Factory/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml
Steven Hardy 856ec2ac8e
All checks were successful
OBS: hauler - standard/x86_64
OBS SCM/CI Workflow Integration started
OBS: akri-dashboard-extension-chart - charts/x86_64
OBS: akri-chart - charts/x86_64
OBS: autoconf - standard/x86_64
OBS: cdi-chart - charts/x86_64
OBS: autoconf - standard/aarch64
OBS: crudini - standard/x86_64
OBS: endpoint-copier-operator-chart - charts/x86_64
OBS: baremetal-operator - standard/x86_64
OBS: cluster-api-provider-metal3 - standard/x86_64
OBS: akri-onvif-discovery-handler-image - images/aarch64
OBS: ipcalc - standard/x86_64
OBS: cri-tools - standard/x86_64
OBS: fakeroot - standard/x86_64
OBS: cosign - standard/x86_64
OBS: akri-debug-echo-discovery-handler-image - images/aarch64
OBS: endpoint-copier-operator - standard/x86_64
OBS: baremetal-operator - standard/aarch64
OBS: edge-image-builder - standard/x86_64
OBS: kubectl - standard/x86_64
OBS: kubevirt-chart - charts/x86_64
OBS: ip-address-manager - standard/x86_64
OBS: kubevirt-dashboard-extension-chart - charts/x86_64
OBS: frr-k8s - standard/x86_64
OBS: metal3-chart - charts/x86_64
OBS: metallb-chart - charts/x86_64
OBS: obs-service-set_version - standard/x86_64
OBS: frr-image - images/x86_64
OBS: kiwi-builder-image - images/x86_64
OBS: kube-rbac-proxy - standard/x86_64
OBS: rancher-turtles-airgap-resources-chart - charts/x86_64
OBS: sriov-crd-chart - charts/x86_64
OBS: rancher-turtles-chart - charts/x86_64
OBS: sriov-network-operator-chart - charts/x86_64
OBS: upgrade-controller-chart - charts/x86_64
OBS: metallb - standard/x86_64
OBS: release-manifest-image - images/x86_64
OBS: obs-service-set_version - standard/aarch64
OBS: upgrade-controller - standard/x86_64
OBS: nm-configurator - standard/x86_64
OBS: baremetal-operator-image - images/x86_64
OBS: endpoint-copier-operator-image - images/x86_64
OBS: cluster-api-provider-metal3-image - images/x86_64
OBS: akri-opcua-discovery-handler-image - images/aarch64
OBS: akri-controller-image - images/aarch64
OBS: kubectl-image - images/x86_64
OBS: akri-udev-discovery-handler-image - images/aarch64
OBS: akri - standard/x86_64
OBS: nm-configurator - standard/aarch64
OBS: ip-address-manager-image - images/x86_64
OBS: kube-rbac-proxy-image - images/x86_64
OBS: edge-image-builder-image - images/x86_64
OBS: metallb-speaker-image - images/x86_64
OBS: metallb-controller-image - images/x86_64
OBS: upgrade-controller-image - images/x86_64
OBS: cluster-api-provider-metal3 - standard/aarch64
OBS: ironic-image - images/x86_64
OBS: akri-webhook-configuration-image - images/aarch64
OBS: cri-tools - standard/aarch64
OBS: crudini - standard/aarch64
OBS: akri - standard/aarch64
OBS: cosign - standard/aarch64
OBS: frr-image - images/aarch64
OBS: ip-address-manager-image - images/aarch64
OBS: edge-image-builder-image - images/aarch64
OBS: edge-image-builder - standard/aarch64
OBS: endpoint-copier-operator - standard/aarch64
OBS: kiwi-builder-image - images/aarch64
OBS: ironic-ipa-ramdisk - standard/x86_64
OBS: ipcalc - standard/aarch64
OBS: frr-k8s - standard/aarch64
OBS: akri-debug-echo-discovery-handler-image - images/x86_64
OBS: akri-udev-discovery-handler-image - images/x86_64
OBS: ip-address-manager - standard/aarch64
OBS: akri-agent-image - images/x86_64
OBS: kube-rbac-proxy-image - images/aarch64
OBS: akri-opcua-discovery-handler-image - images/x86_64
OBS: akri-webhook-configuration-image - images/x86_64
OBS: akri-onvif-discovery-handler-image - images/x86_64
OBS: akri-controller-image - images/x86_64
OBS: kubectl-image - images/aarch64
OBS: fakeroot - standard/aarch64
OBS: metallb-controller-image - images/aarch64
OBS: ironic-ipa-downloader-image - images/x86_64
OBS: kubectl - standard/aarch64
OBS: kube-rbac-proxy - standard/aarch64
OBS: release-manifest-image - images/aarch64
OBS: metallb-speaker-image - images/aarch64
OBS: upgrade-controller - standard/aarch64
OBS: metallb - standard/aarch64
OBS: upgrade-controller-image - images/aarch64
OBS: hauler - standard/aarch64
OBS: endpoint-copier-operator-image - images/aarch64
OBS: akri-agent-image - images/aarch64
OBS: baremetal-operator-image - images/aarch64
OBS: cluster-api-provider-metal3-image - images/aarch64
rancher-turtles-airgap-resources-chart: Update to 0.14.1 upstream release
Aligns with https://github.com/suse-edge/charts/pull/174 which
rebases to 0.14.1, which is marked as compatible with Rancher 2.10
2024-12-05 11:35:05 +00:00

4524 lines
261 KiB
YAML

apiVersion: v1
kind: Namespace
metadata:
labels:
cluster.x-k8s.io/provider: control-plane-rke2
control-plane: controller-manager
name: rke2-control-plane-system
---
apiVersion: v1
data:
components: |
apiVersion: v1
kind: Namespace
metadata:
labels:
cluster.x-k8s.io/provider: control-plane-rke2
control-plane: controller-manager
name: rke2-control-plane-system
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
controller-gen.kubebuilder.io/version: v0.14.0
labels:
cluster.x-k8s.io/provider: control-plane-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
name: rke2controlplanes.controlplane.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
name: rke2-control-plane-webhook-service
namespace: rke2-control-plane-system
path: /convert
conversionReviewVersions:
- v1
- v1beta1
group: controlplane.cluster.x-k8s.io
names:
kind: RKE2ControlPlane
listKind: RKE2ControlPlaneList
plural: rke2controlplanes
singular: rke2controlplane
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: RKE2ControlPlane is the Schema for the rke2controlplanes API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: RKE2ControlPlaneSpec defines the desired state of RKE2ControlPlane.
properties:
agentConfig:
description: AgentConfig specifies configuration for the agent nodes.
properties:
additionalUserData:
description: |-
AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the
generated cloud-init/ignition script.
properties:
config:
description: |-
In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp".
Deprecated: Data is reserved for the arbitrary cloud-init data
type: string
data:
additionalProperties:
type: string
description: |-
Data allows to pass arbitrary set of key/value pairs consistent with
https://cloudinit.readthedocs.io/en/latest/reference/modules.html
to extend existing cloud-init configuration
type: object
strict:
description: Strict controls if Config should be strictly
parsed. If so, warnings are treated as errors.
type: boolean
type: object
x-kubernetes-validations:
- message: Only config or data could be populated at once
rule: '!has(self.data) || !has(self.config)'
airGapped:
description: |-
AirGapped is a boolean value to define if the bootstrapping should be air-gapped,
basically supposing that online container registries and RKE2 install scripts are not reachable.
type: boolean
cisProfile:
description: CISProfile activates CIS compliance of RKE2 for a
certain profile
enum:
- cis
- cis-1.23
- cis-1.5
- cis-1.6
type: string
containerRuntimeEndpoint:
description: ContainerRuntimeEndpoint Disable embedded containerd
and use alternative CRI implementation.
type: string
dataDir:
description: DataDir Folder to hold state.
type: string
enableContainerdSElinux:
description: |-
EnableContainerdSElinux defines the policy for enabling SELinux for Containerd
if value is true, Containerd will run with selinux-enabled=true flag
if value is false, Containerd will run without the above flag
type: boolean
format:
description: Format specifies the output format of the bootstrap
data. Defaults to cloud-config.
enum:
- cloud-config
- ignition
type: string
imageCredentialProviderConfigMap:
description: |-
ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config
The config map should contain a key "credential-config.yaml" with YAML file content and
a key "credential-provider-binaries" with the a path to the binaries for the credential provider.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
kubeProxy:
description: KubeProxyArgs Customized flag for kube-proxy process.
properties:
extraArgs:
description: 'ExtraArgs is a list of command line arguments
(format: flag=value) to pass to a Kubernetes Component command.'
items:
type: string
type: array
extraEnv:
additionalProperties:
type: string
description: ExtraEnv is a map of environment variables to
pass on to a Kubernetes Component command.
type: object
extraMounts:
additionalProperties:
type: string
description: ExtraMounts is a map of volume mounts to be added
for the Kubernetes component StaticPod
type: object
overrideImage:
description: OverrideImage is a string that references a container
image to override the default one for the Kubernetes Component
type: string
type: object
kubelet:
description: KubeletArgs Customized flag for kubelet process.
properties:
extraArgs:
description: 'ExtraArgs is a list of command line arguments
(format: flag=value) to pass to a Kubernetes Component command.'
items:
type: string
type: array
extraEnv:
additionalProperties:
type: string
description: ExtraEnv is a map of environment variables to
pass on to a Kubernetes Component command.
type: object
extraMounts:
additionalProperties:
type: string
description: ExtraMounts is a map of volume mounts to be added
for the Kubernetes component StaticPod
type: object
overrideImage:
description: OverrideImage is a string that references a container
image to override the default one for the Kubernetes Component
type: string
type: object
kubeletPath:
description: KubeletPath Override kubelet binary path.
type: string
loadBalancerPort:
description: |-
LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are
not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444).
type: integer
nodeAnnotations:
additionalProperties:
type: string
description: |-
NodeAnnotations are annotations that are created on nodes post bootstrap phase.
