API Reference

API Reference
API GroupTypes
addons.kubernetes.vmware.com/v1alpha1Addon, AddonConfig, AddonConfigDefinition, AddonInstall, AddonRelease, AddonRepository, AddonRepositoryInstall, ClusterAddon, ServiceAccountExport
bootstrap.cluster.x-k8s.io/v1beta1KubeadmConfig, KubeadmConfigTemplate
bootstrap.cluster.x-k8s.io/v1beta2KubeadmConfig, KubeadmConfigTemplate
cluster.x-k8s.io/v1beta1Cluster, ClusterClass, Machine, MachineDeployment, MachineDrainRule, MachineHealthCheck, MachineSet
cluster.x-k8s.io/v1beta2Cluster, ClusterClass, Machine, MachineDeployment, MachineDrainRule, MachineHealthCheck, MachineSet
cni.tanzu.vmware.com/v1alpha1AntreaConfig, CalicoConfig
controlplane.cluster.x-k8s.io/v1beta1KubeadmControlPlane, KubeadmControlPlaneTemplate
controlplane.cluster.x-k8s.io/v1beta2KubeadmControlPlane, KubeadmControlPlaneTemplate
cpi.tanzu.vmware.com/v1alpha1KubevipCPIConfig, VSphereCPIConfig
csi.tanzu.vmware.com/v1alpha1VSphereCSIConfig
kubernetes.vmware.com/v1alpha1KubernetesRelease
run.tanzu.vmware.com/v1alpha3ClusterBootstrap, ClusterBootstrap, ClusterBootstrapTemplate, ClusterBootstrapTemplate, KappControllerConfig, OSImage, OSImage, TanzuKubernetesAddon, TanzuKubernetesCluster, TanzuKubernetesRelease, TanzuKubernetesRelease, TkgServiceConfiguration

addons.kubernetes.vmware.com/v1alpha1

Resource Types:

Addon

Addon represents a named add-on that can be installed on Kubernetes workload clusters. It provides catalog-level metadata (description, display name, icon). AddonInstall resources reference an Addon to control which clusters the add-on is deployed to.

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
AddonSpec
spec is the desired state of Addon.No

AddonConfig

AddonConfig provides a way to configure addon components with validation against predefined schemas. It supports multi-cluster deployment scenarios and provides comprehensive status reporting.

Example usage:

apiVersion: config.example.com/v1 kind: AddonConfig metadata: name: my-addon-config namespace: default spec: definitionRef: name: my-addon-definition namespace: my-acd-namespace clusterName: production-cluster values: replicas: 3 image: my-addon:v1.0.0

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
AddonConfigSpec
spec defines the desired state of AddonConfig. This includes the reference to the validation schema, target cluster, and configuration values.Yes
status
AddonConfigStatus
status defines the observed state of AddonConfig. This includes validation results, processing state, and references to generated resources.No

AddonConfigDefinition

AddonConfigDefinition is the Schema for the addonconfigdefinitions API. It defines how addon configurations should be processed, including input resource discovery, template processing, output resource creation, and required permissions.

This resource is used by addon management systems to define reusable configuration templates that can be applied across multiple clusters or namespaces.

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
AddonConfigDefinitionSpec
spec defines the desired state of AddonConfigDefinition.Yes

AddonInstall

AddonInstall is the Schema for the AddonInstalls API, used to deploy an addon across Kubernetes clusters.

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
AddonInstallSpec
spec is the desired state of AddonInstall.No
status
AddonInstallStatus
status is the observed state of AddonInstall.No

AddonRelease

AddonRelease is the Schema for the AddonRelease API.

Upgrade Workflow Summary:

1. Determine if upgrade is required: If the currently installed AddonRelease is incompatible with the TARGET cluster Kubernetes version, upgrade is required.

2. Determine WHEN to upgrade:

Compare the following constraints against the target cluster:

  • kubernetesVersionConstraints vs TARGET control-plane version
  • workerVersionConstraints vs TARGET worker version


Identify the earliest stage during upgrade when the target AddonRelease becomes compatible:

  • If incompatibility is detected in the first upgrade path of a
multi-step cluster upgrade, the AddonRelease is upgraded in the BeforeClusterUpgrade (BCU) stage.
  • If incompatibility is detected in a later upgrade path, the
AddonRelease is upgraded in that path’s BeforeControlPlaneUpgrade (BCPU) stage.
  • If incompatible with the target worker version during upgrade,
the AddonRelease is upgraded before worker upgrades.

Note: BeforeClusterUpgrade occurs only once per multi-step upgrade.

3. If no constraints are specified, upgrade occurs AfterClusterUpgrade.

Constraint Driven Upgrade Strategy Examples:

Example 1 — Addon has compatibility requirements with control plane:

kubernetesVersionConstraints defined per AddonRelease version:
  • v1.35 AddonRelease:
kubernetesVersionConstraints: "≥1.35.0 <1.36.0"
  • v1.36 AddonRelease:
kubernetesVersionConstraints: "≥1.36.0 <1.37.0"
  • v1.37 AddonRelease:
kubernetesVersionConstraints: "≥1.37.0"

During cluster upgrade from 1.34 to 1.35, the addon is upgraded before control plane is upgraded to 1.35, in the BeforeClusterUpgrade (BCU) stage.

During cluster upgrade from 1.34 to 1.37, the addon is upgraded in sequence to 1.35 before control plane is upgraded to 1.35 in the BCU stage, then to 1.36 before control plane is upgraded to 1.36 in the BCPU stage, then to 1.37 before control plane is upgraded to 1.37 in the BCPU stage.

Example 2 — Addon has compatibility requirement with kubelet (i.e. worker node version):

workerVersionConstraints: "≥1.37.0"

This AddonRelease requires worker version 1.37 or higher (e.g. addon supports only N+2 kubelet). The addon is upgraded when the target worker version reaches 1.37.

Example 3 — Addon has compatibility requirements with both the control plane and worker nodes:

kubernetesVersionConstraints: "≥1.36.0" workerVersionConstraints: "≥1.36.0"

Addon is upgraded at the first step where both target control plane and target worker version satisfy the constraints when upgrading to 1.36.

Example 4 — Addon has no constraints specified (both fields nil):

Addon is treated as forward-compatible. Upgrade occurs only after the cluster upgrade fully completes.

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
AddonReleaseSpec
spec is the desired state of AddonRelease.No

AddonRepository

AddonRepository is the Schema for the AddonRepository API, used to define either a PackageRepository or HelmRepository for workload clusters

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
AddonRepositorySpec
spec is the desired state of AddonRepository.Yes
status
AddonRepositoryStatus
status is the observed state of AddonRepository.No

AddonRepositoryInstall

AddonRepositoryInstall is the Schema for the AddonRepositories API, used to deploy an addon repository across multiple clusters that may span multiple namespaces

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
AddonRepositoryInstallSpec
spec is the desired state of AddonRepositoryInstall.Yes
status
AddonRepositoryInstallStatus
status is the observed state of AddonRepositoryInstall.No

ClusterAddon

ClusterAddon represents the per-cluster lifecycle state of a single add-on. One ClusterAddon is created for each (Cluster, Addon) pair that an AddonInstall selects. It tracks which AddonInstall and AddonRelease are currently active, drives the installation and upgrade of the add-on release on the workload cluster, and reports readiness via status conditions.

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
ClusterAddonSpec
spec is the desired state of ClusterAddon.No
status
ClusterAddonStatus
status is the observed state of ClusterAddon.No

ServiceAccountExport

ServiceAccountExport is used to export ServiceAccounts from the Supervisor to Kubernetes workload clusters.

