions to assign
|
|
to the file, e.g. "0640".
|
|
type: string
|
|
required:
|
|
- path
|
|
type: object
|
|
type: array
|
|
postRKE2Commands:
|
|
description: PostRKE2Commands specifies extra commands to run after
|
|
rke2 setup runs.
|
|
items:
|
|
type: string
|
|
type: array
|
|
preRKE2Commands:
|
|
description: PreRKE2Commands specifies extra commands to run before
|
|
rke2 setup runs.
|
|
items:
|
|
type: string
|
|
type: array
|
|
privateRegistriesConfig:
|
|
description: PrivateRegistriesConfig defines the containerd configuration
|
|
for private registries and local registry mirrors.
|
|
properties:
|
|
configs:
|
|
additionalProperties:
|
|
description: RegistryConfig contains configuration used to communicate
|
|
with the registry.
|
|
properties:
|
|
authSecret:
|
|
description: |-
|
|
Auth si a reference to a Secret containing information to authenticate to the registry.
|
|
The Secret must provite a username and a password data entry.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
tls:
|
|
description: |-
|
|
TLS is a pair of CA/Cert/Key which then are used when creating the transport
|
|
that communicates with the registry.
|
|
properties:
|
|
insecureSkipVerify:
|
|
description: InsecureSkipVerify may be set to false
|
|
to skip verifying the registry's certificate, default
|
|
is true.
|
|
type: boolean
|
|
tlsConfigSecret:
|
|
description: |-
|
|
TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt
|
|
which describe the TLS configuration necessary to connect to the registry.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: object
|
|
type: object
|
|
description: |-
|
|
Configs are configs for each registry.
|
|
The key is the FDQN or IP of the registry.
|
|
type: object
|
|
mirrors:
|
|
additionalProperties:
|
|
description: Mirror contains the config related to the registry
|
|
mirror.
|
|
properties:
|
|
endpoint:
|
|
description: |-
|
|
Endpoints are endpoints for a namespace. CRI plugin will try the endpoints
|
|
one by one until a working one is found. The endpoint must be a valid url
|
|
with host specified.
|
|
The scheme, host and path from the endpoint URL will be used.
|
|
items:
|
|
type: string
|
|
type: array
|
|
rewrite:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
Rewrites are repository rewrite rules for a namespace. When fetching image resources
|
|
from an endpoint and a key matches the repository via regular expression matching
|
|
it will be replaced with the corresponding value from the map in the resource request.
|
|
type: object
|
|
type: object
|
|
description: Mirrors are namespace to mirror mapping for all namespaces.
|
|
type: object
|
|
type: object
|
|
type: object
|
|
status:
|
|
description: RKE2ConfigStatus defines the observed state of RKE2Config.
|
|
properties:
|
|
conditions:
|
|
description: Conditions defines current service state of the RKE2Config.
|
|
items:
|
|
description: Condition defines an observation of a Cluster API resource
|
|
operational state.
|
|
properties:
|
|
lastTransitionTime:
|
|
description: |-
|
|
Last time the condition transitioned from one status to another.
|
|
This should be when the underlying condition changed. If that is not known, then using the time when
|
|
the API field changed is acceptable.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: |-
|
|
A human readable message indicating details about the transition.
|
|
This field may be empty.
|
|
type: string
|
|
reason:
|
|
description: |-
|
|
The reason for the condition's last transition in CamelCase.
|
|
The specific API may choose whether or not this field is considered a guaranteed API.
|
|
This field may not be empty.
|
|
type: string
|
|
severity:
|
|
description: |-
|
|
Severity provides an explicit classification of Reason code, so the users or machines can immediately
|
|
understand the current situation and act accordingly.
|
|
The Severity field MUST be set only when Status=False.
|
|
type: string
|
|
status:
|
|
description: Status of the condition, one of True, False, Unknown.
|
|
type: string
|
|
type:
|
|
description: |-
|
|
Type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
|
|
can be useful (see .node.status.conditions), the ability to deconflict is important.
|
|
type: string
|
|
required:
|
|
- lastTransitionTime
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
dataSecretName:
|
|
description: DataSecretName is the name of the secret that stores
|
|
the bootstrap data script.
|
|
type: string
|
|
failureMessage:
|
|
description: FailureMessage will be set on non-retryable errors.
|
|
type: string
|
|
failureReason:
|
|
description: FailureReason will be set on non-retryable errors.
|
|
type: string
|
|
observedGeneration:
|
|
description: ObservedGeneration is the latest generation observed
|
|
by the controller.
|
|
format: int64
|
|
type: integer
|
|
ready:
|
|
description: Ready indicates the BootstrapData field is ready to be
|
|
consumed.
|
|
type: boolean
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: false
|
|
subresources:
|
|
status: {}
|
|
- name: v1beta1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: RKE2Config is the Schema for the rke2configs API.
|
|
properties:
|
|
apiVersion:
|
|
description: |-
|
|
APIVersion defines the versioned schema of this representation of an object.
|
|
Servers should convert recognized schemas to the latest internal value, and
|
|
may reject unrecognized values.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind is a string value representing the REST resource this object represents.
|
|
Servers may infer this from the endpoint the client submits requests to.
|
|
Cannot be updated.
|
|
In CamelCase.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: RKE2ConfigSpec defines the desired state of RKE2Config.
|
|
properties:
|
|
agentConfig:
|
|
description: AgentConfig specifies configuration for the agent nodes.
|
|
properties:
|
|
additionalUserData:
|
|
description: |-
|
|
AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the
|
|
generated cloud-init/ignition script.
|
|
properties:
|
|
config:
|
|
description: |-
|
|
In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
|
|
NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp".
|
|
type: string
|
|
data:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
Data allows to pass arbitrary set of key/value pairs consistent with
|
|
https://cloudinit.readthedocs.io/en/latest/reference/modules.html
|
|
to extend existing cloud-init configuration
|
|
type: object
|
|
strict:
|
|
description: Strict controls if Config should be strictly
|
|
parsed. If so, warnings are treated as errors.
|
|
type: boolean
|
|
type: object
|
|
x-kubernetes-validations:
|
|
- message: Only config or data could be populated at once
|
|
rule: '!has(self.data) || !has(self.config)'
|
|
airGapped:
|
|
description: |-
|
|
AirGapped is a boolean value to define if the bootstrapping should be air-gapped,
|
|
basically supposing that online container registries and RKE2 install scripts are not reachable.