Unfortunately it is not possible to apply annotations via kubelet
using current bootstrap configurations.
Issue: https://github.com/kubernetes/kubernetes/issues/108046
type: object
nodeLabels:
description: NodeLabels Registering and starting kubelet with
set of labels.
items:
type: string
type: array
nodeName:
description: NodeNamePrefix Prefix to the Node Name that CAPI
will generate.
type: string
nodeTaints:
description: NodeTaints Registering kubelet with set of taints.
items:
type: string
type: array
ntp:
description: NTP specifies NTP configuration
properties:
enabled:
description: Enabled specifies whether NTP should be enabled
type: boolean
servers:
description: Servers specifies which NTP servers to use
items:
type: string
type: array
type: object
protectKernelDefaults:
description: |-
ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
if false, kernel tunable can be different from kubelet defaults
type: boolean
resolvConf:
description: ResolvConf is a reference to a ConfigMap containing
resolv.conf content for the node.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
runtimeImage:
description: RuntimeImage override image to use for runtime binaries
(containerd, kubectl, crictl, etc).
type: string
snapshotter:
description: 'Snapshotter override default containerd snapshotter
(default: "overlayfs").'
type: string
systemDefaultRegistry:
description: SystemDefaultRegistry Private registry to be used
for all system images.
type: string
version:
description: Version specifies the rke2 version.
type: string
type: object
files:
description: Files specifies extra files to be passed to user_data
upon creation.
items:
description: File defines the input for generating write_files in
cloud-init.
properties:
content:
description: Content is the actual content of the file.
type: string
contentFrom:
description: ContentFrom is a referenced source of content to
populate the file.
properties:
secret:
description: SecretFileSource represents a secret that should
populate this file.
properties:
key:
description: Key is the key in the secret's data map
for this value.
type: string
name:
description: Name of the secret in the RKE2BootstrapConfig's
namespace to use.
type: string
required:
- key
- name
type: object
required:
- secret
type: object
encoding:
description: Encoding specifies the encoding of the file contents.
enum:
- base64
- gzip
- gzip+base64
type: string
owner:
description: Owner specifies the ownership of the file, e.g.
"root:root".
type: string
path:
description: Path specifies the full path on disk where to store
the file.
type: string
permissions:
description: Permissions specifies the permissions to assign
to the file, e.g. "0640".
type: string
required:
- path
type: object
type: array
infrastructureRef:
description: |-
InfrastructureRef is a required reference to a custom resource
offered by an infrastructure provider.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
manifestsConfigMapReference:
description: |-
ManifestsConfigMapReference references a ConfigMap which contains Kubernetes manifests to be deployed automatically on the cluster
Each data entry in the ConfigMap will be will be copied to a folder on the control plane nodes that RKE2 scans and uses to deploy manifests.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
nodeDrainTimeout:
description: |-
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
The default value is 0, meaning that the node can be drained without any time limitations.
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
type: string
postRKE2Commands:
description: PostRKE2Commands specifies extra commands to run after
rke2 setup runs.
items:
type: string
type: array
preRKE2Commands:
description: PreRKE2Commands specifies extra commands to run before
rke2 setup runs.
items:
type: string
type: array
privateRegistriesConfig:
description: PrivateRegistriesConfig defines the containerd configuration
for private registries and local registry mirrors.
properties:
configs:
additionalProperties:
description: RegistryConfig contains configuration used to communicate
with the registry.
properties:
authSecret:
description: |-
Auth si a reference to a Secret containing information to authenticate to the registry.
The Secret must provite a username and a password data entry.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
tls:
description: |-
TLS is a pair of CA/Cert/Key which then are used when creating the transport
that communicates with the registry.
properties:
insecureSkipVerify:
description: InsecureSkipVerify may be set to false
to skip verifying the registry's certificate, default
is true.
type: boolean
tlsConfigSecret:
description: |-
TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt
which describe the TLS configuration necessary to connect to the registry.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
type: object
type: object
description: |-
Configs are configs for each registry.
The key is the FDQN or IP of the registry.
type: object
mirrors:
additionalProperties:
description: Mirror contains the config related to the registry
mirror.
properties:
endpoint:
description: |-
Endpoints are endpoints for a namespace. CRI plugin will try the endpoints
one by one until a working one is found. The endpoint must be a valid url
with host specified.
The scheme, host and path from the endpoint URL will be used.
items:
type: string
type: array
rewrite:
additionalProperties:
type: string
description: |-
Rewrites are repository rewrite rules for a namespace. When fetching image resources
from an endpoint and a key matches the repository via regular expression matching
it will be replaced with the corresponding value from the map in the resource request.
type: object
type: object
description: Mirrors are namespace to mirror mapping for all namespaces.
type: object
type: object
registrationAddress:
description: |-
RegistrationAddress is an explicit address to use when registering a node. This is required if
the registration type is "address". Its for scenarios where a load-balancer or VIP is used.
type: string
registrationMethod:
default: internal-first
description: RegistrationMethod is the method to use for registering
nodes into the RKE2 cluster.
enum:
- internal-first
- internal-only-ips
- external-only-ips
- address
type: string
replicas:
description: Replicas is the number of replicas for the Control Plane.
format: int32
type: integer
rolloutStrategy:
default:
rollingUpdate:
maxSurge: 1
type: RollingUpdate
description: The RolloutStrategy to use to replace control plane machines
with new ones.
properties:
rollingUpdate:
description: Rolling update config params. Present only if RolloutStrategyType
= RollingUpdate.
properties:
maxSurge:
anyOf:
- type: integer
- type: string
description: |-
The maximum number of control planes that can be scheduled above or under the
desired number of control planes.
Value can be an absolute number 1 or 0.
Defaults to 1.
Example: when this is set to 1, the control plane can be scaled
up immediately when the rolling update starts.
x-kubernetes-int-or-string: true
type: object
type:
description: |-
Type of rollout. Currently the only supported strategy is "RollingUpdate".
Default is RollingUpdate.
type: string
type: object
serverConfig:
description: ServerConfig specifies configuration for the agent nodes.
properties:
advertiseAddress:
description: 'AdvertiseAddress IP address that apiserver uses
to advertise to members of the cluster (default: node-external-ip/node-ip).'
type: string
auditPolicySecret:
description: AuditPolicySecret path to the file that defines the
audit policy configuration.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
bindAddress:
description: 'BindAddress describes the rke2 bind address (default:
0.0.0.0).'
type: string
cloudControllerManager:
description: CloudControllerManager defines optional custom configuration
of the Cloud Controller Manager.
properties:
extraArgs:
description: 'ExtraArgs is a list of command line arguments
(format: flag=value) to pass to a Kubernetes Component command.'
items:
type: string
type: array
extraEnv:
additionalProperties:
type: string
description: ExtraEnv is a map of environment variables to
pass on to a Kubernetes Component command.
type: object
extraMounts:
additionalProperties:
type: string
description: ExtraMounts is a map of volume mounts to be added
for the Kubernetes component StaticPod
type: object
overrideImage:
description: OverrideImage is a string that references a container
image to override the default one for the Kubernetes Component
type: string
type: object
cloudProviderConfigMap:
description: |-
CloudProviderConfigMap is a reference to a ConfigMap containing Cloud provider configuration.
The config map must contain a key named cloud-config.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
cloudProviderName:
description: CloudProviderName cloud provider name.
type: string
clusterDNS:
description: 'ClusterDNS is the cluster IP for CoreDNS service.
Should be in your service-cidr range (default: 10.43.0.10).'
type: string
clusterDomain:
description: 'ClusterDomain is the cluster domain name (default:
"cluster.local").'
type: string
cni:
description: |-
CNI describes the CNI Plugins to deploy, one of none, calico, canal, cilium;
optionally with multus as the first value to enable the multus meta-plugin (default: canal).
enum:
- none
- calico
- canal
- cilium
type: string
cniMultusEnable:
description: |-
CNIMultusEnable enables multus as the first CNI plugin (default: false).