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
ServiceAccountExportSpec
spec is the desired state of ServiceAccountExport.No

AddonConfigDefinitionSpec

AddonConfigDefinitionSpec defines the desired state of AddonConfigDefinition. It describes how to process and install an addon, including input resource discovery, template processing, and output resource configuration.

Appears in: AddonConfigDefinition

FieldDescriptionRequired
schema
CustomResourceValidation
schema describes the OpenAPI v3 schema used for validation, pruning, and defaulting of this version of the custom resource. This follows the same structure as CustomResourceDefinition schemas.

Validation: Type: object
Schemaless: {}

Yes
templateInputResources
[]TemplateInputResource
templateInputResources describes how to discover and reference resources that will be used as input during template processing. These resources provide the data context for rendering the addon configuration templates.

Validation: Maximum items: 32

No
templateOutputResources
[]TemplateOutputResource
templateOutputResources describes where and how to save the rendered template output. At least one output resource must be specified to define where the processed addon configuration should be stored.

Validation: Minimum items: 1
Maximum items: 64

Yes
addonInstallPermission
AddonInstallPermissionSpec
addonInstallPermission describes the required privileges to install the addonNo

AddonConfigSpec

AddonConfigSpec defines the desired state of AddonConfig. AddonConfig provides a way to configure addon with validation against a predefined schema.

Appears in: AddonConfig

FieldDescriptionRequired
addonConfigDefinitionRef
AddonConfigDefinitionRef
addonConfigDefinitionRef specifies the AddonConfigDefinition that this AddonConfig should be validated against. The referenced definition contains the JSON schema or other validation rules. If not specified, the AddonConfig will skip the reconciliation.No
clusterName
string
clusterName specifies the target cluster for this AddonConfig instance. This field is used to scope the addon configuration to a specific cluster in multi-cluster environments. If not specified, the AddonConfig will skip the reconciliation.

Validation: Maximum length: 63
Minimum length: 1

No
values
JSON
values contains the configuration data that will be validated against the schema defined in the referenced AddonConfigDefinition. This field holds the actual configuration values in JSON format that will be used to render and deploy the addon components. The structure and allowed values are determined by the schema in the AddonConfigDefinition.No

AddonConfigStatus

AddonConfigStatus defines the observed state of AddonConfig. This status provides information about the validation state, processing results, and any errors encountered.

Appears in: AddonConfig

FieldDescriptionRequired
conditions
[]Condition
conditions represent the current state of the AddonConfig resource. Standard condition types include "Ready", "Validated", and "Failed". Each condition provides information about a specific aspect of the resource's state and includes a status, reason, and message.

Validation: Maximum items: 64

No
clusterServiceAccount
string
clusterServiceAccount define the service account that created as the cluster identity

Validation: Minimum length: 1
Maximum length: 253

No
fieldErrors
[]FieldError
fieldErrors contains any schema validation errors found in the AddonConfig values. Each error specifies the field path, error type, and details about the validation failure. This field is populated when the values fail validation against the schema defined in the referenced AddonConfigDefinition.

Validation: Maximum items: 64

No
observedGeneration
int64
observedGeneration reflects the generation of the most recently observed AddonConfig spec. This is used by controllers to determine if the status needs to be updated based on spec changes.No
observedSchemaUID
UID
observedSchemaUID reflects the UID of the AddonConfigDefinition schema that was most recently used for validation. This helps track when schema changes require re-validation of the config.No
outputRef
[]TemplateOutputResource
outputRef describes the non-variadic resources that were generated from processing this AddonConfig. Variadic (renderForEach) outputs are summarised in outputVariadicSummary instead to keep this list bounded.

Validation: Maximum items: 32

No
outputVariadicSummary
[]VariadicOutputSummary
outputVariadicSummary summarises the groups of resources produced by variadic (renderForEach) output resource definitions. Each entry corresponds to one variadic output definition (see summaryID) and records the kind, apiVersion, and instance count, giving operators visibility into large label-driven output sets without bloating the object.

Validation: Maximum items: 64

No
outputHash
string
outputHash stores the hash of the current output, use the SHA256 and then output in hexadecimal format

Validation: Maximum length: 64
Minimum length: 64

No
outputLastUpdated
Time
outputLastUpdated records when the output was last updatedNo

AddonInstallSpec

AddonInstallSpec defines the desired state of AddonInstall

Appears in: AddonInstall

FieldDescriptionDefaultRequired
addonRef
AddonRef
addonRef is a reference for the Addon resource to install.

If addonRef doesn't exist, AddonInstall creation will fail. This field is immutable, but we allow mutation of addonRef.namespace from nil to 'vmware-system-vks-public' for backward-compatibility.
Yes
clusters
[]ClusterSelector
clusters defines which clusters to install the addon.

If crossNamespaceSelection is set to Allowed, AddonInstall can be used to select clusters across namespaces. Else, only clusters within AddonInstall's namespace will be selected. If clusters is empty and crossNamespaceSelection is blocked, the AddonInstall applies to all Clusters within its namespace. If clusters is empty and crossNamespaceSelection is Allowed, the AddonInstall applies to all Clusters across namespaces.

Example 1: Selects Clusters with label "stage" == "production" in all Namespaces or Clusters called prod-cluster in Namespaces with label "production", with crossNamespaceSelection Allowed

clusters:
  • selector:
matchExpressions:
  • key: stage
operator: In values:
  • production
  • selector:
matchLabels: cluster.x-k8s.io/cluster-name: prod-cluster namespaceSelector: matchExpressions:
  • key: production
operator: Exists crossNamespaceSelection: Allowed

Example 2: Select all Clusters with vKR v1.32.0 in its namespace

clusters:
  • selector:
matchExpressions:
  • key: run.tanzu.vmware.com/tkr
operator: In values:
  • v1.32.0---vmware.6-fips-vkr.2


Example 3: Select all Clusters that have cluster-autoscaler annotations, unless the cluster opt-outs using "addon.kubernetes.vmware.com/cluster-autoscaler:unmanaged" label

clusters:
  • selector: # Ignore all clusters with this labels
matchExpressions:
  • key: addon.kubernetes.vmware.com/cluster-autoscaler
operator: NotIn values:
  • unmanaged
# AND Select all clusters with this spec constraints: expression: 'cluster.mds().exists(md, md.Annotations.exists_one(k, k == "cluster.x-k8s.io/cluster-api-autoscaler-node-group-min-size")" && md.Annotations.exists_one(k, k == "cluster.x-k8s.io/cluster-api-autoscaler-node-group-max-size")"'

Validation: Maximum items: 32
entries in clusters must be unique

Yes
crossNamespaceSelection
CrossNamespacePolicy
crossNamespaceSelection controls whether this AddonInstall can apply to other namespaces.

Note, if crossNamespaceSelection is Blocked then namespace selector can't be set in clusters. CrossNamespaceSelection allows being able to select clusters across namespaces, without having to duplicate the AddonInstall in every namespace.

This field is immutable.

Validation: crossNamespaceSelection is immutable and cannot be changed during updates

BlockedNo
addonConfigNameTemplate
string
addonConfigNameTemplate contains a template for references to AddonConfig(s).

The referenced AddonConfig can contain values to be validated and marshaled with the AddonConfigDefinition for the selected AddonRelease.

If not set, AddonConfig will be created using "{{.cluster.name}}-{{.addon.name}}" naming and the namespace will be the cluster's namespace.

Note: AddonConfigNameTemplate should be unique per addon and cluster, which can be achieved by using a combination of "{{.addon.name}}" along with either of "{{.cluster.name}}" and/or "{{.cluster.uid}}" in the template.

This field is immutable and can't be modified.