|
|
type: boolean
|
|
airGappedChecksum:
|
|
description: |-
|
|
AirGappedChecksum is a string value with a sha256sum checksum to compare with checksum
|
|
of existing sha256sum-<arch>.txt file for packages already available on the machine
|
|
before performing air-gapped installation.
|
|
type: string
|
|
cisProfile:
|
|
description: CISProfile activates CIS compliance of RKE2 for a
|
|
certain profile
|
|
enum:
|
|
- cis
|
|
- cis-1.23
|
|
- cis-1.5
|
|
- cis-1.6
|
|
type: string
|
|
containerRuntimeEndpoint:
|
|
description: ContainerRuntimeEndpoint Disable embedded containerd
|
|
and use alternative CRI implementation.
|
|
type: string
|
|
dataDir:
|
|
description: DataDir Folder to hold state.
|
|
type: string
|
|
enableContainerdSElinux:
|
|
description: |-
|
|
EnableContainerdSElinux defines the policy for enabling SELinux for Containerd
|
|
if value is true, Containerd will run with selinux-enabled=true flag
|
|
if value is false, Containerd will run without the above flag
|
|
type: boolean
|
|
format:
|
|
description: Format specifies the output format of the bootstrap
|
|
data. Defaults to cloud-config.
|
|
enum:
|
|
- cloud-config
|
|
- ignition
|
|
type: string
|
|
imageCredentialProviderConfigMap:
|
|
description: |-
|
|
ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config
|
|
The config map should contain a key "credential-config.yaml" with YAML file content and
|
|
a key "credential-provider-binaries" with the a path to the binaries for the credential provider.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
kubeProxy:
|
|
description: KubeProxyArgs Customized flag for kube-proxy process.
|
|
properties:
|
|
extraArgs:
|
|
description: 'ExtraArgs is a list of command line arguments
|
|
(format: flag=value) to pass to a Kubernetes Component command.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
extraEnv:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraEnv is a map of environment variables to
|
|
pass on to a Kubernetes Component command.
|
|
type: object
|
|
extraMounts:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraMounts is a map of volume mounts to be added
|
|
for the Kubernetes component StaticPod
|
|
type: object
|
|
overrideImage:
|
|
description: OverrideImage is a string that references a container
|
|
image to override the default one for the Kubernetes Component
|
|
type: string
|
|
type: object
|
|
kubelet:
|
|
description: KubeletArgs Customized flag for kubelet process.
|
|
properties:
|
|
extraArgs:
|
|
description: 'ExtraArgs is a list of command line arguments
|
|
(format: flag=value) to pass to a Kubernetes Component command.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
extraEnv:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraEnv is a map of environment variables to
|
|
pass on to a Kubernetes Component command.
|
|
type: object
|
|
extraMounts:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraMounts is a map of volume mounts to be added
|
|
for the Kubernetes component StaticPod
|
|
type: object
|
|
overrideImage:
|
|
description: OverrideImage is a string that references a container
|
|
image to override the default one for the Kubernetes Component
|
|
type: string
|
|
type: object
|
|
kubeletPath:
|
|
description: KubeletPath Override kubelet binary path.
|
|
type: string
|
|
loadBalancerPort:
|
|
description: |-
|
|
LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are
|
|
not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444).
|
|
type: integer
|
|
nodeAnnotations:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
NodeAnnotations are annotations that are created on nodes post bootstrap phase.
|
|
Unfortunately it is not possible to apply annotations via kubelet
|
|
using current bootstrap configurations.
|
|
Issue: https://github.com/kubernetes/kubernetes/issues/108046
|
|
type: object
|
|
nodeLabels:
|
|
description: NodeLabels Registering and starting kubelet with
|
|
set of labels.
|
|
items:
|
|
type: string
|
|
type: array
|
|
nodeName:
|
|
description: NodeNamePrefix Prefix to the Node Name that CAPI
|
|
will generate.
|
|
type: string
|
|
nodeTaints:
|
|
description: NodeTaints Registering kubelet with set of taints.
|
|
items:
|
|
type: string
|
|
type: array
|
|
ntp:
|
|
description: NTP specifies NTP configuration
|
|
properties:
|
|
enabled:
|
|
description: Enabled specifies whether NTP should be enabled
|
|
type: boolean
|
|
servers:
|
|
description: Servers specifies which NTP servers to use
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
podSecurityAdmissionConfigFile:
|
|
description: |-
|
|
PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through
|
|
spec.Files field.
|
|
type: string
|
|
protectKernelDefaults:
|
|
description: |-
|
|
ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
|
|
if false, kernel tunable can be different from kubelet defaults
|
|
type: boolean
|
|
resolvConf:
|
|
description: ResolvConf is a reference to a ConfigMap containing
|
|
resolv.conf content for the node.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
runtimeImage:
|
|
description: RuntimeImage override image to use for runtime binaries
|
|
(containerd, kubectl, crictl, etc).
|
|
type: string
|
|
snapshotter:
|
|
description: 'Snapshotter override default containerd snapshotter
|
|
(default: "overlayfs").'
|
|
type: string
|
|
systemDefaultRegistry:
|
|
description: SystemDefaultRegistry Private registry to be used
|
|
for all system images.
|
|
type: string
|
|
type: object
|
|
files:
|
|
description: Files specifies extra files to be passed to user_data
|
|
upon creation.
|
|
items:
|
|
description: File defines the input for generating write_files in
|
|
cloud-init.
|
|
properties:
|
|
content:
|
|
description: Content is the actual content of the file.
|
|
type: string
|
|
contentFrom:
|
|
description: ContentFrom is a referenced source of content to
|
|
populate the file.
|
|
properties:
|
|
secret:
|
|
description: SecretFileSource represents a secret that should
|
|
populate this file.
|
|
properties:
|
|
key:
|
|
description: Key is the key in the secret's data map
|
|
for this value.
|
|
type: string
|
|
name:
|
|
description: Name of the secret in the RKE2BootstrapConfig's
|
|
namespace to use.
|
|
type: string
|
|
required:
|
|
- key
|
|
- name
|
|
type: object
|
|
required:
|
|
- secret
|
|
type: object
|
|
encoding:
|
|
description: Encoding specifies the encoding of the file contents.
|
|
enum:
|
|
- base64
|
|
- gzip
|
|
- gzip+base64
|
|
type: string
|
|
owner:
|
|
description: Owner specifies the ownership of the file, e.g.
|
|
"root:root".
|
|
type: string
|
|
path:
|
|
description: Path specifies the full path on disk where to store
|
|
the file.