This option will automatically make Multus a primary CNI, and the value, if specified in the CNI field, as a secondary CNI plugin.
type: boolean
disableComponents:
description: DisableComponents lists Kubernetes components and
RKE2 plugin components that will be disabled.
properties:
kubernetesComponents:
description: KubernetesComponents is a list of Kubernetes
components to disable.
items:
description: 'DisabledKubernetesComponent is an enum field
that can take one of the following values: scheduler,
kubeProxy or cloudController.'
enum:
- scheduler
- kubeProxy
- cloudController
type: string
type: array
pluginComponents:
description: PluginComponents is a list of PluginComponents
to disable.
items:
description: DisabledPluginComponent selects a plugin Components
to be disabled.
enum:
- rke2-coredns
- rke2-ingress-nginx
- rke2-metrics-server
type: string
type: array
type: object
etcd:
description: Etcd defines optional custom configuration of ETCD.
properties:
backupConfig:
description: 'BackupConfig defines how RKE2 will snapshot
ETCD: target storage, schedule, etc.'
properties:
directory:
description: Directory to save db snapshots.
type: string
disableAutomaticSnapshots:
description: |-
DisableAutomaticSnapshots defines the policy for ETCD snapshots.
true means automatic snapshots will be scheduled, false means automatic snapshots will not be scheduled.
type: boolean
retention:
description: 'Retention Number of snapshots to retain
Default: 5 (default: 5).'
type: string
s3:
description: S3 Enable backup to an S3-compatible Object
Store.
properties:
bucket:
description: Bucket S3 bucket name.
type: string
endpoint:
description: 'Endpoint S3 endpoint url (default: "s3.amazonaws.com").'
type: string
endpointCAsecret:
description: |-
EndpointCA references the Secret that contains a custom CA that should be trusted to connect to S3 endpoint.
The secret must contain a key named "ca.pem" that contains the CA certificate.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
enforceSslVerify:
description: EnforceSSLVerify may be set to false
to skip verifying the registry's certificate, default
is true.
type: boolean
folder:
description: Folder S3 folder.
type: string
region:
description: 'Region S3 region / bucket location (optional)
(default: "us-east-1").'
type: string
s3CredentialSecret:
description: |-
S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket.
The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key".
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
required:
- endpoint
- s3CredentialSecret
type: object
scheduleCron:
description: 'ScheduleCron Snapshot interval time in cron
spec. eg. every 5 hours ''* */5 * * *'' (default: "0
*/12 * * *").'
type: string
snapshotName:
description: 'SnapshotName Set the base name of etcd snapshots.
Default: etcd-snapshot-<unix-timestamp> (default: "etcd-snapshot").'
type: string
type: object
customConfig:
description: CustomConfig defines the custom settings for
ETCD.
properties:
extraArgs:
description: 'ExtraArgs is a list of command line arguments
(format: flag=value) to pass to a Kubernetes Component
command.'
items:
type: string
type: array
extraEnv:
additionalProperties:
type: string
description: ExtraEnv is a map of environment variables
to pass on to a Kubernetes Component command.
type: object
extraMounts:
additionalProperties:
type: string
description: ExtraMounts is a map of volume mounts to
be added for the Kubernetes component StaticPod
type: object
overrideImage:
description: OverrideImage is a string that references
a container image to override the default one for the
Kubernetes Component
type: string
type: object
exposeMetrics:
description: |-
ExposeEtcdMetrics defines the policy for ETCD Metrics exposure.
if value is true, ETCD metrics will be exposed
if value is false, ETCD metrics will NOT be exposed
type: boolean
type: object
kubeAPIServer:
description: KubeAPIServer defines optional custom configuration
of the Kube API Server.
properties:
extraArgs:
description: 'ExtraArgs is a list of command line arguments
(format: flag=value) to pass to a Kubernetes Component command.'
items:
type: string
type: array
extraEnv:
additionalProperties:
type: string
description: ExtraEnv is a map of environment variables to
pass on to a Kubernetes Component command.
type: object
extraMounts:
additionalProperties:
type: string
description: ExtraMounts is a map of volume mounts to be added
for the Kubernetes component StaticPod
type: object
overrideImage:
description: OverrideImage is a string that references a container
image to override the default one for the Kubernetes Component
type: string
type: object
kubeControllerManager:
description: KubeControllerManager defines optional custom configuration
of the Kube Controller Manager.
properties:
extraArgs:
description: 'ExtraArgs is a list of command line arguments
(format: flag=value) to pass to a Kubernetes Component command.'
items:
type: string
type: array
extraEnv:
additionalProperties:
type: string
description: ExtraEnv is a map of environment variables to
pass on to a Kubernetes Component command.
type: object
extraMounts:
additionalProperties:
type: string
description: ExtraMounts is a map of volume mounts to be added
for the Kubernetes component StaticPod
type: object
overrideImage:
description: OverrideImage is a string that references a container
image to override the default one for the Kubernetes Component
type: string
type: object
kubeScheduler:
description: KubeScheduler defines optional custom configuration
of the Kube Scheduler.
properties:
extraArgs:
description: 'ExtraArgs is a list of command line arguments
(format: flag=value) to pass to a Kubernetes Component command.'
items:
type: string
type: array
extraEnv:
additionalProperties:
type: string
description: ExtraEnv is a map of environment variables to
pass on to a Kubernetes Component command.
type: object
extraMounts:
additionalProperties:
type: string
description: ExtraMounts is a map of volume mounts to be added
for the Kubernetes component StaticPod
type: object
overrideImage:
description: OverrideImage is a string that references a container
image to override the default one for the Kubernetes Component
type: string
type: object
pauseImage:
description: PauseImage Override image to use for pause.
type: string
serviceNodePortRange:
description: 'ServiceNodePortRange is the port range to reserve
for services with NodePort visibility (default: "30000-32767").'
type: string
tlsSan:
description: TLSSan Add additional hostname or IP as a Subject
Alternative Name in the TLS cert.
items:
type: string
type: array
type: object
required:
- infrastructureRef
type: object
status:
description: RKE2ControlPlaneStatus defines the observed state of RKE2ControlPlane.
properties:
availableServerIPs:
description: AvailableServerIPs is a list of the Control Plane IP
adds that can be used to register further nodes.
items:
type: string
type: array
conditions:
description: Conditions defines current service state of the RKE2Config.
items:
description: Condition defines an observation of a Cluster API resource
operational state.
properties:
lastTransitionTime:
description: |-
Last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when
the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
A human readable message indicating details about the transition.
This field may be empty.
type: string
reason:
description: |-
The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may not be empty.
type: string
severity:
description: |-
Severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string
required:
- lastTransitionTime
- status
- type
type: object
type: array
dataSecretName:
description: DataSecretName is the name of the secret that stores
the bootstrap data script.
type: string
failureMessage:
description: FailureMessage will be set on non-retryable errors.
type: string
failureReason:
description: FailureReason will be set on non-retryable errors.
type: string
initialized:
description: Initialized indicates the target cluster has completed
initialization.
type: boolean
observedGeneration:
description: ObservedGeneration is the latest generation observed
by the controller.
format: int64
type: integer
ready:
description: Ready indicates the BootstrapData field is ready to be
consumed.
type: boolean
readyReplicas:
description: ReadyReplicas is the number of replicas current attached
to this ControlPlane Resource and that have Ready Status.
format: int32
type: integer
replicas:
description: Replicas is the number of replicas current attached to
this ControlPlane Resource.
format: int32
type: integer
unavailableReplicas:
description: UnavailableReplicas is the number of replicas current
attached to this ControlPlane Resource and that are up-to-date with
Control Plane config.
format: int32
type: integer
updatedReplicas:
description: UpdatedReplicas is the number of replicas current attached
to this ControlPlane Resource and that are up-to-date with Control
Plane config.
format: int32
type: integer
type: object
type: object
served: true
storage: false
subresources:
status: {}
- name: v1beta1
schema:
openAPIV3Schema:
description: RKE2ControlPlane is the Schema for the rke2controlplanes API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: RKE2ControlPlaneSpec defines the desired state of RKE2ControlPlane.
properties:
agentConfig:
description: AgentConfig specifies configuration for the agent nodes.
properties:
additionalUserData:
description: |-
AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the
generated cloud-init/ignition script.
properties:
config:
description: |-
In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp".
type: string
data:
additionalProperties:
type: string
description: |-
Data allows to pass arbitrary set of key/value pairs consistent with
https://cloudinit.readthedocs.io/en/latest/reference/modules.html
to extend existing cloud-init configuration
type: object
strict:
description: Strict controls if Config should be strictly
parsed. If so, warnings are treated as errors.
type: boolean
type: object
x-kubernetes-validations:
- message: Only config or data could be populated at once
rule: '!has(self.data) || !has(self.config)'
airGapped:
description: |-
AirGapped is a boolean value to define if the bootstrapping should be air-gapped,
basically supposing that online container registries and RKE2 install scripts are not reachable.
type: boolean
airGappedChecksum:
description: |-
AirGappedChecksum is a string value with a sha256sum checksum to compare with checksum
of existing sha256sum-<arch>.txt file for packages already available on the machine
before performing air-gapped installation.
type: string
cisProfile:
description: CISProfile activates CIS compliance of RKE2 for a
certain profile
enum:
- cis
- cis-1.23
- cis-1.5
- cis-1.6
type: string
containerRuntimeEndpoint:
description: ContainerRuntimeEndpoint Disable embedded containerd
and use alternative CRI implementation.
type: string
dataDir:
description: DataDir Folder to hold state.
type: string
enableContainerdSElinux:
description: |-
EnableContainerdSElinux defines the policy for enabling SELinux for Containerd
if value is true, Containerd will run with selinux-enabled=true flag
if value is false, Containerd will run without the above flag
type: boolean
format:
description: Format specifies the output format of the bootstrap
data. Defaults to cloud-config.
enum:
- cloud-config
- ignition
type: string
imageCredentialProviderConfigMap:
description: |-
ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config
The config map should contain a key "credential-config.yaml" with YAML file content and
a key "credential-provider-binaries" with the a path to the binaries for the credential provider.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
kubeProxy:
description: KubeProxyArgs Customized flag for kube-proxy process.