Example 1: Provide per cluster configuration for Antrea addon

addonConfigNameTemplate: "{{.cluster.name}}-antrea"

Validation: Minimum length: 1
Maximum length: 256
addonConfigNameTemplate is immutable and cannot be changed during updates

No
releaseFilter
AddonReleasesFilter
releaseFilter allows picking a subset of AddonRelease(s) to install, from all that are available for the addon, based on addonName.

releaseFilter can select either single AddonReleases by ref or a subset using selector.

If releaseFilter is not specified, all the AddonReleases available for for the addon, based on addonName, will be selected.

If more than one AddonReleases are selected, the latest compatible version will be selected and if a newer compatible version is available during Cluster upgrade, the addon will be upgraded to the latest compatible version.

Example 1: Select all AddonRelease(s) for telegraf add-on

addonName: telegraf releaseFilter: nil

Example 2: Select a unique AddonRelease for secret-store add-on

addonName: secret-store releaseFilter: ref: "secret-store-1.32.8"

Example 3: Select a subset of AddonRelease for cluster-autoscaler add-on that are at minor version 1.32.x and pick the latest amongst them.

addonName: cluster-autoscaler releaseFilter: selector: matchLabels: addon.kubernetes.vmware.com/addon-release-major-version: "1" addon.kubernetes.vmware.com/addon-release-minor-version: "32"
No
paused
bool
paused when set to true will ignore all pending changes, once it set back to false, pending changes will be applied.No
stopMatchingBehavior
StopMatchingBehavior
stopMatchingBehavior indicates what should happen to the ClusterAddon and its managed output resources when this AddonInstall stops matching the cluster AND no other candidate AddonInstalls are available to manage the ClusterAddon.

This field only applies when the ClusterAddon would become completely unmanaged (no candidate AddonInstalls exist). If another AddonInstall becomes active, this field is not used.

Note: During cluster upgrades, all AddonInstalls will wait for a new candidate to appear to prevent race condition deletions, regardless of this field's value.

  • Delete (default): Wait during upgrades; outside upgrades, delete the ClusterAddon and
the AddonConfig owned by it (which in turn removes the output resources recorded in AddonConfig.status).

  • Retain: Continue managing the ClusterAddon even after this AddonInstall stops
matching, until a new candidate AddonInstall becomes active. The ClusterAddon will never be auto-deleted. This ensures continuous management and is useful for critical infrastructure addons (CNI, CSI, authentication) where any gap in management or deletion would be catastrophic.

  • OrphanOutputs: Delete the ClusterAddon and its AddonConfig the same way Delete does,
but leave the output resources tracked in AddonConfig.status (status.outputRef and status.outputVariadicSummary) intact instead of removing them. Useful when ownership of generated resources is being transferred or when the user wants to retire the AddonConfig while keeping the produced Secrets/ConfigMaps in place.
DeleteNo

AddonInstallStatus

AddonInstallStatus defines the observed state of AddonInstall

Appears in: AddonInstall

FieldDescriptionRequired
conditions
[]Condition
conditions define the current state of the AddonInstall, such as AddonReleasesAvailable, Validated, ClustersSelected, Paused, Reconciled

Validation: Maximum items: 32

No
availableAddonReleases
[]AvailableAddonRelease
availableAddonReleases represent the AddonReleases that are compatible with the AddonInstall and are available to be installed for this addon on the workload clusters.

Validation: Maximum items: 256

No

AddonReleaseSpec

AddonReleaseSpec defines the desired state of AddonRelease

Appears in: AddonRelease

FieldDescriptionRequired
addonRef
AddonRef
addonRef references the addon. This is used to group different AddonReleases for the same addon.Yes
version
string
version specifies semantic version (semver) of the AddonRelease. This version is used to order AddonReleases if more than one are selected.

Build metadata (e.g., +vmware.3-vks.1) IS considered in version comparisons to allow for an addonRelease's version to be based on the version of the software being distributed, while allowing multiple addonReleases based on a single version of that component. This means 0.13.0+vmware.5-vks.1 is considered greater than 0.13.0+vmware.3-vks.1.

Validation: Maximum length: 512
Minimum length: 1

Yes
package
Package
package specifies the ref name and version.

If this field is unset, no package will be deployed for this AddonRelease.

An AddonRelease should have package and/or definitionRef set.
No
addonConfigDefinitionRef
AddonConfigDefinitionRef
addonConfigDefinitionRef is the reference of the AddonConfigDefinition to be used for this AddonRelease.

If this field is unset, an AddonInstall for this AddonRelease will not be able to supply an AddonConfig, and no output resources will be rendered.

An AddonRelease should have package and/or definitionRef set.
No
kubernetesVersionConstraints
VersionConstraints
kubernetesVersionConstraints defines the Kubernetes versions for which this AddonRelease is compatible. During cluster upgrades, this is used to determine compatibility with the target Kubernetes versions.

If the cluster's current Kubernetes version doesn't meet the constraints, then this AddonRelease will not be deployed on the cluster.

During cluster upgrades, kubernetesVersionConstraints will be run against the target Kubernetes versions to determine if the AddonRelease will remain compatible. If the installed AddonRelease would become incompatible with the target Kubernetes version, the addon will be upgraded before the control plane. Together with workerVersionConstraints, this determines the earliest safe upgrade point in the overall cluster upgrade workflow. If both kubernetesVersionConstraints and workerVersionConstraints are nil, the addon would be upgraded after the cluster upgrade completes, if there are newer compatible versions.

See the AddonRelease type documentation for the complete upgrade workflow.

Example 1: Deploy this AddonRelease if k8s version is greater than 1.29: kubernetesVersionConstraints: '≥1.29.0' This means deploy when target is at 1.29.0 or higher before the control plane is upgraded

Example 2: Deploy this AddonRelease if k8s version is on 1.31.x kubernetesVersionConstraints: '≥1.31.0 <1.32.0' Note, in this example, the AddonRelease will need to be upgraded as part of cluster upgrade to 1.32 before the control plane is upgraded.
No
workerVersionConstraints
VersionConstraints
workerVersionConstraints specifies the target worker node version required for this AddonRelease to be deployed during upgrades. Constraints are checked against the TARGET worker version. Note: If the currently installed AddonRelease is incompatible with the TARGET worker version during cluster upgrade, the addon upgrade is triggered before workers are upgraded.

See the AddonRelease type documentation for the complete upgrade workflow.

Example: '≥1.33.0' means deploy when worker version target is 1.33.0+

If nil (and kubernetesVersionConstraints is also nil), the addon upgrade defaults to AfterClusterUpgrade behavior.
No
sourceVersionConstraints
VersionConstraints
sourceVersionConstraints specifies the source versions of AddonRelease from which this AddonRelease can be upgraded to.

If the addon is not already installed, sourceVersionConstraints will be ignored. During addon upgrades, sourceVersionConstraints will be used to determine if the upgrade is supported. sourceVersionConstraints is used from the target addonRelease (to be upgraded).

Example 1: Upgrade to the new v1.10 AddonRelease, only if the source version is 1.5.0 or higher.

sourceVersionConstraints: '≥1.5.0'
No
destinationVersionConstraints
VersionConstraints
destinationVersionConstraints specifies the destination versions of AddonRelease to which this AddonRelease can be upgraded from.

If the addon is not already installed, destinationVersionConstraints will be ignored. destinationVersionConstraints is used from the source addonRelease (already installed). During addon upgrades, destinationVersionConstraints will be used to determine if the upgrade is supported. destinationVersionConstraints is used from the source addonRelease (already installed).

Example 1: Upgrade from the new v1.30.3 AddonRelease, only if the destination version is 1.31.3 or higher.

destinationVersionConstraints: '≥1.31.3'
No
dependsOn
[]DependsOnAddon
dependsOn specifies a list of other addons that this AddonRelease depends on. AddonRelease install will check if all addons in DependsOn are installed on the Kubernetes cluster before installing.