|
|
type: string
|
|
permissions:
|
|
description: Permissions specifies the permissions to assign
|
|
to the file, e.g. "0640".
|
|
type: string
|
|
required:
|
|
- path
|
|
type: object
|
|
type: array
|
|
postRKE2Commands:
|
|
description: PostRKE2Commands specifies extra commands to run after
|
|
rke2 setup runs.
|
|
items:
|
|
type: string
|
|
type: array
|
|
preRKE2Commands:
|
|
description: PreRKE2Commands specifies extra commands to run before
|
|
rke2 setup runs.
|
|
items:
|
|
type: string
|
|
type: array
|
|
privateRegistriesConfig:
|
|
description: PrivateRegistriesConfig defines the containerd configuration
|
|
for private registries and local registry mirrors.
|
|
properties:
|
|
configs:
|
|
additionalProperties:
|
|
description: RegistryConfig contains configuration used to communicate
|
|
with the registry.
|
|
properties:
|
|
authSecret:
|
|
description: |-
|
|
Auth is a reference to a Secret containing information to authenticate to the registry.
|
|
The Secret must provite a username and a password data entry.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
tls:
|
|
description: |-
|
|
TLS is a pair of CA/Cert/Key which then are used when creating the transport
|
|
that communicates with the registry.
|
|
properties:
|
|
insecureSkipVerify:
|
|
description: InsecureSkipVerify may be set to false
|
|
to skip verifying the registry's certificate, default
|
|
is true.
|
|
type: boolean
|
|
tlsConfigSecret:
|
|
description: |-
|
|
TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt
|
|
which describe the TLS configuration necessary to connect to the registry.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: object
|
|
type: object
|
|
description: |-
|
|
Configs are configs for each registry.
|
|
The key is the FDQN or IP of the registry.
|
|
type: object
|
|
mirrors:
|
|
additionalProperties:
|
|
description: Mirror contains the config related to the registry
|
|
mirror.
|
|
properties:
|
|
endpoint:
|
|
description: |-
|
|
Endpoints are endpoints for a namespace. CRI plugin will try the endpoints
|
|
one by one until a working one is found. The endpoint must be a valid url
|
|
with host specified.
|
|
The scheme, host and path from the endpoint URL will be used.
|
|
items:
|
|
type: string
|
|
type: array
|
|
rewrite:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
Rewrites are repository rewrite rules for a namespace. When fetching image resources
|
|
from an endpoint and a key matches the repository via regular expression matching
|
|
it will be replaced with the corresponding value from the map in the resource request.
|
|
type: object
|
|
type: object
|
|
description: Mirrors are namespace to mirror mapping for all namespaces.
|
|
type: object
|
|
type: object
|
|
type: object
|
|
status:
|
|
description: RKE2ConfigStatus defines the observed state of RKE2Config.
|
|
properties:
|
|
conditions:
|
|
description: Conditions defines current service state of the RKE2Config.
|
|
items:
|
|
description: Condition defines an observation of a Cluster API resource
|
|
operational state.
|
|
properties:
|
|
lastTransitionTime:
|
|
description: |-
|
|
Last time the condition transitioned from one status to another.
|
|
This should be when the underlying condition changed. If that is not known, then using the time when
|
|
the API field changed is acceptable.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: |-
|
|
A human readable message indicating details about the transition.
|
|
This field may be empty.
|
|
type: string
|
|
reason:
|
|
description: |-
|
|
The reason for the condition's last transition in CamelCase.
|
|
The specific API may choose whether or not this field is considered a guaranteed API.
|
|
This field may not be empty.
|
|
type: string
|
|
severity:
|
|
description: |-
|
|
Severity provides an explicit classification of Reason code, so the users or machines can immediately
|
|
understand the current situation and act accordingly.
|
|
The Severity field MUST be set only when Status=False.
|
|
type: string
|
|
status:
|
|
description: Status of the condition, one of True, False, Unknown.
|
|
type: string
|
|
type:
|
|
description: |-
|
|
Type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
|
|
can be useful (see .node.status.conditions), the ability to deconflict is important.
|
|
type: string
|
|
required:
|
|
- lastTransitionTime
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
dataSecretName:
|
|
description: DataSecretName is the name of the secret that stores
|
|
the bootstrap data script.
|
|
type: string
|
|
failureMessage:
|
|
description: FailureMessage will be set on non-retryable errors.
|
|
type: string
|
|
failureReason:
|
|
description: FailureReason will be set on non-retryable errors.
|
|
type: string
|
|
observedGeneration:
|
|
description: ObservedGeneration is the latest generation observed
|
|
by the controller.
|
|
format: int64
|
|
type: integer
|
|
ready:
|
|
description: Ready indicates the BootstrapData field is ready to be
|
|
consumed.
|
|
type: boolean
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
|
|
controller-gen.kubebuilder.io/version: v0.14.0
|
|
labels:
|
|
cluster.x-k8s.io/provider: bootstrap-rke2
|
|
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
|
|
name: rke2configtemplates.bootstrap.cluster.x-k8s.io
|
|
spec:
|
|
conversion:
|
|
strategy: Webhook
|
|
webhook:
|
|
clientConfig:
|
|
caBundle: Cg==
|
|
service:
|
|
name: rke2-bootstrap-webhook-service
|
|
namespace: rke2-bootstrap-system
|
|
path: /convert
|
|
conversionReviewVersions:
|
|
- v1
|
|
group: bootstrap.cluster.x-k8s.io
|
|
names:
|
|
kind: RKE2ConfigTemplate
|
|
listKind: RKE2ConfigTemplateList
|
|
plural: rke2configtemplates
|
|
singular: rke2configtemplate
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: RKE2ConfigTemplate is the Schema for the RKE2configtemplates
|
|
API.
|
|
properties:
|
|
apiVersion:
|
|
description: |-
|
|
APIVersion defines the versioned schema of this representation of an object.
|
|
Servers should convert recognized schemas to the latest internal value, and
|
|
may reject unrecognized values.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind is a string value representing the REST resource this object represents.
|
|
Servers may infer this from the endpoint the client submits requests to.
|
|
Cannot be updated.
|
|
In CamelCase.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: Spec details the RKE2ConfigTemplate specification.
|
|
properties:
|
|
template:
|
|
description: "Template references a RKE2ConfigTemplate, which is used
|
|
to include an RKE2ConfigSpec struct.\n\tThis is used to include
|
|
a desired RKE2ConfigSpec configuration when an RKE2Config resource
|
|
is generated by a MachineDeployment resource."