properties:
extraArgs:
description: 'ExtraArgs is a list of command line arguments
(format: flag=value) to pass to a Kubernetes Component command.'
items:
type: string
type: array
extraEnv:
additionalProperties:
type: string
description: ExtraEnv is a map of environment variables to
pass on to a Kubernetes Component command.
type: object
extraMounts:
additionalProperties:
type: string
description: ExtraMounts is a map of volume mounts to be added
for the Kubernetes component StaticPod
type: object
overrideImage:
description: OverrideImage is a string that references a container
image to override the default one for the Kubernetes Component
type: string
type: object
kubelet:
description: KubeletArgs Customized flag for kubelet process.
properties:
extraArgs:
description: 'ExtraArgs is a list of command line arguments
(format: flag=value) to pass to a Kubernetes Component command.'
items:
type: string
type: array
extraEnv:
additionalProperties:
type: string
description: ExtraEnv is a map of environment variables to
pass on to a Kubernetes Component command.
type: object
extraMounts:
additionalProperties:
type: string
description: ExtraMounts is a map of volume mounts to be added
for the Kubernetes component StaticPod
type: object
overrideImage:
description: OverrideImage is a string that references a container
image to override the default one for the Kubernetes Component
type: string
type: object
kubeletPath:
description: KubeletPath Override kubelet binary path.
type: string
loadBalancerPort:
description: |-
LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are
not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444).
type: integer
nodeAnnotations:
additionalProperties:
type: string
description: |-
NodeAnnotations are annotations that are created on nodes post bootstrap phase.
Unfortunately it is not possible to apply annotations via kubelet
using current bootstrap configurations.
Issue: https://github.com/kubernetes/kubernetes/issues/108046
type: object
nodeLabels:
description: NodeLabels Registering and starting kubelet with
set of labels.
items:
type: string
type: array
nodeName:
description: NodeNamePrefix Prefix to the Node Name that CAPI
will generate.
type: string
nodeTaints:
description: NodeTaints Registering kubelet with set of taints.
items:
type: string
type: array
ntp:
description: NTP specifies NTP configuration
properties:
enabled:
description: Enabled specifies whether NTP should be enabled
type: boolean
servers:
description: Servers specifies which NTP servers to use
items:
type: string
type: array
type: object
podSecurityAdmissionConfigFile:
description: |-
PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through
spec.Files field.
type: string
protectKernelDefaults:
description: |-
ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
if false, kernel tunable can be different from kubelet defaults
type: boolean
resolvConf:
description: ResolvConf is a reference to a ConfigMap containing
resolv.conf content for the node.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
runtimeImage:
description: RuntimeImage override image to use for runtime binaries
(containerd, kubectl, crictl, etc).
type: string
snapshotter:
description: 'Snapshotter override default containerd snapshotter
(default: "overlayfs").'
type: string
systemDefaultRegistry:
description: SystemDefaultRegistry Private registry to be used
for all system images.
type: string
type: object
files:
description: Files specifies extra files to be passed to user_data
upon creation.
items:
description: File defines the input for generating write_files in
cloud-init.
properties:
content:
description: Content is the actual content of the file.
type: string
contentFrom:
description: ContentFrom is a referenced source of content to
populate the file.
properties:
secret:
description: SecretFileSource represents a secret that should
populate this file.
properties:
key:
description: Key is the key in the secret's data map
for this value.
type: string
name:
description: Name of the secret in the RKE2BootstrapConfig's
namespace to use.
type: string
required:
- key
- name
type: object
required:
- secret
type: object
encoding:
description: Encoding specifies the encoding of the file contents.
enum:
- base64
- gzip
- gzip+base64
type: string
owner:
description: Owner specifies the ownership of the file, e.g.
"root:root".
type: string
path:
description: Path specifies the full path on disk where to store
the file.
type: string
permissions:
description: Permissions specifies the permissions to assign
to the file, e.g. "0640".
type: string
required:
- path
type: object
type: array
infrastructureRef:
description: |-
InfrastructureRef is a required reference to a custom resource
offered by an infrastructure provider.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
machineTemplate:
description: |-
MachineTemplate contains information about how machines
should be shaped when creating or updating a control plane.
properties:
infrastructureRef:
description: |-
InfrastructureRef is a required reference to a custom resource
offered by an infrastructure provider.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
metadata:
description: |-
Standard object's metadata.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
properties:
annotations:
additionalProperties:
type: string
description: |-
Annotations is an unstructured key value map stored with a resource that may be
set by external tools to store and retrieve arbitrary metadata. They are not
queryable and should be preserved when modifying objects.
More info: http://kubernetes.io/docs/user-guide/annotations
type: object
labels:
additionalProperties:
type: string
description: |-
Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services.
More info: http://kubernetes.io/docs/user-guide/labels
type: object
type: object
nodeDrainTimeout:
description: |-
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
The default value is 0, meaning that the node can be drained without any time limitations.
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
type: string
required:
- infrastructureRef
type: object
manifestsConfigMapReference:
description: |-
ManifestsConfigMapReference references a ConfigMap which contains Kubernetes manifests to be deployed automatically on the cluster
Each data entry in the ConfigMap will be will be copied to a folder on the control plane nodes that RKE2 scans and uses to deploy manifests.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
nodeDrainTimeout:
description: |-
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
The default value is 0, meaning that the node can be drained without any time limitations.
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
type: string
postRKE2Commands:
description: PostRKE2Commands specifies extra commands to run after
rke2 setup runs.
items:
type: string
type: array
preRKE2Commands:
description: PreRKE2Commands specifies extra commands to run before
rke2 setup runs.
items:
type: string
type: array
privateRegistriesConfig:
description: PrivateRegistriesConfig defines the containerd configuration
for private registries and local registry mirrors.
properties:
configs:
additionalProperties:
description: RegistryConfig contains configuration used to communicate
with the registry.
properties:
authSecret:
description: |-
Auth is a reference to a Secret containing information to authenticate to the registry.
The Secret must provite a username and a password data entry.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
tls:
description: |-
TLS is a pair of CA/Cert/Key which then are used when creating the transport
that communicates with the registry.
properties:
insecureSkipVerify:
description: InsecureSkipVerify may be set to false
to skip verifying the registry's certificate, default
is true.
type: boolean
tlsConfigSecret:
description: |-
TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt
which describe the TLS configuration necessary to connect to the registry.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
type: object
type: object
description: |-
Configs are configs for each registry.
The key is the FDQN or IP of the registry.
type: object
mirrors:
additionalProperties:
description: Mirror contains the config related to the registry
mirror.
properties:
endpoint:
description: |-
Endpoints are endpoints for a namespace. CRI plugin will try the endpoints
one by one until a working one is found. The endpoint must be a valid url
with host specified.
The scheme, host and path from the endpoint URL will be used.
items:
type: string
type: array
rewrite:
additionalProperties:
type: string
description: |-
Rewrites are repository rewrite rules for a namespace. When fetching image resources
from an endpoint and a key matches the repository via regular expression matching
it will be replaced with the corresponding value from the map in the resource request.
type: object
type: object
description: Mirrors are namespace to mirror mapping for all namespaces.
type: object
type: object
registrationAddress:
description: |-
RegistrationAddress is an explicit address to use when registering a node. This is required if
the registration type is "address". Its for scenarios where a load-balancer or VIP is used.
type: string
registrationMethod:
description: RegistrationMethod is the method to use for registering
nodes into the RKE2 cluster.
enum:
- internal-first
- internal-only-ips
- external-only-ips
- address
- control-plane-endpoint
- ""
type: string
replicas:
description: Replicas is the number of replicas for the Control Plane.
format: int32
type: integer
rolloutStrategy:
description: The RolloutStrategy to use to replace control plane machines
with new ones.
properties:
rollingUpdate:
description: Rolling update config params. Present only if RolloutStrategyType
= RollingUpdate.
properties:
maxSurge:
anyOf:
- type: integer
- type: string
description: |-
The maximum number of control planes that can be scheduled above or under the
desired number of control planes.
Value can be an absolute number 1 or 0.
Defaults to 1.
Example: when this is set to 1, the control plane can be scaled
up immediately when the rolling update starts.
x-kubernetes-int-or-string: true
type: object
type:
description: |-
Type of rollout. Currently the only supported strategy is "RollingUpdate".
Default is RollingUpdate.
type: string
type: object
serverConfig:
description: ServerConfig specifies configuration for the agent nodes.
properties:
advertiseAddress:
description: 'AdvertiseAddress IP address that apiserver uses
to advertise to members of the cluster (default: node-external-ip/node-ip).'
type: string
auditPolicySecret:
description: AuditPolicySecret path to the file that defines the
audit policy configuration.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
bindAddress:
description: 'BindAddress describes the rke2 bind address (default:
0.0.0.0).'
type: string
cloudControllerManager:
description: CloudControllerManager defines optional custom configuration
of the Cloud Controller Manager.
properties:
extraArgs:
description: 'ExtraArgs is a list of command line arguments
(format: flag=value) to pass to a Kubernetes Component command.'
items:
type: string
type: array
extraEnv:
additionalProperties:
type: string
description: ExtraEnv is a map of environment variables to
pass on to a Kubernetes Component command.
type: object
extraMounts:
additionalProperties:
type: string
description: ExtraMounts is a map of volume mounts to be added
for the Kubernetes component StaticPod
type: object
overrideImage:
description: OverrideImage is a string that references a container
image to override the default one for the Kubernetes Component
type: string
type: object
cloudProviderConfigMap:
description: |-
CloudProviderConfigMap is a reference to a ConfigMap containing Cloud provider configuration.