Example: contour depends on cert-manager:

dependsOn:
  • addonRef:
name: cert-manager

Validation: Minimum items: 1
Maximum items: 32

No
upgradeStrategy
UpgradeStrategy
upgradeStrategy specifies when an AddonRelease should be upgraded during a cluster upgrade.

Deprecated behavior:
  • The stage field represents the legacy mechanism for selecting the
upgrade timing.
  • New behavior is driven by kubernetesVersionConstraints together with
workerVersionConstraints, which implicitly determines the correct upgrade stage.

New behavior (constraint-driven stage selection):
  • During a cluster upgrade, the currently installed AddonRelease is first
checked for compatibility with the TARGET cluster Kubernetes versions.
  • If the installed version is incompatible, the addon MUST be upgraded.
  • The exact point in the upgrade workflow where the upgrade occurs is
derived from kubernetesVersionConstraints and workerVersionConstraints
  • See the AddonRelease type documentation for the complete upgrade workflow.


Wait semantics:
  • wait controls whether the cluster upgrade process blocks until the
upgraded addon becomes ready.

upgradeStrategy is used from the target addonRelease (to be upgraded) during upgrades.

Examples: * cluster-autoscaler needs to be upgraded Before Cluster Upgrade and we should block the cluster upgrade waiting for addon to be ready.

`` upgradeStrategy: stage: "BeforeClusterUpgrade" wait: "TillReady" ``

* CPI needs to be upgraded Before Cluster Upgrade and shouldn't block the stage, since images will not be available.

`` upgradeStrategy: stage: "BeforeClusterUpgrade" ``
No

AddonRepositoryInstallSpec

AddonRepositoryInstallSpec defines the desired state of AddonRepositoryInstall

Appears in: AddonRepositoryInstall

FieldDescriptionRequired
addonRepositoryRef
AddonRepositoryRef
addonRepositoryRef is the ref of the AddonRepository Must be a valid AddonRepository ref (see AddonRepository CR for details)Yes

AddonRepositoryInstallStatus

AddonRepositoryInstallStatus defines the observed state of AddonRepositoryInstall

Appears in: AddonRepositoryInstall

FieldDescriptionRequired
conditions
[]Condition
conditions define the current state of the AddonRepositoryInstall

Validation: Maximum items: 32

No

AddonRepositorySpec

AddonRepositorySpec defines the desired state of AddonRepository

Appears in: AddonRepository

FieldDescriptionRequired
targetRepositoryName
string
targetRepositoryName defines the name of the repository that is to be created or updated in the cluster for this AddonRepository.

To manage or update the same Repository across multiple versions or sources (e.g., different versions or Fetch), multiple AddonRepository resources should share the same TargetRepositoryName. This ensures that updates are applied to the same Repository instance in the cluster rather than creating duplicates.

This field enables versioning and source switching logic while maintaining a consistent identity for the Repository resource deployed to clusters.

Validation: Minimum length: 1
Maximum length: 253

Yes
version
string
version of AddonRepository

Validation: Minimum length: 1
Maximum length: 253

Yes
fetch
AddonRepositoryFetch
fetch defines the fetch configuration for AddonRepository.Yes
addonFilters
[]AddonFilter
addonFilters specifies the Helm charts to be discovered and managed as Addon and AddonRelease resources. Note: Support for Carvel packages is not yet implemented and is planned for a future release.

Validation: Maximum items: 50

No

AddonRepositoryStatus

AddonRepositoryStatus defines the observed state of AddonRepository

Appears in: AddonRepository

FieldDescriptionRequired
conditions
[]Condition
conditions define the current state of the AddonRepository

Validation: Maximum items: 32

No

AddonSpec

AddonSpec defines the desired state of Addon

Appears in: Addon

FieldDescriptionRequired
description
string
description for the Addon.

Validation: Minimum length: 1
Maximum length: 2048

Yes
displayName
string
displayName is the human-friendly name for the addon.

Examples:
  • "Cert Manager"
  • "Antrea"
  • "External DNS"

Validation: Maximum length: 256
Minimum length: 1

No
icon
string
icon is a data URI representing the addon icon. Supports data URIs with base64 encoding (SVG and PNG only).

Examples:
  • SVG data URI: "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciLz4="
  • PNG data URI: "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNk+M9QDwADhgGAWjR9awAAAABJRU5ErkJggg=="

Validation: Minimum length: 1
Maximum length: 1048576
icon must be a data URI starting with 'data:image/svg+xml;base64,' or 'data:image/png;base64,'

No

ClusterAddonSpec

ClusterAddonSpec defines the desired state of ClusterAddon

Appears in: ClusterAddon

FieldDescriptionRequired
clusterName
string
clusterName is the name of the Cluster this object belongs to.

Validation: Minimum length: 1
Maximum length: 63

Yes
addonRef
AddonRef
addonRef is a reference to the Addon to be installed on the cluster.Yes
paused
bool
paused when set to true will stop the reconcile of the add-on for this cluster and pending changes will not be applied. Once it set back to false, pending changes will be applied.No

ClusterAddonStatus

ClusterAddonStatus defines the observed state of the installed addon for the cluster.

Appears in: ClusterAddon

FieldDescriptionRequired
conditions
[]Condition
conditions represents the observations of a ClusterAddon's current state. Known condition types are : AddonInstallConflict, AddonInstallSelected, DependenciesReady, Configured, Reconciled, Ready

Validation: Maximum items: 32

No
candidateAddonInstalls
[]ClusterAddonCandidateAddonInstall
candidateAddonInstalls represent the AddonInstalls that are compatible with the cluster and are available to be installed for this addon on the workload cluster.

Validation: Maximum items: 32

No
activeAddonInstall
AddonInstallRef
activeAddonInstall is used to indicate the selected candidateAddonInstalls that is managing this add-on.

If there are more than one candidateAddonInstalls, one of them is selected to manage this add-on as the activeAddonInstall and a ManagerConflict condition is set. If there is only one candidateAddonInstalls, then that will be used as the activeAddonInstall for the add-on. If there are no candidateAddonInstalls, then activeAddonInstall will be unset and unmanaged condition will be added.
No
releaseRef
AddonReleaseRef
releaseRef stores the last selected release for the manager.No
addonConfigName
string
addonConfigName is the name of the addonConfig for this ClusterAddon. Note, the namespace will be the same as the clusterAddon and Cluster.

Validation: Minimum length: 1
Maximum length: 253

No

ServiceAccountExportSpec

ServiceAccountExportSpec defines the desired state of ServiceAccountExport.

Appears in: ServiceAccountExport

FieldDescriptionRequired
clusterName
string
clusterName specifies the name of the Cluster for which the ServiceAccountExport needs to be realized.

Validation: Minimum length: 1
Maximum length: 63

Yes
rules
[]PolicyRule
rules specifies the privileges that need to be granted to the service account.

Validation: Maximum items: 32

No
serviceAccountTargetRef
ServiceAccountTargetRef
serviceAccountTargetRef specifies the secrets to be created in the target cluster.Yes
paused
bool
paused when set to true will stop the reconcile of the ServiceAccountExport and pending changes will not be applied. Once it set back to false, pending changes will be applied.No

AddonConfigDefinitionRef

AddonConfigDefinitionRef contains a reference to an AddonConfigDefinition resource.

Appears in: AddonConfigSpec, AddonReleaseSpec

FieldDescriptionRequired
name
string
name of the AddonConfigDefinition being referenced.

Validation: Minimum length: 1
Maximum length: 253

Yes
namespace
string
namespace of the AddonConfigDefinition being referenced.