|
|
properties:
|
|
spec:
|
|
description: Spec is the RKE2ConfigSpec that should be used for
|
|
the template.
|
|
properties:
|
|
agentConfig:
|
|
description: AgentConfig specifies configuration for the agent
|
|
nodes.
|
|
properties:
|
|
additionalUserData:
|
|
description: |-
|
|
AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the
|
|
generated cloud-init/ignition script.
|
|
properties:
|
|
config:
|
|
description: |-
|
|
In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
|
|
NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp".
|
|
Deprecated: Data is reserved for the arbitrary cloud-init data
|
|
type: string
|
|
data:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
Data allows to pass arbitrary set of key/value pairs consistent with
|
|
https://cloudinit.readthedocs.io/en/latest/reference/modules.html
|
|
to extend existing cloud-init configuration
|
|
type: object
|
|
strict:
|
|
description: Strict controls if Config should be strictly
|
|
parsed. If so, warnings are treated as errors.
|
|
type: boolean
|
|
type: object
|
|
x-kubernetes-validations:
|
|
- message: Only config or data could be populated at once
|
|
rule: '!has(self.data) || !has(self.config)'
|
|
airGapped:
|
|
description: |-
|
|
AirGapped is a boolean value to define if the bootstrapping should be air-gapped,
|
|
basically supposing that online container registries and RKE2 install scripts are not reachable.
|
|
type: boolean
|
|
cisProfile:
|
|
description: CISProfile activates CIS compliance of RKE2
|
|
for a certain profile
|
|
enum:
|
|
- cis
|
|
- cis-1.23
|
|
- cis-1.5
|
|
- cis-1.6
|
|
type: string
|
|
containerRuntimeEndpoint:
|
|
description: ContainerRuntimeEndpoint Disable embedded
|
|
containerd and use alternative CRI implementation.
|
|
type: string
|
|
dataDir:
|
|
description: DataDir Folder to hold state.
|
|
type: string
|
|
enableContainerdSElinux:
|
|
description: |-
|
|
EnableContainerdSElinux defines the policy for enabling SELinux for Containerd
|
|
if value is true, Containerd will run with selinux-enabled=true flag
|
|
if value is false, Containerd will run without the above flag
|
|
type: boolean
|
|
format:
|
|
description: Format specifies the output format of the
|
|
bootstrap data. Defaults to cloud-config.
|
|
enum:
|
|
- cloud-config
|
|
- ignition
|
|
type: string
|
|
imageCredentialProviderConfigMap:
|
|
description: |-
|
|
ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config
|
|
The config map should contain a key "credential-config.yaml" with YAML file content and
|
|
a key "credential-provider-binaries" with the a path to the binaries for the credential provider.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
kubeProxy:
|
|
description: KubeProxyArgs Customized flag for kube-proxy
|
|
process.
|
|
properties:
|
|
extraArgs:
|
|
description: 'ExtraArgs is a list of command line
|
|
arguments (format: flag=value) to pass to a Kubernetes
|
|
Component command.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
extraEnv:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraEnv is a map of environment variables
|
|
to pass on to a Kubernetes Component command.
|
|
type: object
|
|
extraMounts:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraMounts is a map of volume mounts
|
|
to be added for the Kubernetes component StaticPod
|
|
type: object
|
|
overrideImage:
|
|
description: OverrideImage is a string that references
|
|
a container image to override the default one for
|
|
the Kubernetes Component
|
|
type: string
|
|
type: object
|
|
kubelet:
|
|
description: KubeletArgs Customized flag for kubelet process.
|
|
properties:
|
|
extraArgs:
|
|
description: 'ExtraArgs is a list of command line
|
|
arguments (format: flag=value) to pass to a Kubernetes
|
|
Component command.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
extraEnv:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraEnv is a map of environment variables
|
|
to pass on to a Kubernetes Component command.
|
|
type: object
|
|
extraMounts:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraMounts is a map of volume mounts
|
|
to be added for the Kubernetes component StaticPod
|
|
type: object
|
|
overrideImage:
|
|
description: OverrideImage is a string that references
|
|
a container image to override the default one for
|
|
the Kubernetes Component
|
|
type: string
|
|
type: object
|
|
kubeletPath:
|
|
description: KubeletPath Override kubelet binary path.
|
|
type: string
|
|
loadBalancerPort:
|
|
description: |-
|
|
LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are
|
|
not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444).
|
|
type: integer
|
|
nodeAnnotations:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
NodeAnnotations are annotations that are created on nodes post bootstrap phase.
|
|
Unfortunately it is not possible to apply annotations via kubelet
|
|
using current bootstrap configurations.
|
|
Issue: https://github.com/kubernetes/kubernetes/issues/108046
|
|
type: object
|
|
nodeLabels:
|
|
description: NodeLabels Registering and starting kubelet
|
|
with set of labels.
|
|
items:
|
|
type: string
|
|
type: array
|
|
nodeName:
|
|
description: NodeNamePrefix Prefix to the Node Name that
|
|
CAPI will generate.
|
|
type: string
|
|
nodeTaints:
|
|
description: NodeTaints Registering kubelet with set of
|
|
taints.
|
|
items:
|
|
type: string
|
|
type: array
|
|
ntp:
|
|
description: NTP specifies NTP configuration
|
|
properties:
|
|
enabled:
|
|
description: Enabled specifies whether NTP should
|
|
be enabled
|
|
type: boolean
|
|
servers:
|
|
description: Servers specifies which NTP servers to
|
|
use
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
protectKernelDefaults:
|
|
description: |-
|
|
ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
|
|
if false, kernel tunable can be different from kubelet defaults
|
|
type: boolean
|
|
resolvConf:
|
|
description: ResolvConf is a reference to a ConfigMap
|
|
containing resolv.conf content for the node.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
runtimeImage:
|
|
description: RuntimeImage override image to use for runtime
|
|
binaries (containerd, kubectl, crictl, etc).
|
|
type: string
|
|
snapshotter:
|
|
description: 'Snapshotter override default containerd
|
|
snapshotter (default: "overlayfs").'
|
|
type: string
|
|
systemDefaultRegistry:
|
|
description: SystemDefaultRegistry Private registry to
|
|
be used for all system images.
|
|
type: string
|
|
version:
|
|
description: Version specifies the rke2 version.
|
|
type: string
|
|
type: object
|
|
files:
|
|
description: Files specifies extra files to be passed to user_data
|
|
upon creation.