The config map must contain a key named cloud-config.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
cloudProviderName:
description: CloudProviderName cloud provider name.
type: string
clusterDNS:
description: 'ClusterDNS is the cluster IP for CoreDNS service.
Should be in your service-cidr range (default: 10.43.0.10).'
type: string
clusterDomain:
description: 'ClusterDomain is the cluster domain name (default:
"cluster.local").'
type: string
cni:
description: |-
CNI describes the CNI Plugins to deploy, one of none, calico, canal, cilium;
optionally with multus as the first value to enable the multus meta-plugin (default: canal).
enum:
- none
- calico
- canal
- cilium
type: string
cniMultusEnable:
description: |-
CNIMultusEnable enables multus as the first CNI plugin (default: false).
This option will automatically make Multus a primary CNI, and the value, if specified in the CNI field, as a secondary CNI plugin.
type: boolean
disableComponents:
description: DisableComponents lists Kubernetes components and
RKE2 plugin components that will be disabled.
properties:
kubernetesComponents:
description: KubernetesComponents is a list of Kubernetes
components to disable.
items:
description: 'DisabledKubernetesComponent is an enum field
that can take one of the following values: scheduler,
kubeProxy or cloudController.'
enum:
- scheduler
- kubeProxy
- cloudController
type: string
type: array
pluginComponents:
description: PluginComponents is a list of PluginComponents
to disable.
items:
description: DisabledPluginComponent selects a plugin Components
to be disabled.
enum:
- rke2-coredns
- rke2-ingress-nginx
- rke2-metrics-server
type: string
type: array
type: object
etcd:
description: Etcd defines optional custom configuration of ETCD.
properties:
backupConfig:
description: 'BackupConfig defines how RKE2 will snapshot
ETCD: target storage, schedule, etc.'
properties:
directory:
description: Directory to save db snapshots.
type: string
disableAutomaticSnapshots:
description: |-
DisableAutomaticSnapshots defines the policy for ETCD snapshots.
true means automatic snapshots will be scheduled, false means automatic snapshots will not be scheduled.
type: boolean
retention:
description: 'Retention Number of snapshots to retain
Default: 5 (default: 5).'
type: string
s3:
description: S3 Enable backup to an S3-compatible Object
Store.
properties:
bucket:
description: Bucket S3 bucket name.
type: string
endpoint:
description: 'Endpoint S3 endpoint url (default: "s3.amazonaws.com").'
type: string
endpointCAsecret:
description: |-
EndpointCA references the Secret that contains a custom CA that should be trusted to connect to S3 endpoint.
The secret must contain a key named "ca.pem" that contains the CA certificate.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
enforceSslVerify:
description: EnforceSSLVerify may be set to false
to skip verifying the registry's certificate, default
is true.
type: boolean
folder:
description: Folder S3 folder.
type: string
region:
description: 'Region S3 region / bucket location (optional)
(default: "us-east-1").'
type: string
s3CredentialSecret:
description: |-
S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket.
The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key".
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
required:
- endpoint
- s3CredentialSecret
type: object
scheduleCron:
description: 'ScheduleCron Snapshot interval time in cron
spec. eg. every 5 hours ''* */5 * * *'' (default: "0
*/12 * * *").'
type: string
snapshotName:
description: 'SnapshotName Set the base name of etcd snapshots.
Default: etcd-snapshot-<unix-timestamp> (default: "etcd-snapshot").'
type: string
type: object
customConfig:
description: CustomConfig defines the custom settings for
ETCD.
properties:
extraArgs:
description: 'ExtraArgs is a list of command line arguments
(format: flag=value) to pass to a Kubernetes Component
command.'
items:
type: string
type: array
extraEnv:
additionalProperties:
type: string
description: ExtraEnv is a map of environment variables
to pass on to a Kubernetes Component command.
type: object
extraMounts:
additionalProperties:
type: string
description: ExtraMounts is a map of volume mounts to
be added for the Kubernetes component StaticPod
type: object
overrideImage:
description: OverrideImage is a string that references
a container image to override the default one for the
Kubernetes Component
type: string
type: object
exposeMetrics:
description: |-
ExposeEtcdMetrics defines the policy for ETCD Metrics exposure.
if value is true, ETCD metrics will be exposed
if value is false, ETCD metrics will NOT be exposed
type: boolean
type: object
kubeAPIServer:
description: KubeAPIServer defines optional custom configuration
of the Kube API Server.
properties:
extraArgs:
description: 'ExtraArgs is a list of command line arguments
(format: flag=value) to pass to a Kubernetes Component command.'
items:
type: string
type: array
extraEnv:
additionalProperties:
type: string
description: ExtraEnv is a map of environment variables to
pass on to a Kubernetes Component command.
type: object
extraMounts:
additionalProperties:
type: string
description: ExtraMounts is a map of volume mounts to be added
for the Kubernetes component StaticPod
type: object
overrideImage:
description: OverrideImage is a string that references a container
image to override the default one for the Kubernetes Component
type: string
type: object
kubeControllerManager:
description: KubeControllerManager defines optional custom configuration
of the Kube Controller Manager.
properties:
extraArgs:
description: 'ExtraArgs is a list of command line arguments
(format: flag=value) to pass to a Kubernetes Component command.'
items:
type: string
type: array
extraEnv:
additionalProperties:
type: string
description: ExtraEnv is a map of environment variables to
pass on to a Kubernetes Component command.
type: object
extraMounts:
additionalProperties:
type: string
description: ExtraMounts is a map of volume mounts to be added
for the Kubernetes component StaticPod
type: object
overrideImage:
description: OverrideImage is a string that references a container
image to override the default one for the Kubernetes Component
type: string
type: object
kubeScheduler:
description: KubeScheduler defines optional custom configuration
of the Kube Scheduler.
properties:
extraArgs:
description: 'ExtraArgs is a list of command line arguments
(format: flag=value) to pass to a Kubernetes Component command.'
items:
type: string
type: array
extraEnv:
additionalProperties:
type: string
description: ExtraEnv is a map of environment variables to
pass on to a Kubernetes Component command.
type: object
extraMounts:
additionalProperties:
type: string
description: ExtraMounts is a map of volume mounts to be added
for the Kubernetes component StaticPod
type: object
overrideImage:
description: OverrideImage is a string that references a container
image to override the default one for the Kubernetes Component
type: string
type: object
pauseImage:
description: PauseImage Override image to use for pause.
type: string
serviceNodePortRange:
description: 'ServiceNodePortRange is the port range to reserve
for services with NodePort visibility (default: "30000-32767").'
type: string
tlsSan:
description: TLSSan Add additional hostname or IP as a Subject
Alternative Name in the TLS cert.
items:
type: string
type: array
type: object
version:
description: |-
Version defines the desired Kubernetes version.
This field takes precedence over RKE2ConfigSpec.AgentConfig.Version (which is deprecated).
pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$
type: string
required:
- infrastructureRef
- rolloutStrategy
type: object
status:
description: RKE2ControlPlaneStatus defines the observed state of RKE2ControlPlane.
properties:
availableServerIPs:
description: AvailableServerIPs is a list of the Control Plane IP
adds that can be used to register further nodes.
items:
type: string
type: array
conditions:
description: Conditions defines current service state of the RKE2Config.
items:
description: Condition defines an observation of a Cluster API resource
operational state.
properties:
lastTransitionTime:
description: |-
Last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when
the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
A human readable message indicating details about the transition.
This field may be empty.
type: string
reason:
description: |-
The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may not be empty.
type: string
severity:
description: |-
Severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string
required:
- lastTransitionTime
- status
- type
type: object
type: array
dataSecretName:
description: DataSecretName is the name of the secret that stores
the bootstrap data script.
type: string
failureMessage:
description: FailureMessage will be set on non-retryable errors.
type: string
failureReason:
description: FailureReason will be set on non-retryable errors.
type: string
initialized:
description: Initialized indicates the target cluster has completed
initialization.
type: boolean
observedGeneration:
description: ObservedGeneration is the latest generation observed
by the controller.
format: int64
type: integer
ready:
description: Ready indicates the BootstrapData field is ready to be
consumed.
type: boolean
readyReplicas:
description: ReadyReplicas is the number of replicas current attached
to this ControlPlane Resource and that have Ready Status.
format: int32
type: integer
replicas:
description: Replicas is the number of replicas current attached to
this ControlPlane Resource.
format: int32
type: integer
unavailableReplicas:
description: UnavailableReplicas is the number of replicas current
attached to this ControlPlane Resource and that are up-to-date with
Control Plane config.
format: int32
type: integer
updatedReplicas:
description: UpdatedReplicas is the number of replicas current attached
to this ControlPlane Resource and that are up-to-date with Control
Plane config.
format: int32
type: integer
version:
description: |-
Version represents the minimum Kubernetes version for the control plane machines
in the cluster.