Validation: Maximum length: 63
Minimum length: 1

Yes

AddonFilter

AddonFilter contains the details of the Addon and its AddonRelease(s) that should be discovered from the AddonRepository.

Appears in: AddonRepositorySpec

FieldDescriptionRequired
name
string
name of the Addon

Validation: Maximum length: 253
Minimum length: 1

Yes
versions
[]string
versions of AddonRelease

Validation: Minimum items: 1
Maximum items: 10
items:MaxLength: 512

Yes

AddonInstallPermissionSpec

AddonInstallPermissionSpec defines all the resource access rules for this addon.

Appears in: AddonConfigDefinitionSpec

FieldDescriptionRequired
accessPolicies
[]AccessPolicy
accessPolicies defines an array of access policies.

Validation: Maximum items: 32

No

AddonInstallRef

AddonInstallRef references an AddonInstall resource.

Appears in: ClusterAddonCandidateAddonInstall, ClusterAddonStatus

FieldDescriptionRequired
name
string
name of the AddonInstall being referenced.

Validation: Minimum length: 1
Maximum length: 253

Yes
namespace
string
namespace of the AddonInstall being referenced.

Validation: Minimum length: 1
Maximum length: 63

Yes

AddonRef

AddonRef references an Addon resource.

Appears in: AddonInstallSpec, AddonReleaseSpec, ClusterAddonSpec, DependsOnAddon

FieldDescriptionRequired
name
string
name of the addon being referenced

Validation: Maximum length: 253
Minimum length: 1

Yes
namespace
string
namespace of the addon being referenced

If not specified, will use the default public namespace defined by the addon manager.

Validation: Minimum length: 1
Maximum length: 63

No

AddonReleaseRef

AddonReleaseRef provides a reference to the addon release to be installed in a clusterAddon.

Appears in: AvailableAddonRelease, ClusterAddonStatus

FieldDescriptionRequired
name
string
name of the AddonRelease being referenced.

Validation: Minimum length: 1
Maximum length: 253

Yes
namespace
string
namespace of the AddonRelease being referenced.

Validation: Minimum length: 1
Maximum length: 253

Yes

AddonReleasesFilter

AddonReleasesFilter allows filtering AddonReleases by reference or labels.

Appears in: AddonInstallSpec

FieldDescriptionRequired
ref
AddonReleaseFilterRef
ref is used to select a specific AddonRelease using its name.

Note, either ref or selector should be specified and not both.
No
selector
LabelSelector
selector is a label selector which selects AddonRelease by their labels This field follows standard label selector semantics. If selector is empty, the install object creation will fail.

Note, either ref or selector should be specified and not both.

If selector selects more than one AddonRelease, the latest compatible version will be selected for install and during cluster upgrades the addon will be upgraded to the latest compatible AddonRelease.

Example 1: Select AddonRelease with version 1.32.8 for an add-on

selector: matchLabels: addon.kubernetes.vmware.com/addon-release-version: "1.32.8"

More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
No

AddonRepositoryFetch

AddonRepositoryFetch defines the fetch configuration for AddonRepository.

Appears in: AddonRepositorySpec

FieldDescriptionRequired
helmRepository
FetchHelmRepository
helmRepository specifies the Helm repository URL where the Helm charts are located.No
imgpkgBundle
FetchImgpkgBundle
imgpkgBundle pulls imgpkg bundle from Docker/OCI registryNo

AddonRepositoryRef

AddonRepositoryRef references an AddonRepository.

Appears in: AddonReleasesVersion, AddonRepositoryInstallSpec

FieldDescriptionRequired
name
string
name of the AddonRepository being referenced.

Validation: Minimum length: 1
Maximum length: 253

Yes
namespace
string
namespace of the AddonRepository being referenced.

Validation: Minimum length: 1
Maximum length: 63

Yes

AvailableAddonRelease

AvailableAddonRelease references an AddonRelease that is compatible with the AddonInstall and available for installation on selected workload clusters.

Appears in: AddonInstallStatus

FieldDescriptionRequired
observedGeneration
int64
observedGeneration is the latest generation of the AddonRelease observed by the controller. This is used by the controller to know if the AddonRelease has changed since the last reconcile.Yes

ClusterAddonCandidateAddonInstall

ClusterAddonCandidateAddonInstall references AddonInstalls that are available to manage this cluster addon.

Appears in: ClusterAddonStatus

FieldDescriptionRequired
observedGeneration
int64
observedGeneration is the latest generation of the AddonInstall observed by the controller. This is used by the controller to know if the AddonInstall has changed since the last reconcile.Yes

ClusterSelector

ClusterSelector defines to which Clusters this AddonInstall should be applied.

Appears in: AddonInstallSpec

FieldDescriptionRequired
selector
LabelSelector
selector is a label selector which selects Clusters by their labels. This field follows standard label selector semantics; if not present or empty, it selects all Clusters.

If namespaceSelector is also set, then the ClusterSelector as a whole selects Clusters matching Selector belonging to Namespaces selected by namespaceSelector. If namespaceSelector is not set, it selects all Clusters matching selector in all Namespaces.

More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
No
namespaceSelector
LabelSelector
namespaceSelector is a label selector which selects Clusters by the labels of their Namespaces.

Note, only if the AddonInstall has CrossNamespaceSelection Allowed, it can use namespaceSelector to select clusters across namespaces. Else, AddonInstall can only select clusters within its namespace and namespaceSelector will be ignored. and the AddonInstall can only select clusters within its namespace.

This field follows standard label selector semantics; if not present or empty, it selects Clusters across all Namespaces.

If Selector is also set, then the ClusterSelector as a whole selects Clusters matching Selector belonging to Namespaces selected by namespaceSelector. If Selector is not set, it selects all Clusters belonging to Namespaces selected by namespaceSelector.

More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
No
constraints
ClusterConstraints
constraints contains dynamic cluster constraints to ensure the addon is only deployed to cluster's that meet the requirement.No

CrossNamespacePolicy

CrossNamespacePolicy defines whether the AddonInstall can select clusters outside its namespace.

Appears in: AddonInstallSpec

DependsOnAddon

DependsOnAddon declares a dependency on another addon; this AddonRelease depends on and must be deployed on the workload cluster.

Appears in: AddonReleaseSpec

FieldDescriptionRequired
addonRef
AddonRef
addonRef contains the reference for the addon.Yes

FieldError

FieldError represents a validation error for a specific field in the AddonConfig values.

Appears in: AddonConfigStatus

FieldDescriptionRequired
field
string
field specifies the JSON path to the field that contains the error. This follows the standard JSON path notation (e.g., "spec.replicas", "spec.containers[0].image").

Validation: Minimum length: 1
Maximum length: 63

Yes
type
ErrorType
type indicates the machine-readable error type that provides more detail about why the field is invalid. These values correspond to the field.ErrorType enumeration and include types like "FieldValueRequired", "FieldValueInvalid", etc.Yes
detail
string
detail provides a human-readable description of the validation error. This message should be clear and actionable to help users understand and fix the issue.

Validation: Maximum length: 1024
Minimum length: 1

No
badValue
string
badValue contains the actual value that caused the validation error. This helps users identify exactly what was rejected. Complex values may be serialized to string representation.

Validation: Minimum length: 1
Maximum length: 63

No

Package

Package specifies the Carvel package reference (name and version) that backs an AddonRelease.

Appears in: AddonReleaseSpec

FieldDescriptionRequired
refName
string
refName specifies the name of the package corresponding to this release

Validation: Minimum length: 1
Maximum length: 253

Yes
version
string
version specifies version of the package corresponding to this release

Validation: Maximum length: 512
Minimum length: 1

Yes

ServiceAccountTargetRef

ServiceAccountTargetRef specifies the name and namespace of the secret to be created in the target cluster.