|
|
items:
|
|
description: File defines the input for generating write_files
|
|
in cloud-init.
|
|
properties:
|
|
content:
|
|
description: Content is the actual content of the file.
|
|
type: string
|
|
contentFrom:
|
|
description: ContentFrom is a referenced source of content
|
|
to populate the file.
|
|
properties:
|
|
secret:
|
|
description: SecretFileSource represents a secret
|
|
that should populate this file.
|
|
properties:
|
|
key:
|
|
description: Key is the key in the secret's
|
|
data map for this value.
|
|
type: string
|
|
name:
|
|
description: Name of the secret in the RKE2BootstrapConfig's
|
|
namespace to use.
|
|
type: string
|
|
required:
|
|
- key
|
|
- name
|
|
type: object
|
|
required:
|
|
- secret
|
|
type: object
|
|
encoding:
|
|
description: Encoding specifies the encoding of the
|
|
file contents.
|
|
enum:
|
|
- base64
|
|
- gzip
|
|
- gzip+base64
|
|
type: string
|
|
owner:
|
|
description: Owner specifies the ownership of the file,
|
|
e.g. "root:root".
|
|
type: string
|
|
path:
|
|
description: Path specifies the full path on disk where
|
|
to store the file.
|
|
type: string
|
|
permissions:
|
|
description: Permissions specifies the permissions to
|
|
assign to the file, e.g. "0640".
|
|
type: string
|
|
required:
|
|
- path
|
|
type: object
|
|
type: array
|
|
postRKE2Commands:
|
|
description: PostRKE2Commands specifies extra commands to
|
|
run after rke2 setup runs.
|
|
items:
|
|
type: string
|
|
type: array
|
|
preRKE2Commands:
|
|
description: PreRKE2Commands specifies extra commands to run
|
|
before rke2 setup runs.
|
|
items:
|
|
type: string
|
|
type: array
|
|
privateRegistriesConfig:
|
|
description: PrivateRegistriesConfig defines the containerd
|
|
configuration for private registries and local registry
|
|
mirrors.
|
|
properties:
|
|
configs:
|
|
additionalProperties:
|
|
description: RegistryConfig contains configuration used
|
|
to communicate with the registry.
|
|
properties:
|
|
authSecret:
|
|
description: |-
|
|
Auth si a reference to a Secret containing information to authenticate to the registry.
|
|
The Secret must provite a username and a password data entry.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
tls:
|
|
description: |-
|
|
TLS is a pair of CA/Cert/Key which then are used when creating the transport
|
|
that communicates with the registry.
|
|
properties:
|
|
insecureSkipVerify:
|
|
description: InsecureSkipVerify may be set to
|
|
false to skip verifying the registry's certificate,
|
|
default is true.
|
|
type: boolean
|
|
tlsConfigSecret:
|
|
description: |-
|
|
TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt
|
|
which describe the TLS configuration necessary to connect to the registry.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: object
|
|
type: object
|
|
description: |-
|
|
Configs are configs for each registry.
|
|
The key is the FDQN or IP of the registry.
|
|
type: object
|
|
mirrors:
|
|
additionalProperties:
|
|
description: Mirror contains the config related to the
|
|
registry mirror.
|
|
properties:
|
|
endpoint:
|
|
description: |-
|
|
Endpoints are endpoints for a namespace. CRI plugin will try the endpoints
|
|
one by one until a working one is found. The endpoint must be a valid url
|
|
with host specified.
|
|
The scheme, host and path from the endpoint URL will be used.
|
|
items:
|
|
type: string
|
|
type: array
|
|
rewrite:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
Rewrites are repository rewrite rules for a namespace. When fetching image resources
|
|
from an endpoint and a key matches the repository via regular expression matching
|
|
it will be replaced with the corresponding value from the map in the resource request.
|
|
type: object
|
|
type: object
|
|
description: Mirrors are namespace to mirror mapping for
|
|
all namespaces.
|
|
type: object
|
|
type: object
|
|
type: object
|
|
required:
|
|
- spec
|
|
type: object
|
|
required:
|
|
- template
|
|
type: object
|
|
required:
|
|
- spec
|
|
type: object
|
|
served: true
|
|
storage: false
|
|
subresources:
|
|
status: {}
|
|
- name: v1beta1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: RKE2ConfigTemplate is the Schema for the RKE2configtemplates
|
|
API.
|
|
properties:
|
|
apiVersion:
|
|
description: |-
|
|
APIVersion defines the versioned schema of this representation of an object.
|
|
Servers should convert recognized schemas to the latest internal value, and
|
|
may reject unrecognized values.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind is a string value representing the REST resource this object represents.
|
|
Servers may infer this from the endpoint the client submits requests to.
|
|
Cannot be updated.
|
|
In CamelCase.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: Spec details the RKE2ConfigTemplate specification.
|
|
properties:
|
|
template:
|
|
description: "Template references a RKE2ConfigTemplate, which is used
|
|
to include an RKE2ConfigSpec struct.\n\tThis is used to include
|
|
a desired RKE2ConfigSpec configuration when an RKE2Config resource
|
|
is generated by a MachineDeployment resource."
|
|
properties:
|
|
spec:
|
|
description: Spec is the RKE2ConfigSpec that should be used for
|
|
the template.
|
|
properties:
|
|
agentConfig:
|
|
description: AgentConfig specifies configuration for the agent
|
|
nodes.
|
|
properties:
|
|
additionalUserData:
|
|
description: |-
|
|
AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the
|
|
generated cloud-init/ignition script.
|
|
properties:
|
|
config:
|
|
description: |-
|
|
In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
|
|
NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp".
|
|
type: string
|
|
data:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
Data allows to pass arbitrary set of key/value pairs consistent with
|
|
https://cloudinit.readthedocs.io/en/latest/reference/modules.html
|
|
to extend existing cloud-init configuration
|
|
type: object
|
|
strict:
|
|
description: Strict controls if Config should be strictly
|
|
parsed. If so, warnings are treated as errors.
|
|
type: boolean
|
|
type: object
|
|
x-kubernetes-validations:
|
|
- message: Only config or data could be populated at once
|
|
rule: '!has(self.data) || !has(self.config)'
|
|
airGapped:
|
|
description: |-
|
|
AirGapped is a boolean value to define if the bootstrapping should be air-gapped,
|
|
basically supposing that online container registries and RKE2 install scripts are not reachable.