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
controller-gen.kubebuilder.io/version: v0.14.0
labels:
cluster.x-k8s.io/provider: control-plane-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
name: rke2controlplanetemplates.controlplane.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
name: rke2-control-plane-webhook-service
namespace: rke2-control-plane-system
path: /convert
conversionReviewVersions:
- v1
- v1beta1
group: controlplane.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: RKE2ControlPlaneTemplate
listKind: RKE2ControlPlaneTemplateList
plural: rke2controlplanetemplates
shortNames:
- rke2ct
singular: rke2controlplanetemplate
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: RKE2ControlPlaneTemplate is the Schema for the rke2controlplanetemplates
API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: RKE2ControlPlaneTemplateSpec defines the desired state of
RKE2ControlPlaneTemplate.
type: object
status:
description: RKE2ControlPlaneTemplateStatus defines the observed state
of RKE2ControlPlaneTemplate.
type: object
type: object
served: true
storage: false
subresources:
status: {}
- name: v1beta1
schema:
openAPIV3Schema:
description: RKE2ControlPlaneTemplate is the Schema for the rke2controlplanetemplates
API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: Spec is the control plane specification for the template
resource.
properties:
template:
description: RKE2ControlPlaneTemplateResource contains spec for RKE2ControlPlaneTemplate.
properties:
spec:
description: Spec is the specification of the desired behavior
of the control plane.
properties:
agentConfig:
description: AgentConfig specifies configuration for the agent
nodes.
properties:
additionalUserData:
description: |-
AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the
generated cloud-init/ignition script.
properties:
config:
description: |-
In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp".
type: string
data:
additionalProperties:
type: string
description: |-
Data allows to pass arbitrary set of key/value pairs consistent with
https://cloudinit.readthedocs.io/en/latest/reference/modules.html
to extend existing cloud-init configuration
type: object
strict:
description: Strict controls if Config should be strictly
parsed. If so, warnings are treated as errors.
type: boolean
type: object
x-kubernetes-validations:
- message: Only config or data could be populated at once
rule: '!has(self.data) || !has(self.config)'
airGapped:
description: |-
AirGapped is a boolean value to define if the bootstrapping should be air-gapped,
basically supposing that online container registries and RKE2 install scripts are not reachable.
type: boolean
airGappedChecksum:
description: |-
AirGappedChecksum is a string value with a sha256sum checksum to compare with checksum
of existing sha256sum-<arch>.txt file for packages already available on the machine
before performing air-gapped installation.
type: string
cisProfile:
description: CISProfile activates CIS compliance of RKE2
for a certain profile
enum:
- cis
- cis-1.23
- cis-1.5
- cis-1.6
type: string
containerRuntimeEndpoint:
description: ContainerRuntimeEndpoint Disable embedded
containerd and use alternative CRI implementation.
type: string
dataDir:
description: DataDir Folder to hold state.
type: string
enableContainerdSElinux:
description: |-
EnableContainerdSElinux defines the policy for enabling SELinux for Containerd
if value is true, Containerd will run with selinux-enabled=true flag
if value is false, Containerd will run without the above flag
type: boolean
format:
description: Format specifies the output format of the
bootstrap data. Defaults to cloud-config.
enum:
- cloud-config
- ignition
type: string
imageCredentialProviderConfigMap:
description: |-
ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config
The config map should contain a key "credential-config.yaml" with YAML file content and
a key "credential-provider-binaries" with the a path to the binaries for the credential provider.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
kubeProxy:
description: KubeProxyArgs Customized flag for kube-proxy
process.
properties:
extraArgs:
description: 'ExtraArgs is a list of command line
arguments (format: flag=value) to pass to a Kubernetes
Component command.'
items:
type: string
type: array
extraEnv:
additionalProperties:
type: string
description: ExtraEnv is a map of environment variables
to pass on to a Kubernetes Component command.
type: object
extraMounts:
additionalProperties:
type: string
description: ExtraMounts is a map of volume mounts
to be added for the Kubernetes component StaticPod
type: object
overrideImage:
description: OverrideImage is a string that references
a container image to override the default one for
the Kubernetes Component
type: string
type: object
kubelet:
description: KubeletArgs Customized flag for kubelet process.
properties:
extraArgs:
description: 'ExtraArgs is a list of command line
arguments (format: flag=value) to pass to a Kubernetes
Component command.'
items:
type: string
type: array
extraEnv:
additionalProperties:
type: string
description: ExtraEnv is a map of environment variables
to pass on to a Kubernetes Component command.
type: object
extraMounts:
additionalProperties:
type: string
description: ExtraMounts is a map of volume mounts
to be added for the Kubernetes component StaticPod
type: object
overrideImage:
description: OverrideImage is a string that references
a container image to override the default one for
the Kubernetes Component
type: string
type: object
kubeletPath:
description: KubeletPath Override kubelet binary path.
type: string
loadBalancerPort:
description: |-
LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are
not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444).
type: integer
nodeAnnotations:
additionalProperties:
type: string
description: |-
NodeAnnotations are annotations that are created on nodes post bootstrap phase.
Unfortunately it is not possible to apply annotations via kubelet
using current bootstrap configurations.
Issue: https://github.com/kubernetes/kubernetes/issues/108046
type: object
nodeLabels:
description: NodeLabels Registering and starting kubelet
with set of labels.
items:
type: string
type: array
nodeName:
description: NodeNamePrefix Prefix to the Node Name that
CAPI will generate.
type: string
nodeTaints:
description: NodeTaints Registering kubelet with set of
taints.
items:
type: string
type: array
ntp:
description: NTP specifies NTP configuration
properties:
enabled:
description: Enabled specifies whether NTP should
be enabled
type: boolean
servers:
description: Servers specifies which NTP servers to
use
items:
type: string
type: array
type: object
podSecurityAdmissionConfigFile:
description: |-
PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through
spec.Files field.
type: string
protectKernelDefaults:
description: |-
ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
if false, kernel tunable can be different from kubelet defaults
type: boolean
resolvConf:
description: ResolvConf is a reference to a ConfigMap
containing resolv.conf content for the node.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
runtimeImage:
description: RuntimeImage override image to use for runtime
binaries (containerd, kubectl, crictl, etc).
type: string
snapshotter:
description: 'Snapshotter override default containerd
snapshotter (default: "overlayfs").'
type: string
systemDefaultRegistry:
description: SystemDefaultRegistry Private registry to
be used for all system images.
type: string
type: object
files:
description: Files specifies extra files to be passed to user_data
upon creation.
items:
description: File defines the input for generating write_files
in cloud-init.
properties:
content:
description: Content is the actual content of the file.
type: string
contentFrom:
description: ContentFrom is a referenced source of content
to populate the file.
properties:
secret:
description: SecretFileSource represents a secret
that should populate this file.
properties:
key:
description: Key is the key in the secret's
data map for this value.
type: string
name:
description: Name of the secret in the RKE2BootstrapConfig's
namespace to use.
type: string
required:
- key
- name
type: object
required:
- secret
type: object
encoding:
description: Encoding specifies the encoding of the
file contents.
enum:
- base64
- gzip
- gzip+base64
type: string
owner:
description: Owner specifies the ownership of the file,
e.g. "root:root".
type: string
path:
description: Path specifies the full path on disk where
to store the file.
type: string
permissions:
description: Permissions specifies the permissions to
assign to the file, e.g. "0640".
type: string
required:
- path
type: object
type: array
infrastructureRef:
description: |-
InfrastructureRef is a required reference to a custom resource
offered by an infrastructure provider.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
machineTemplate:
description: |-
MachineTemplate contains information about how machines
should be shaped when creating or updating a control plane.
properties:
infrastructureRef:
description: |-
InfrastructureRef is a required reference to a custom resource
offered by an infrastructure provider.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
metadata:
description: |-
Standard object's metadata.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
properties:
annotations:
additionalProperties:
type: string
description: |-
Annotations is an unstructured key value map stored with a resource that may be
set by external tools to store and retrieve arbitrary metadata. They are not
queryable and should be preserved when modifying objects.
More info: http://kubernetes.io/docs/user-guide/annotations
type: object
labels:
additionalProperties:
type: string
description: |-
Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services.
More info: http://kubernetes.io/docs/user-guide/labels
type: object
type: object
nodeDrainTimeout:
description: |-
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
The default value is 0, meaning that the node can be drained without any time limitations.
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
type: string
required:
- infrastructureRef
type: object
manifestsConfigMapReference:
description: |-
ManifestsConfigMapReference references a ConfigMap which contains Kubernetes manifests to be deployed automatically on the cluster
Each data entry in the ConfigMap will be will be copied to a folder on the control plane nodes that RKE2 scans and uses to deploy manifests.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
nodeDrainTimeout:
description: |-
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
The default value is 0, meaning that the node can be drained without any time limitations.
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
type: string
postRKE2Commands:
description: PostRKE2Commands specifies extra commands to
run after rke2 setup runs.
items:
type: string
type: array
preRKE2Commands:
description: PreRKE2Commands specifies extra commands to run
before rke2 setup runs.
items:
type: string
type: array
privateRegistriesConfig:
description: PrivateRegistriesConfig defines the containerd
configuration for private registries and local registry
mirrors.
properties:
configs:
additionalProperties:
description: RegistryConfig contains configuration used
to communicate with the registry.
properties:
authSecret:
description: |-
Auth is a reference to a Secret containing information to authenticate to the registry.
The Secret must provite a username and a password data entry.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
tls:
description: |-
TLS is a pair of CA/Cert/Key which then are used when creating the transport
that communicates with the registry.
properties:
insecureSkipVerify:
description: InsecureSkipVerify may be set to
false to skip verifying the registry's certificate,
default is true.
type: boolean
tlsConfigSecret:
description: |-
TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt
which describe the TLS configuration necessary to connect to the registry.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
type: object
type: object
description: |-
Configs are configs for each registry.