Appears in: ServiceAccountExportSpec

FieldDescriptionRequired
tokenSecretRef
ServiceAccountTokenSecretRef
tokenSecretRef specifies the name and namespace of the secret containing the generated service account token, which will be created in the target cluster.No
kubeconfigSecretRef
KubeconfigSecretRef
kubeconfigSecretRef specifies the name and namespace of the secret containing the generated kubeconfig yaml file, which will be created in the target cluster.No

StopMatchingBehavior

StopMatchingBehavior defines what happens to a ClusterAddon and its managed output resources when the AddonInstall stops matching the cluster and no other candidate AddonInstalls are available.

Appears in: AddonInstallSpec

TemplateInputResource

TemplateInputResource defines a named dependency resource that will be used during template processing. This resource will be fetched and made available to the template engine under the specified input name.

Appears in: AddonConfigDefinitionSpec

FieldDescriptionDefaultRequired
inputName
string
inputName defines the top-level name used when providing the referent for templating. This name will be used as the key to access the resource data within the template processing context.

Validation: Minimum length: 1
Maximum length: 253

Yes
apiVersion
string
apiVersion of the target referent resource. Must be a valid Kubernetes API version (e.g., "v1", "apps/v1").

Validation: Minimum length: 1
Maximum length: 317

Yes
kind
string
kind of the target referent resource. Must be a valid Kubernetes resource kind (e.g., "ConfigMap", "Secret", "Deployment").

Validation: Minimum length: 1
Maximum length: 63

Yes
name
string
name of the target referent resource. Mutually exclusive with the selector field. When specified, this value will be used for discovery.

The value may be a literal name or a Go template expression that references data from previously resolved TemplateInputResources via .Dependencies.<inputName> (dot-access) or index .Dependencies "<inputName>" (index-access, required for names containing hyphens). For example:

templateInputResources:
  • inputName: myConfigMap
apiVersion: v1 kind: ConfigMap name: my-config # resolved first (literal name)
  • inputName: mySecret
apiVersion: v1 kind: Secret name: "{{.Dependencies.myConfigMap.metadata.name}}-secret"

When cross-references are present, TemplateInputResources are automatically ordered by a topological sort so that each dependency is fully resolved before it is referenced. A circular dependency (including a self-reference) is rejected at admission time.

Validation: Minimum length: 1
Maximum length: 253

No
namespace
string
namespace of the target referent resource. If the scope is Cluster, the namespace is ignored. If the scope is Namespace, and if the namespace is not specified, the resource will be looked up in the same namespace as the Cluster.

Validation: Maximum length: 63
Minimum length: 1

No
scope
TypeScope
scope indicates whether the target resource is namespaced or cluster-scoped. When set to "Cluster", the resource will be looked up at cluster scope regardless of namespace. When set to "Namespace" (default), the resource will be looked up in the specified namespace.NamespaceNo
selector
LabelSelector
selector used to identify the referent resource using label selectors. Must identify exactly one resource to avoid ambiguity during template processing. Mutually exclusive with the explicit name field.

The matchLabels values and matchExpressions values may contain Go template expressions that reference data from previously resolved TemplateInputResources via .Dependencies.<inputName> or index .Dependencies "<inputName>", identical to the name field. Such cross-references are included in the topological sort, so circular dependencies in selector values are also rejected at admission time. For example:

selector: matchLabels: tier: "{{.Dependencies.appConfig.data.tier}}" matchExpressions:
  • key: zone
operator: In values:
  • '{{index .Dependencies "infra-config" "data" "zone"}}'
No
constraints
[]DependencyConstraint
constraints used to specify additional requirements for the target resource. These constraints are evaluated during resource discovery to ensure the referenced resource meets specific criteria before being used in templating. Supported constraint operators:
  • "unique" (omitting constraints): Requires exactly one matching resource. If the dependency is not available, reconciliation stops. This is the implicit behavior when no optional or multiple constraint is set; it is not specified as a constraint entry.
  • "optional": Allows dependency resolution to continue when target is not found
  • "multiple": Allows matching multiple resources, storing them as an array in template context

Validation: Maximum items: 16

No

TemplateOutputResource

TemplateOutputResource defines where and how to persist the rendered template output. The output can be stored either in the supervisor cluster or in the target workload cluster.

Appears in: AddonConfigDefinitionSpec, AddonConfigStatus

FieldDescriptionRequired
supervisorNamespaceOutput
SupervisorNamespaceOutput
supervisorNamespaceOutput specifies that the rendered configuration should be persisted as a resource within the supervisor cluster namespace.No
targetClusterOutput
TargetClusterOutput
targetClusterOutput specifies that the rendered configuration should be persisted as a resource within the target workload cluster.No
template
string
template defines the Kubernetes resource template for output manifest generation. This field only needs the resource specification (excluding TypeMeta and ObjectMeta) as the GVK, Name, and Namespace are already handled in the SupervisorNamespaceOutput or TargetClusterOutput structure. The template supports CEL expressions that can be populated with values from:
  • AddonConfig.values: Configuration values from the addon
  • TemplateInputResource: metadata from input sources
Example CEL expressions: ${values.arguments.paused}, ${cluster.Name}

Validation: Maximum length: 32768

Yes
renderForEach
RenderForEach
renderForEach enables variadic output generation by referencing an input resource with the "multiple" constraint. When set, this output resource will be instantiated once for each item in the referenced input array. A single renderForEach input produces at most 64 output instances.No

UpgradeStrategy

UpgradeStrategy specifies when to upgrade addon during cluster upgrade.

Appears in: AddonReleaseSpec

FieldDescriptionRequired
stage
ClusterUpgradeStage
stage specifies the stage to perform addon upgrade. Deprecated: stage is deprecated since v1alpha1 and will be removed in a future version. Use kubernetesVersionConstraints and workerVersionConstraints instead.No
wait
WaitStrategy
wait specifies whether to wait for the addon to be ready or not.No

VariadicOutputSummary

VariadicOutputSummary summarises all instances produced by a single variadic (renderForEach) output resource definition, instead of listing each instance individually in OutputRef. This keeps the AddonConfig object small even when hundreds of resources are generated from a label-selected input.

Appears in: AddonConfigStatus

FieldDescriptionDefaultRequired
summaryID
string
summaryID uniquely identifies this summary row. The controller sets it to a short stable encoding (base64url(SHA-256)) of the canonical grouping key: renderForEach inputName plus TemplateOutputResource.Key(). This distinguishes multiple variadic outputs that share the same inputName. It is the list map key for outputVariadicSummary (Server-Side Apply merges per entry).

Validation: Maximum length: 64
Minimum length: 1

Yes
inputName
string
inputName is the RenderForEach.InputName that produced these instances, matching the TemplateInputResource.InputName in the AddonConfigDefinition.

Validation: Maximum length: 253
Minimum length: 1

Yes
apiVersion
string
apiVersion of the generated output resources (e.g. "v1", "apps/v1").

Validation: Minimum length: 1
Maximum length: 317

Yes
kind
string
kind of the generated output resources (e.g. "Secret", "ConfigMap").

Validation: Maximum length: 63
Minimum length: 1

Yes
namespace
string
namespace is where the generated instances are stored. For Supervisor outputTarget this is the AddonConfig namespace. For TargetCluster outputTarget it matches TemplateOutputResource.TargetClusterOutput.Namespace and may be empty for cluster-scoped resources.

Validation: Maximum length: 63
Minimum length: 1

No
desiredCount
int32
desiredCount is the total number of instances that the controller attempted to create or update in the most recent reconciliation, equal to the length of the referenced input array.

Validation: Minimum: 0

Yes
successCount
int32
successCount is the number of instances that were successfully created or updated in the most recent reconciliation.