|
|
type: boolean
|
|
airGappedChecksum:
|
|
description: |-
|
|
AirGappedChecksum is a string value with a sha256sum checksum to compare with checksum
|
|
of existing sha256sum-<arch>.txt file for packages already available on the machine
|
|
before performing air-gapped installation.
|
|
type: string
|
|
cisProfile:
|
|
description: CISProfile activates CIS compliance of RKE2
|
|
for a certain profile
|
|
enum:
|
|
- cis
|
|
- cis-1.23
|
|
- cis-1.5
|
|
- cis-1.6
|
|
type: string
|
|
containerRuntimeEndpoint:
|
|
description: ContainerRuntimeEndpoint Disable embedded
|
|
containerd and use alternative CRI implementation.
|
|
type: string
|
|
dataDir:
|
|
description: DataDir Folder to hold state.
|
|
type: string
|
|
enableContainerdSElinux:
|
|
description: |-
|
|
EnableContainerdSElinux defines the policy for enabling SELinux for Containerd
|
|
if value is true, Containerd will run with selinux-enabled=true flag
|
|
if value is false, Containerd will run without the above flag
|
|
type: boolean
|
|
format:
|
|
description: Format specifies the output format of the
|
|
bootstrap data. Defaults to cloud-config.
|
|
enum:
|
|
- cloud-config
|
|
- ignition
|
|
type: string
|
|
imageCredentialProviderConfigMap:
|
|
description: |-
|
|
ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config
|
|
The config map should contain a key "credential-config.yaml" with YAML file content and
|
|
a key "credential-provider-binaries" with the a path to the binaries for the credential provider.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
kubeProxy:
|
|
description: KubeProxyArgs Customized flag for kube-proxy
|
|
process.
|
|
properties:
|
|
extraArgs:
|
|
description: 'ExtraArgs is a list of command line
|
|
arguments (format: flag=value) to pass to a Kubernetes
|
|
Component command.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
extraEnv:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraEnv is a map of environment variables
|
|
to pass on to a Kubernetes Component command.
|
|
type: object
|
|
extraMounts:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraMounts is a map of volume mounts
|
|
to be added for the Kubernetes component StaticPod
|
|
type: object
|
|
overrideImage:
|
|
description: OverrideImage is a string that references
|
|
a container image to override the default one for
|
|
the Kubernetes Component
|
|
type: string
|
|
type: object
|
|
kubelet:
|
|
description: KubeletArgs Customized flag for kubelet process.
|
|
properties:
|
|
extraArgs:
|
|
description: 'ExtraArgs is a list of command line
|
|
arguments (format: flag=value) to pass to a Kubernetes
|
|
Component command.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
extraEnv:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraEnv is a map of environment variables
|
|
to pass on to a Kubernetes Component command.
|
|
type: object
|
|
extraMounts:
|
|
additionalProperties:
|
|
type: string
|
|
description: ExtraMounts is a map of volume mounts
|
|
to be added for the Kubernetes component StaticPod
|
|
type: object
|
|
overrideImage:
|
|
description: OverrideImage is a string that references
|
|
a container image to override the default one for
|
|
the Kubernetes Component
|
|
type: string
|
|
type: object
|
|
kubeletPath:
|
|
description: KubeletPath Override kubelet binary path.
|
|
type: string
|
|
loadBalancerPort:
|
|
description: |-
|
|
LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are
|
|
not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444).
|
|
type: integer
|
|
nodeAnnotations:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
NodeAnnotations are annotations that are created on nodes post bootstrap phase.
|
|
Unfortunately it is not possible to apply annotations via kubelet
|
|
using current bootstrap configurations.
|
|
Issue: https://github.com/kubernetes/kubernetes/issues/108046
|
|
type: object
|
|
nodeLabels:
|
|
description: NodeLabels Registering and starting kubelet
|
|
with set of labels.
|
|
items:
|
|
type: string
|
|
type: array
|
|
nodeName:
|
|
description: NodeNamePrefix Prefix to the Node Name that
|
|
CAPI will generate.
|
|
type: string
|
|
nodeTaints:
|
|
description: NodeTaints Registering kubelet with set of
|
|
taints.
|
|
items:
|
|
type: string
|
|
type: array
|
|
ntp:
|
|
description: NTP specifies NTP configuration
|
|
properties:
|
|
enabled:
|
|
description: Enabled specifies whether NTP should
|
|
be enabled
|
|
type: boolean
|
|
servers:
|
|
description: Servers specifies which NTP servers to
|
|
use
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
podSecurityAdmissionConfigFile:
|
|
description: |-
|
|
PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through
|
|
spec.Files field.
|
|
type: string
|
|
protectKernelDefaults:
|
|
description: |-
|
|
ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
|
|
if false, kernel tunable can be different from kubelet defaults
|
|
type: boolean
|
|
resolvConf:
|
|
description: ResolvConf is a reference to a ConfigMap
|
|
containing resolv.conf content for the node.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
runtimeImage:
|
|
description: RuntimeImage override image to use for runtime
|
|
binaries (containerd, kubectl, crictl, etc).
|
|
type: string
|
|
snapshotter:
|
|
description: 'Snapshotter override default containerd
|
|
snapshotter (default: "overlayfs").'
|
|
type: string
|
|
systemDefaultRegistry:
|
|
description: SystemDefaultRegistry Private registry to
|
|
be used for all system images.
|
|
type: string
|
|
type: object
|
|
files:
|
|
description: Files specifies extra files to be passed to user_data
|
|
upon creation.
|
|
items:
|
|
description: File defines the input for generating write_files
|
|
in cloud-init.
|
|
properties:
|
|
content:
|
|
description: Content is the actual content of the file.
|
|
type: string
|
|
contentFrom:
|
|
description: ContentFrom is a referenced source of content
|
|
to populate the file.
|
|
properties:
|
|
secret:
|
|
description: SecretFileSource represents a secret
|
|
that should populate this file.
|
|
properties:
|
|
key:
|
|
description: Key is the key in the secret's
|
|
data map for this value.
|
|
type: string
|
|
name:
|
|
description: Name of the secret in the RKE2BootstrapConfig's
|
|
namespace to use.
|
|
type: string
|
|
required:
|
|
- key
|
|
- name
|
|
type: object
|
|
required:
|
|
- secret
|
|
type: object
|
|
encoding:
|
|
description: Encoding specifies the encoding of the
|
|
file contents.