The key is the FDQN or IP of the registry.
type: object
mirrors:
additionalProperties:
description: Mirror contains the config related to the
registry mirror.
properties:
endpoint:
description: |-
Endpoints are endpoints for a namespace. CRI plugin will try the endpoints
one by one until a working one is found. The endpoint must be a valid url
with host specified.
The scheme, host and path from the endpoint URL will be used.
items:
type: string
type: array
rewrite:
additionalProperties:
type: string
description: |-
Rewrites are repository rewrite rules for a namespace. When fetching image resources
from an endpoint and a key matches the repository via regular expression matching
it will be replaced with the corresponding value from the map in the resource request.
type: object
type: object
description: Mirrors are namespace to mirror mapping for
all namespaces.
type: object
type: object
registrationAddress:
description: |-
RegistrationAddress is an explicit address to use when registering a node. This is required if
the registration type is "address". Its for scenarios where a load-balancer or VIP is used.
type: string
registrationMethod:
description: RegistrationMethod is the method to use for registering
nodes into the RKE2 cluster.
enum:
- internal-first
- internal-only-ips
- external-only-ips
- address
- control-plane-endpoint
- ""
type: string
replicas:
description: Replicas is the number of replicas for the Control
Plane.
format: int32
type: integer
rolloutStrategy:
description: The RolloutStrategy to use to replace control
plane machines with new ones.
properties:
rollingUpdate:
description: Rolling update config params. Present only
if RolloutStrategyType = RollingUpdate.
properties:
maxSurge:
anyOf:
- type: integer
- type: string
description: |-
The maximum number of control planes that can be scheduled above or under the
desired number of control planes.
Value can be an absolute number 1 or 0.
Defaults to 1.
Example: when this is set to 1, the control plane can be scaled
up immediately when the rolling update starts.
x-kubernetes-int-or-string: true
type: object
type:
description: |-
Type of rollout. Currently the only supported strategy is "RollingUpdate".
Default is RollingUpdate.
type: string
type: object
serverConfig:
description: ServerConfig specifies configuration for the
agent nodes.
properties:
advertiseAddress:
description: 'AdvertiseAddress IP address that apiserver
uses to advertise to members of the cluster (default:
node-external-ip/node-ip).'
type: string
auditPolicySecret:
description: AuditPolicySecret path to the file that defines
the audit policy configuration.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
bindAddress:
description: 'BindAddress describes the rke2 bind address
(default: 0.0.0.0).'
type: string
cloudControllerManager:
description: CloudControllerManager defines optional custom
configuration of the Cloud Controller Manager.
properties:
extraArgs:
description: 'ExtraArgs is a list of command line
arguments (format: flag=value) to pass to a Kubernetes
Component command.'
items:
type: string
type: array
extraEnv:
additionalProperties:
type: string
description: ExtraEnv is a map of environment variables
to pass on to a Kubernetes Component command.
type: object
extraMounts:
additionalProperties:
type: string
description: ExtraMounts is a map of volume mounts
to be added for the Kubernetes component StaticPod
type: object
overrideImage:
description: OverrideImage is a string that references
a container image to override the default one for
the Kubernetes Component
type: string
type: object
cloudProviderConfigMap:
description: |-
CloudProviderConfigMap is a reference to a ConfigMap containing Cloud provider configuration.
The config map must contain a key named cloud-config.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
cloudProviderName:
description: CloudProviderName cloud provider name.
type: string
clusterDNS:
description: 'ClusterDNS is the cluster IP for CoreDNS
service. Should be in your service-cidr range (default:
10.43.0.10).'
type: string
clusterDomain:
description: 'ClusterDomain is the cluster domain name
(default: "cluster.local").'
type: string
cni:
description: |-
CNI describes the CNI Plugins to deploy, one of none, calico, canal, cilium;
optionally with multus as the first value to enable the multus meta-plugin (default: canal).
enum:
- none
- calico
- canal
- cilium
type: string
cniMultusEnable:
description: |-
CNIMultusEnable enables multus as the first CNI plugin (default: false).
This option will automatically make Multus a primary CNI, and the value, if specified in the CNI field, as a secondary CNI plugin.
type: boolean
disableComponents:
description: DisableComponents lists Kubernetes components
and RKE2 plugin components that will be disabled.
properties:
kubernetesComponents:
description: KubernetesComponents is a list of Kubernetes
components to disable.
items:
description: 'DisabledKubernetesComponent is an
enum field that can take one of the following
values: scheduler, kubeProxy or cloudController.'
enum:
- scheduler
- kubeProxy
- cloudController
type: string
type: array
pluginComponents:
description: PluginComponents is a list of PluginComponents
to disable.
items:
description: DisabledPluginComponent selects a plugin
Components to be disabled.
enum:
- rke2-coredns
- rke2-ingress-nginx
- rke2-metrics-server
type: string
type: array
type: object
etcd:
description: Etcd defines optional custom configuration
of ETCD.
properties:
backupConfig:
description: 'BackupConfig defines how RKE2 will snapshot
ETCD: target storage, schedule, etc.'
properties:
directory:
description: Directory to save db snapshots.
type: string
disableAutomaticSnapshots:
description: |-
DisableAutomaticSnapshots defines the policy for ETCD snapshots.
true means automatic snapshots will be scheduled, false means automatic snapshots will not be scheduled.
type: boolean
retention:
description: 'Retention Number of snapshots to
retain Default: 5 (default: 5).'
type: string
s3:
description: S3 Enable backup to an S3-compatible
Object Store.
properties:
bucket:
description: Bucket S3 bucket name.
type: string
endpoint:
description: 'Endpoint S3 endpoint url (default:
"s3.amazonaws.com").'
type: string
endpointCAsecret:
description: |-
EndpointCA references the Secret that contains a custom CA that should be trusted to connect to S3 endpoint.
The secret must contain a key named "ca.pem" that contains the CA certificate.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
enforceSslVerify:
description: EnforceSSLVerify may be set to
false to skip verifying the registry's certificate,
default is true.
type: boolean
folder:
description: Folder S3 folder.
type: string
region:
description: 'Region S3 region / bucket location
(optional) (default: "us-east-1").'
type: string
s3CredentialSecret:
description: |-
S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket.
The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key".
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
required:
- endpoint
- s3CredentialSecret
type: object
scheduleCron:
description: 'ScheduleCron Snapshot interval time
in cron spec. eg. every 5 hours ''* */5 * *
*'' (default: "0 */12 * * *").'
type: string
snapshotName:
description: 'SnapshotName Set the base name of
etcd snapshots. Default: etcd-snapshot-<unix-timestamp>
(default: "etcd-snapshot").'
type: string
type: object
customConfig:
description: CustomConfig defines the custom settings
for ETCD.
properties:
extraArgs:
description: 'ExtraArgs is a list of command line
arguments (format: flag=value) to pass to a
Kubernetes Component command.'
items:
type: string
type: array
extraEnv:
additionalProperties:
type: string
description: ExtraEnv is a map of environment
variables to pass on to a Kubernetes Component
command.
type: object
extraMounts:
additionalProperties:
type: string
description: ExtraMounts is a map of volume mounts
to be added for the Kubernetes component StaticPod
type: object
overrideImage:
description: OverrideImage is a string that references
a container image to override the default one
for the Kubernetes Component
type: string
type: object
exposeMetrics:
description: |-
ExposeEtcdMetrics defines the policy for ETCD Metrics exposure.
if value is true, ETCD metrics will be exposed
if value is false, ETCD metrics will NOT be exposed
type: boolean
type: object
kubeAPIServer:
description: KubeAPIServer defines optional custom configuration
of the Kube API Server.
properties:
extraArgs:
description: 'ExtraArgs is a list of command line
arguments (format: flag=value) to pass to a Kubernetes
Component command.'
items:
type: string
type: array
extraEnv:
additionalProperties:
type: string
description: ExtraEnv is a map of environment variables
to pass on to a Kubernetes Component command.
type: object
extraMounts:
additionalProperties:
type: string
description: ExtraMounts is a map of volume mounts
to be added for the Kubernetes component StaticPod
type: object
overrideImage:
description: OverrideImage is a string that references
a container image to override the default one for
the Kubernetes Component
type: string
type: object
kubeControllerManager:
description: KubeControllerManager defines optional custom
configuration of the Kube Controller Manager.
properties:
extraArgs:
description: 'ExtraArgs is a list of command line
arguments (format: flag=value) to pass to a Kubernetes
Component command.'
items:
type: string
type: array
extraEnv:
additionalProperties:
type: string
description: ExtraEnv is a map of environment variables
to pass on to a Kubernetes Component command.
type: object
extraMounts:
additionalProperties:
type: string
description: ExtraMounts is a map of volume mounts
to be added for the Kubernetes component StaticPod
type: object
overrideImage:
description: OverrideImage is a string that references
a container image to override the default one for
the Kubernetes Component
type: string
type: object
kubeScheduler:
description: KubeScheduler defines optional custom configuration
of the Kube Scheduler.
properties:
extraArgs:
description: 'ExtraArgs is a list of command line
arguments (format: flag=value) to pass to a Kubernetes
Component command.'
items:
type: string
type: array
extraEnv:
additionalProperties:
type: string
description: ExtraEnv is a map of environment variables
to pass on to a Kubernetes Component command.
type: object
extraMounts:
additionalProperties:
type: string
description: ExtraMounts is a map of volume mounts
to be added for the Kubernetes component StaticPod
type: object
overrideImage:
description: OverrideImage is a string that references
a container image to override the default one for
the Kubernetes Component
type: string
type: object
pauseImage:
description: PauseImage Override image to use for pause.
type: string
serviceNodePortRange:
description: 'ServiceNodePortRange is the port range to
reserve for services with NodePort visibility (default:
"30000-32767").'
type: string
tlsSan:
description: TLSSan Add additional hostname or IP as a
Subject Alternative Name in the TLS cert.
items:
type: string
type: array
type: object
version:
description: |-
Version defines the desired Kubernetes version.