Validation: Minimum: 0

Yes
pendingDeletionCount
int32
pendingDeletionCount is the number of instances that still exist after a deletion attempt. It is set only during the delete path when cleanup is partially complete. During normal create/update reconciliation this field is nil.

Validation: Minimum: 0

No
outputTarget
VariadicOutputTarget
outputTarget indicates where the instances reside: Supervisor (supervisor namespace) or TargetCluster (workload cluster).Yes
referenceType
OutputReferenceType
referenceType specifies how this output is consumed by the addon system. When set to "ValuesRef", the configuration values will be consumed through PackageInstalls. When set to "Direct", the configuration is applied directly to the target cluster as a standalone resource. if the kind is not a secret, then the referenceType will be ignored.ValuesRefNo

VersionConstraints

VersionConstraints allows specifying version constraints Example: Check if version is between [1.27,1.28) '≥1.27.0 <1.28.0'

Appears in: AddonReleaseSpec

AccessPolicy

AccessPolicy defines the resource access rules on the target namespace. If the target namespace is not specified, the rules apply to the namespace of the consuming Cluster.

Appears in: AddonInstallPermissionSpec

FieldDescriptionRequired
order
int32
order is the order of the policy. Defining order can help to maintain the policies especially when handling upgrade.Yes
targetNamespace
string
targetNamespace is the namespace to create the Role and RoleBinding based on the Rules. If not specified, the rules apply to the namespace of the consuming Cluster.

Validation: Minimum length: 1
Maximum length: 63

No
rules
[]PolicyRule
rules specifies the privileges that need to be granted to the service account.

Validation: Maximum items: 32

No

AddonReleaseFilterRef

AddonReleaseFilterRef provides a reference to the AddonRelease to select for the AddonInstall.

Appears in: AddonReleasesFilter

FieldDescriptionRequired
name
string
name of the AddonRelease being referenced.

Validation: Minimum length: 1
Maximum length: 253

Yes
namespace
string
namespace of the AddonRelease being referenced.

If not specified, will use the default public namespace defined by the addon manager.

Validation: Maximum length: 63
Minimum length: 1

No

ClusterConstraints

ClusterConstraints defines constraints for deploying AddonRelease to clusters.

Appears in: ClusterSelector

FieldDescriptionRequired
expression
string
expression allows to define criteria for restricting the list of Clusters where addon should be deployed.

expression is defined using Common Expression Language (CEL). CEL expressions have access to the Cluster object (see: https://github.com/google/cel-spec)

For example to check if there are Windows machine deployments in a cluster.

Example 1: Check cluster has Window worker nodes:
  • expression: 'cluster.mds().exists(md, md.Annotations[k].contains("os-type=windows"))'


Example 2: Check cluster has opted in to cluster autoscaler
  • expression: 'cluster.mds().exists(md,
md.Annotations.exists_one(k, k == "cluster.x-k8s.io/cluster-api-autoscaler-node-group-min-size")" && md.Annotations.exists_one(k, k == "cluster.x-k8s.io/cluster-api-autoscaler-node-group-max-size")"'

Example 3: Check cluster is on k8s version v1.31.x and has variable called CNI set to antrea
  • expression: 'version_in_range(cluster.version(), "≥1.31.0 <1.32.0") && cluster.variables().exists(v, v.name == cni && v.value == antrea)'

Validation: Minimum length: 1
Maximum length: 1024

No

ClusterUpgradeStage

ClusterUpgradeStage defines the stage during cluster upgrade.

Appears in: UpgradeStrategy

DependencyConstraint

DependencyConstraint defines a constraint that must be satisfied by a dependency resource.

Appears in: TemplateInputResource

FieldDescriptionRequired
operator
string
operator specifies the constraint operator for this dependency input. Valid values are "unique", "optional", and "multiple".

  • "unique": Requires exactly one matching resource; if the dependency is not available, reconciliation stops.
Equivalent to omitting constraints; explicit "unique" is optional and documents intent.
  • "optional": Allows dependency resolution to continue when the dependency resource is not found
(e.g. when the source differs by infrastructure topology: VDS, NSX-T, VPC, etc.).
  • "multiple": Allows multiple matches; results are stored as an array in the template context,
typically with a label selector to select all matching resources.

Validation: Allowed values: optional, multiple, unique
Minimum length: 1
Maximum length: 63

Yes

FetchHelmRepository

FetchHelmRepository defines the configuration for fetching the Helm repository that contains the Helm charts.

Appears in: AddonRepositoryFetch

FieldDescriptionRequired
url
string
url is the Helm repository URL

Validation: Maximum length: 512
Minimum length: 1

Yes

FetchImgpkgBundle

FetchImgpkgBundle defines the imgpkg bundle fetch configuration for AddonRepository.

Appears in: AddonRepositoryFetch

FieldDescriptionRequired
imageURL
string
imageURL is the imgpkg bundle url used to fetch the corresponding PackageRepository

Validation: Minimum length: 1
Maximum length: 512

Yes

KubeconfigSecretRef

KubeconfigSecretRef specifies the name and namespace of the secret in the target cluster where the secret containing the generated kubeconfig yaml file.

Appears in: ServiceAccountTargetRef

FieldDescriptionRequired
name
string
name is the name of the secret in the target cluster that contains the generated kubeconfig yaml file based on the service account token.

Validation: Minimum length: 1
Maximum length: 253

Yes
namespace
string
namespace is the namespace of the secret in the target cluster that contains the generated kubeconfig yaml file based on the service account token.

Validation: Minimum length: 1
Maximum length: 63

Yes

OutputReferenceType

OutputReferenceType specifies how a rendered output resource is consumed by the addon system.

Appears in: SupervisorNamespaceOutput, TargetClusterOutput, VariadicOutputSummary

RenderForEach

RenderForEach specifies how to iterate over an input to generate multiple outputs.

Appears in: TemplateOutputResource

FieldDescriptionRequired
inputName
string
inputName references a TemplateInputResource.inputName with the "multiple" constraint.

Validation: Minimum length: 1
Maximum length: 253

Yes

ServiceAccountTokenSecretRef

ServiceAccountTokenSecretRef specifies the name and namespace of the secret in the target cluster where the secret containing the generated service account.

Appears in: ServiceAccountTargetRef

FieldDescriptionRequired
name
string
name is the name of the secret in the target cluster where the secret containing the generated service account token needs to be created.

Validation: Minimum length: 1
Maximum length: 253

Yes
namespace
string
namespace is the namespace of the secret in the target cluster where the secret containing the generated service account token needs to be created.

Validation: Minimum length: 1
Maximum length: 63

Yes

SupervisorNamespaceOutput

supervisorNamespaceOutput defines the resource metadata for persisting the rendered configuration as a resource into the addon's namespace of supervisor cluster.

Appears in: TemplateOutputResource

FieldDescriptionDefaultRequired
apiVersion
string
apiVersion of the output resource. Must be a valid Kubernetes API version (e.g., "v1", "apps/v1").

Validation: Maximum length: 317
Minimum length: 1

Yes
kind
string
kind of the output resource. Must be a valid Kubernetes resource kind (e.g., "ConfigMap", "Secret").

Validation: Minimum length: 1
Maximum length: 63

Yes
name
string
name of the output resource.

Validation: Minimum length: 1
Maximum length: 253

Yes
referenceType
OutputReferenceType
referenceType specifies how this output is consumed by the addon system. When set to "ValuesRef", the configuration values will be consumed through PackageInstalls. When set to "Direct", the configuration is applied directly to the supervisor cluster as a standalone resource. if the kind is not a secret, then the referenceType will be ignored.DirectNo

TargetClusterOutput

TargetClusterOutput defines the resource metadata for persisting the rendered configuration as a resource within the target workload cluster. This is typically used for configuration that needs to be directly accessible to workload components.