|
|
enum:
|
|
- base64
|
|
- gzip
|
|
- gzip+base64
|
|
type: string
|
|
owner:
|
|
description: Owner specifies the ownership of the file,
|
|
e.g. "root:root".
|
|
type: string
|
|
path:
|
|
description: Path specifies the full path on disk where
|
|
to store the file.
|
|
type: string
|
|
permissions:
|
|
description: Permissions specifies the permissions to
|
|
assign to the file, e.g. "0640".
|
|
type: string
|
|
required:
|
|
- path
|
|
type: object
|
|
type: array
|
|
postRKE2Commands:
|
|
description: PostRKE2Commands specifies extra commands to
|
|
run after rke2 setup runs.
|
|
items:
|
|
type: string
|
|
type: array
|
|
preRKE2Commands:
|
|
description: PreRKE2Commands specifies extra commands to run
|
|
before rke2 setup runs.
|
|
items:
|
|
type: string
|
|
type: array
|
|
privateRegistriesConfig:
|
|
description: PrivateRegistriesConfig defines the containerd
|
|
configuration for private registries and local registry
|
|
mirrors.
|
|
properties:
|
|
configs:
|
|
additionalProperties:
|
|
description: RegistryConfig contains configuration used
|
|
to communicate with the registry.
|
|
properties:
|
|
authSecret:
|
|
description: |-
|
|
Auth is a reference to a Secret containing information to authenticate to the registry.
|
|
The Secret must provite a username and a password data entry.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
tls:
|
|
description: |-
|
|
TLS is a pair of CA/Cert/Key which then are used when creating the transport
|
|
that communicates with the registry.
|
|
properties:
|
|
insecureSkipVerify:
|
|
description: InsecureSkipVerify may be set to
|
|
false to skip verifying the registry's certificate,
|
|
default is true.
|
|
type: boolean
|
|
tlsConfigSecret:
|
|
description: |-
|
|
TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt
|
|
which describe the TLS configuration necessary to connect to the registry.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: |-
|
|
If referring to a piece of an object instead of an entire object, this string
|
|
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within a pod, this would take on a value like:
|
|
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]" (container with
|
|
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
|
referencing a part of an object.
|
|
TODO: this design is not final and this field is subject to change in the future.
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind of the referent.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
|
type: string
|
|
resourceVersion:
|
|
description: |-
|
|
Specific resourceVersion to which this reference is made, if any.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID of the referent.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: object
|
|
type: object
|
|
description: |-
|
|
Configs are configs for each registry.
|
|
The key is the FDQN or IP of the registry.
|
|
type: object
|
|
mirrors:
|
|
additionalProperties:
|
|
description: Mirror contains the config related to the
|
|
registry mirror.
|
|
properties:
|
|
endpoint:
|
|
description: |-
|
|
Endpoints are endpoints for a namespace. CRI plugin will try the endpoints
|
|
one by one until a working one is found. The endpoint must be a valid url
|
|
with host specified.
|
|
The scheme, host and path from the endpoint URL will be used.
|
|
items:
|
|
type: string
|
|
type: array
|
|
rewrite:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
Rewrites are repository rewrite rules for a namespace. When fetching image resources
|
|
from an endpoint and a key matches the repository via regular expression matching
|
|
it will be replaced with the corresponding value from the map in the resource request.
|
|
type: object
|
|
type: object
|
|
description: Mirrors are namespace to mirror mapping for
|
|
all namespaces.
|
|
type: object
|
|
type: object
|
|
type: object
|
|
required:
|
|
- spec
|
|
type: object
|
|
required:
|
|
- template
|
|
type: object
|
|
required:
|
|
- spec
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
labels:
|
|
cluster.x-k8s.io/provider: bootstrap-rke2
|
|
name: rke2-bootstrap-manager
|
|
namespace: rke2-bootstrap-system
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
labels:
|
|
cluster.x-k8s.io/provider: bootstrap-rke2
|
|
name: rke2-bootstrap-leader-election-role
|
|
namespace: rke2-bootstrap-system
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- configmaps
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- update
|
|
- patch
|
|
- delete
|
|
- apiGroups:
|
|
- coordination.k8s.io
|
|
resources:
|
|
- leases
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- update
|
|
- patch
|
|
- delete
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- events
|
|
verbs:
|
|
- create
|
|
- patch
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
labels:
|
|
cluster.x-k8s.io/provider: bootstrap-rke2
|
|
name: rke2-bootstrap-manager-role
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- configmaps
|
|
- events
|
|
- secrets
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- authentication.k8s.io
|
|
resources:
|
|
- tokenreviews
|
|
verbs:
|
|
- create
|
|
- apiGroups:
|
|
- authorization.k8s.io
|
|
resources:
|
|
- subjectaccessreviews
|
|
verbs:
|
|
- create
|
|
- apiGroups:
|
|
- bootstrap.cluster.x-k8s.io
|
|
resources:
|
|
- rke2configs
|
|
- rke2configs/finalizers
|
|
- rke2configs/status
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- cluster.x-k8s.io
|
|
resources:
|
|
- clusters
|
|
- clusters/status
|
|
- machinepools
|
|
- machinepools/status
|
|
- machines
|
|
- machines/status
|
|
- machinesets
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- controlplane.cluster.x-k8s.io
|
|
resources:
|
|
- rke2controlplanes
|
|
- rke2controlplanes/status
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
labels:
|
|
cluster.x-k8s.io/provider: bootstrap-rke2
|
|
name: rke2-bootstrap-leader-election-rolebinding
|
|
namespace: rke2-bootstrap-system
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: rke2-bootstrap-leader-election-role
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: rke2-bootstrap-manager
|
|
namespace: rke2-bootstrap-system
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
labels:
|
|
cluster.x-k8s.io/provider: bootstrap-rke2
|
|
name: rke2-bootstrap-manager-rolebinding
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: rke2-bootstrap-manager-role