This field takes precedence over RKE2ConfigSpec.AgentConfig.Version (which is deprecated).
pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$
type: string
required:
- infrastructureRef
- rolloutStrategy
type: object
required:
- spec
type: object
required:
- template
type: object
status:
description: Status is the current state of the control plane.
properties:
availableServerIPs:
description: AvailableServerIPs is a list of the Control Plane IP
adds that can be used to register further nodes.
items:
type: string
type: array
conditions:
description: Conditions defines current service state of the RKE2Config.
items:
description: Condition defines an observation of a Cluster API resource
operational state.
properties:
lastTransitionTime:
description: |-
Last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when
the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
A human readable message indicating details about the transition.
This field may be empty.
type: string
reason:
description: |-
The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may not be empty.
type: string
severity:
description: |-
Severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string
required:
- lastTransitionTime
- status
- type
type: object
type: array
dataSecretName:
description: DataSecretName is the name of the secret that stores
the bootstrap data script.
type: string
failureMessage:
description: FailureMessage will be set on non-retryable errors.
type: string
failureReason:
description: FailureReason will be set on non-retryable errors.
type: string
initialized:
description: Initialized indicates the target cluster has completed
initialization.
type: boolean
observedGeneration:
description: ObservedGeneration is the latest generation observed
by the controller.
format: int64
type: integer
ready:
description: Ready indicates the BootstrapData field is ready to be
consumed.
type: boolean
readyReplicas:
description: ReadyReplicas is the number of replicas current attached
to this ControlPlane Resource and that have Ready Status.
format: int32
type: integer
replicas:
description: Replicas is the number of replicas current attached to
this ControlPlane Resource.
format: int32
type: integer
unavailableReplicas:
description: UnavailableReplicas is the number of replicas current
attached to this ControlPlane Resource and that are up-to-date with
Control Plane config.
format: int32
type: integer
updatedReplicas:
description: UpdatedReplicas is the number of replicas current attached
to this ControlPlane Resource and that are up-to-date with Control
Plane config.
format: int32
type: integer
version:
description: |-
Version represents the minimum Kubernetes version for the control plane machines
in the cluster.
type: string
type: object
type: object
served: true
storage: true
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
cluster.x-k8s.io/provider: control-plane-rke2
name: rke2-control-plane-manager
namespace: rke2-control-plane-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
cluster.x-k8s.io/provider: control-plane-rke2
name: rke2-control-plane-leader-election-role
namespace: rke2-control-plane-system
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
aggregationRule:
clusterRoleSelectors:
- matchLabels:
rke2.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true"
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
cluster.x-k8s.io/provider: control-plane-rke2
name: rke2-control-plane-aggregated-manager-role
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
cluster.x-k8s.io/provider: control-plane-rke2
rke2.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true"
name: rke2-control-plane-manager-role
rules:
- apiGroups:
- ""
resources:
- configmaps
- events
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- bootstrap.cluster.x-k8s.io
resources:
- rke2configs
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters
- clusters/status
- machinepools
- machinepools/status
- machines
- machines/status
- machinesets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- controlplane.cluster.x-k8s.io
resources:
- rke2controlplanes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- controlplane.cluster.x-k8s.io
resources:
- rke2controlplanes/finalizers
verbs:
- update
- apiGroups:
- controlplane.cluster.x-k8s.io
resources:
- rke2controlplanes/status
verbs:
- get
- patch
- update
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- '*'
verbs:
- create
- delete
- get
- list
- patch
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
cluster.x-k8s.io/provider: control-plane-rke2
name: rke2-control-plane-leader-election-rolebinding
namespace: rke2-control-plane-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: rke2-control-plane-leader-election-role
subjects:
- kind: ServiceAccount
name: rke2-control-plane-manager
namespace: rke2-control-plane-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
cluster.x-k8s.io/provider: control-plane-rke2
name: rke2-control-plane-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: rke2-control-plane-aggregated-manager-role
subjects:
- kind: ServiceAccount
name: rke2-control-plane-manager
namespace: rke2-control-plane-system
---
apiVersion: v1
kind: Service
metadata:
labels:
cluster.x-k8s.io/provider: control-plane-rke2
name: rke2-control-plane-webhook-service
namespace: rke2-control-plane-system
spec:
ports:
- port: 443
targetPort: webhook-server
selector:
cluster.x-k8s.io/provider: control-plane-rke2
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
cluster.x-k8s.io/provider: control-plane-rke2
control-plane: controller-manager
name: rke2-control-plane-controller-manager
namespace: rke2-control-plane-system
spec:
replicas: 1
selector:
matchLabels:
cluster.x-k8s.io/provider: control-plane-rke2
control-plane: controller-manager
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: manager
labels:
cluster.x-k8s.io/provider: control-plane-rke2
control-plane: controller-manager
spec:
containers:
- args:
- --leader-elect
- --diagnostics-address=${CAPRKE2_DIAGNOSTICS_ADDRESS:=:8443}
- --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
command:
- /manager
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_UID
valueFrom:
fieldRef:
fieldPath: metadata.uid
image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.9.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthz
port: healthz
name: manager
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
- containerPort: 9440
name: healthz
protocol: TCP
- containerPort: 8443
name: metrics
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: healthz
resources:
limits:
cpu: 500m
memory: 256Mi
requests:
cpu: 10m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
runAsGroup: 65532
runAsUser: 65532
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
serviceAccountName: rke2-control-plane-manager
terminationGracePeriodSeconds: 10
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
volumes:
- name: cert
secret:
secretName: rke2-control-plane-webhook-service-cert
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
labels:
cluster.x-k8s.io/provider: control-plane-rke2
name: rke2-control-plane-serving-cert
namespace: rke2-control-plane-system
spec:
dnsNames:
- rke2-control-plane-webhook-service.rke2-control-plane-system.svc
- rke2-control-plane-webhook-service.rke2-control-plane-system.svc.cluster.local
issuerRef:
kind: Issuer
name: rke2-control-plane-selfsigned-issuer
secretName: rke2-control-plane-webhook-service-cert
subject:
organizations:
- Rancher by SUSE
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
labels:
cluster.x-k8s.io/provider: control-plane-rke2
name: rke2-control-plane-selfsigned-issuer
namespace: rke2-control-plane-system
spec:
selfSigned: {}
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
labels:
cluster.x-k8s.io/provider: control-plane-rke2
name: rke2-control-plane-mutating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: rke2-control-plane-webhook-service
namespace: rke2-control-plane-system
path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-rke2controlplane
failurePolicy: Fail
name: mrke2controlplane.kb.io
rules:
- apiGroups:
- controlplane.cluster.x-k8s.io
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- rke2controlplanes
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: rke2-control-plane-webhook-service
namespace: rke2-control-plane-system
path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-rke2controlplanetemplate
failurePolicy: Fail
name: mrke2controlplanetemplate.kb.io
rules:
- apiGroups:
- controlplane.cluster.x-k8s.io
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- rke2controlplanetemplates
sideEffects: None
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
labels:
cluster.x-k8s.io/provider: control-plane-rke2
name: rke2-control-plane-validating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: rke2-control-plane-webhook-service
namespace: rke2-control-plane-system
path: /validate-controlplane-cluster-x-k8s-io-v1beta1-rke2controlplane
failurePolicy: Fail
name: vrke2controlplane.kb.io
rules:
- apiGroups:
- controlplane.cluster.x-k8s.io
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- rke2controlplanes
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: rke2-control-plane-webhook-service
namespace: rke2-control-plane-system
path: /validate-controlplane-cluster-x-k8s-io-v1beta1-rke2controlplanetemplate
failurePolicy: Fail
name: vrke2controlplanetemplate.kb.io
rules:
- apiGroups:
- controlplane.cluster.x-k8s.io
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- rke2controlplanetemplates
sideEffects: None
metadata: |
# maps release series of major.minor to cluster-api contract version
# the contract version may change between minor or major versions, but *not*
# between patch versions.
#
# update this file only when a new major or minor version is released
apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3
kind: Metadata
releaseSeries:
- major: 0
minor: 1
contract: v1beta1
- major: 0
minor: 2
contract: v1beta1
- major: 0
minor: 3
contract: v1beta1
- major: 0
minor: 4
contract: v1beta1
- major: 0
minor: 5
contract: v1beta1
- major: 0
minor: 6
contract: v1beta1
- major: 0
minor: 7
contract: v1beta1
- major: 0
minor: 8
contract: v1beta1
- major: 0
minor: 9
contract: v1beta1
kind: ConfigMap
metadata:
creationTimestamp: null
name: v0.9.0
namespace: rke2-control-plane-system
labels:
provider-components: rke2-control-plane