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: rke2-bootstrap-manager
|
|
namespace: rke2-bootstrap-system
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
labels:
|
|
cluster.x-k8s.io/provider: bootstrap-rke2
|
|
name: rke2-bootstrap-webhook-service
|
|
namespace: rke2-bootstrap-system
|
|
spec:
|
|
ports:
|
|
- port: 443
|
|
targetPort: webhook-server
|
|
selector:
|
|
cluster.x-k8s.io/provider: bootstrap-rke2
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
cluster.x-k8s.io/provider: bootstrap-rke2
|
|
control-plane: controller-manager
|
|
name: rke2-bootstrap-controller-manager
|
|
namespace: rke2-bootstrap-system
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
cluster.x-k8s.io/provider: bootstrap-rke2
|
|
control-plane: controller-manager
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
kubectl.kubernetes.io/default-container: manager
|
|
labels:
|
|
cluster.x-k8s.io/provider: bootstrap-rke2
|
|
control-plane: controller-manager
|
|
spec:
|
|
containers:
|
|
- args:
|
|
- --leader-elect
|
|
- --diagnostics-address=${CAPRKE2_DIAGNOSTICS_ADDRESS:=:8443}
|
|
- --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
|
|
command:
|
|
- /manager
|
|
image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.8.0
|
|
imagePullPolicy: IfNotPresent
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: healthz
|
|
name: manager
|
|
ports:
|
|
- containerPort: 9443
|
|
name: webhook-server
|
|
protocol: TCP
|
|
- containerPort: 9440
|
|
name: healthz
|
|
protocol: TCP
|
|
- containerPort: 8443
|
|
name: metrics
|
|
protocol: TCP
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /readyz
|
|
port: healthz
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
privileged: false
|
|
runAsGroup: 65532
|
|
runAsUser: 65532
|
|
volumeMounts:
|
|
- mountPath: /tmp/k8s-webhook-server/serving-certs
|
|
name: cert
|
|
readOnly: true
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
serviceAccountName: rke2-bootstrap-manager
|
|
terminationGracePeriodSeconds: 10
|
|
tolerations:
|
|
- effect: NoSchedule
|
|
key: node-role.kubernetes.io/master
|
|
- effect: NoSchedule
|
|
key: node-role.kubernetes.io/control-plane
|
|
volumes:
|
|
- name: cert
|
|
secret:
|
|
secretName: rke2-bootstrap-webhook-service-cert
|
|
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
labels:
|
|
cluster.x-k8s.io/provider: bootstrap-rke2
|
|
name: rke2-bootstrap-serving-cert
|
|
namespace: rke2-bootstrap-system
|
|
spec:
|
|
dnsNames:
|
|
- rke2-bootstrap-webhook-service.rke2-bootstrap-system.svc
|
|
- rke2-bootstrap-webhook-service.rke2-bootstrap-system.svc.cluster.local
|
|
issuerRef:
|
|
kind: Issuer
|
|
name: rke2-bootstrap-selfsigned-issuer
|
|
secretName: rke2-bootstrap-webhook-service-cert
|
|
subject:
|
|
organizations:
|
|
- Rancher by SUSE
|
|
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Issuer
|
|
metadata:
|
|
labels:
|
|
cluster.x-k8s.io/provider: bootstrap-rke2
|
|
name: rke2-bootstrap-selfsigned-issuer
|
|
namespace: rke2-bootstrap-system
|
|
spec:
|
|
selfSigned: {}
|
|
---
|
|
apiVersion: admissionregistration.k8s.io/v1
|
|
kind: MutatingWebhookConfiguration
|
|
metadata:
|
|
annotations:
|
|
cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
|
|
labels:
|
|
cluster.x-k8s.io/provider: bootstrap-rke2
|
|
name: rke2-bootstrap-mutating-webhook-configuration
|
|
webhooks:
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
name: rke2-bootstrap-webhook-service
|
|
namespace: rke2-bootstrap-system
|
|
path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-rke2config
|
|
failurePolicy: Fail
|
|
name: mrke2config.kb.io
|
|
rules:
|
|
- apiGroups:
|
|
- bootstrap.cluster.x-k8s.io
|
|
apiVersions:
|
|
- v1beta1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- rke2configs
|
|
sideEffects: None
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
name: rke2-bootstrap-webhook-service
|
|
namespace: rke2-bootstrap-system
|
|
path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-rke2configtemplate
|
|
failurePolicy: Fail
|
|
name: mrke2configtemplate.kb.io
|
|
rules:
|
|
- apiGroups:
|
|
- bootstrap.cluster.x-k8s.io
|
|
apiVersions:
|
|
- v1beta1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- rke2configtemplates
|
|
sideEffects: None
|
|
---
|
|
apiVersion: admissionregistration.k8s.io/v1
|
|
kind: ValidatingWebhookConfiguration
|
|
metadata:
|
|
annotations:
|
|
cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
|
|
labels:
|
|
cluster.x-k8s.io/provider: bootstrap-rke2
|
|
name: rke2-bootstrap-validating-webhook-configuration
|
|
webhooks:
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
name: rke2-bootstrap-webhook-service
|
|
namespace: rke2-bootstrap-system
|
|
path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-rke2config
|
|
failurePolicy: Fail
|
|
name: vrke2config.kb.io
|
|
rules:
|
|
- apiGroups:
|
|
- bootstrap.cluster.x-k8s.io
|
|
apiVersions:
|
|
- v1beta1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- rke2configs
|
|
sideEffects: None
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
name: rke2-bootstrap-webhook-service
|
|
namespace: rke2-bootstrap-system
|
|
path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-rke2configtemplate
|
|
failurePolicy: Fail
|
|
name: vrke2configtemplate.kb.io
|
|
rules:
|
|
- apiGroups:
|
|
- bootstrap.cluster.x-k8s.io
|
|
apiVersions:
|
|
- v1beta1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- rke2configtemplates
|
|
sideEffects: None
|
|
metadata: |
|
|
# maps release series of major.minor to cluster-api contract version
|
|
# the contract version may change between minor or major versions, but *not*
|
|
# between patch versions.
|
|
#
|
|
# update this file only when a new major or minor version is released
|
|
apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3
|
|
kind: Metadata
|
|
releaseSeries:
|
|
- major: 0
|
|
minor: 1
|
|
contract: v1beta1
|
|
- major: 0
|
|
minor: 2
|
|
contract: v1beta1
|
|
- major: 0
|
|
minor: 3
|
|
contract: v1beta1
|
|
- major: 0
|
|
minor: 4
|
|
contract: v1beta1
|
|
- major: 0
|
|
minor: 5
|
|
contract: v1beta1
|
|
- major: 0
|
|
minor: 6
|
|
contract: v1beta1
|
|
- major: 0
|
|
minor: 7
|
|
contract: v1beta1
|
|
- major: 0
|
|
minor: 8
|
|
contract: v1beta1
|
|
kind: ConfigMap
|
|
metadata:
|
|
creationTimestamp: null
|
|
name: v0.8.0
|
|
namespace: rke2-bootstrap-system
|
|
labels:
|
|
provider-components: rke2-bootstrap
|