Appears in: TemplateOutputResource

FieldDescriptionDefaultRequired
apiVersion
string
apiVersion of the output resource. Must be a valid Kubernetes API version (e.g., "v1", "apps/v1").

Validation: Minimum length: 1
Maximum length: 317

Yes
kind
string
kind of the output resource. Must be a valid Kubernetes resource kind (e.g., "ConfigMap", "Secret").

Validation: Minimum length: 1
Maximum length: 63

Yes
name
string
name of the output resource.

Validation: Minimum length: 1
Maximum length: 253

Yes
namespace
string
namespace of the output resource. If it is a cluster-scoped resource, the empty Namespace is allowed, otherwise Namespace must have value.

Validation: Minimum length: 1
Maximum length: 63

No
scope
TypeScope
scope indicates whether the scope of the output resource. If it is a cluster-scoped resource, the empty Namespace is allowed, otherwise Namespace must have value.NamespaceNo
referenceType
OutputReferenceType
referenceType specifies how this output is consumed by the addon system. When set to "ValuesRef", the configuration values will be consumed through PackageInstalls. When set to "Direct", the configuration is applied directly to the target cluster as a standalone resource. if the kind is not a secret, then the referenceType will be ignored.ValuesRefNo

TypeScope

TypeScope indicates whether a Kubernetes resource is namespace-scoped or cluster-scoped.

Appears in: TargetClusterOutput, TemplateInputResource

VariadicOutputTarget

VariadicOutputTarget indicates where the variadic output instances reside.

Appears in: VariadicOutputSummary

WaitStrategy

WaitStrategy defines the available wait strategies for addon readiness during cluster upgrades

Appears in: UpgradeStrategy

AddonReleasesVersion

AddonReleasesVersion references a specific version of AddonRelease and its related AddonRepositories.

Appears in: AddonStatus

FieldDescriptionRequired
version
string
version specifies semantic version (semver) of the AddonRelease. See AddonRelease resource for more details.

Validation: Minimum length: 1
Maximum length: 512

Yes
addonRepositories
[]AddonRepositoryRef
addonRepositories contains references to AddonRepositories that provide this version of the AddonRelease.

addonRepositories can be empty or have one or many AddonRepositories that provide a single version. If addonRepositories is empty, that means the AddonRelease does not require an AddonRepository. This is the case when the AddonRelease is provided by a Kubernetes-Release or another controller.

If addonRepositories contains one or more, then to consume this version of the AddonRelease, the Kubernetes cluster must have one of these AddonRepositories installed using the AddonRepositoryInstall.

Validation: Maximum items: 64
entries in addonRepositories must be unique

No

bootstrap.cluster.x-k8s.io/v1beta1

Resource Types:

KubeadmConfig

KubeadmConfig is the Schema for the kubeadmconfigs API.

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
KubeadmConfigSpec
spec is the desired state of KubeadmConfig.No
status
KubeadmConfigStatus
status is the observed state of KubeadmConfig.No

KubeadmConfigTemplate

KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates API.

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
KubeadmConfigTemplateSpec
spec is the desired state of KubeadmConfigTemplate.No

KubeadmConfigSpec

KubeadmConfigSpec defines the desired state of KubeadmConfig. Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined.

Appears in: KubeadmConfig, KubeadmConfigTemplateResource

FieldDescriptionRequired
clusterConfiguration
ClusterConfiguration
clusterConfiguration along with InitConfiguration are the configurations necessary for the init commandNo
initConfiguration
InitConfiguration
initConfiguration along with ClusterConfiguration are the configurations necessary for the init commandNo
joinConfiguration
JoinConfiguration
joinConfiguration is the kubeadm configuration for the join commandNo
files
[]File
files specifies extra files to be passed to user_data upon creation.

Validation: Maximum items: 200

No
diskSetup
DiskSetup
diskSetup specifies options for the creation of partition tables and file systems on devices.No
mounts
[]MountPoints
mounts specifies a list of mount points to be setup.

Validation: Maximum items: 100

No
bootCommands
[]string
bootCommands specifies extra commands to run very early in the boot process via the cloud-init bootcmd module. bootcmd will run on every boot, 'cloud-init-per' command can be used to make bootcmd run exactly once. This is typically run in the cloud-init.service systemd unit. This has no effect in Ignition.

Validation: Maximum items: 1000
items:MinLength: 1
items:MaxLength: 10240

No
preKubeadmCommands
[]string
preKubeadmCommands specifies extra commands to run before kubeadm runs. With cloud-init, this is prepended to the runcmd module configuration, and is typically executed in the cloud-final.service systemd unit. In Ignition, this is prepended to /etc/kubeadm.sh.

Validation: items:MinLength: 1
items:MaxLength: 10240
Maximum items: 1000

No
postKubeadmCommands
[]string
postKubeadmCommands specifies extra commands to run after kubeadm runs. With cloud-init, this is appended to the runcmd module configuration, and is typically executed in the cloud-final.service systemd unit. In Ignition, this is appended to /etc/kubeadm.sh.

Validation: Maximum items: 1000
items:MinLength: 1
items:MaxLength: 10240

No
users
[]User
users specifies extra users to add

Validation: Maximum items: 100

No
ntp
NTP
ntp specifies NTP configurationNo
format
Format
format specifies the output format of the bootstrap dataNo
verbosity
int32
verbosity is the number for the kubeadm log level verbosity. It overrides the --v flag in kubeadm commands.No
useExperimentalRetryJoin
bool
useExperimentalRetryJoin replaces a basic kubeadm command with a shell script with retries for joins.

This is meant to be an experimental temporary workaround on some environments where joins fail due to timing (and other issues). The long term goal is to add retries to kubeadm proper and use that functionality.

This will add about 40KB to userdata

For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.

Deprecated: This experimental fix is no longer needed and this field will be removed in a future release. When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml
No
ignition
IgnitionSpec
ignition contains Ignition specific configuration.No

KubeadmConfigStatus

KubeadmConfigStatus defines the observed state of KubeadmConfig.

Appears in: KubeadmConfig

FieldDescriptionRequired
ready
bool
ready indicates the BootstrapData field is ready to be consumedNo
dataSecretName
string
dataSecretName is the name of the secret that stores the bootstrap data script.

Validation: Minimum length: 1
Maximum length: 253

No
failureReason
string
failureReason will be set on non-retryable errors

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.

Validation: Minimum length: 1
Maximum length: 256

No
failureMessage
string
failureMessage will be set on non-retryable errors

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.

Validation: Minimum length: 1
Maximum length: 10240

No
observedGeneration
int64
observedGeneration is the latest generation observed by the controller.No
conditions
Conditions
conditions defines current service state of the KubeadmConfig.No
v1beta2
KubeadmConfigV1Beta2Status
v1beta2 groups all the fields that will be added or modified in KubeadmConfig's status with the V1Beta2 version.No

KubeadmConfigTemplateSpec

KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate.

Appears in: KubeadmConfigTemplate

FieldDescriptionRequired
template
KubeadmConfigTemplateResource
template defines the desired state of KubeadmConfigTemplate.Yes

ClusterConfiguration

ClusterConfiguration contains cluster-wide configuration for a kubeadm cluster.

Appears in: KubeadmConfigSpec

FieldDescriptionRequired
etcd
Etcd
etcd holds configuration for etcd. NB: This value defaults to a Local (stacked) etcdNo
networking
Networking
networking holds configuration for the networking topology of the cluster. NB: This value defaults to the Cluster object spec.clusterNetwork.No
kubernetesVersion
string
kubernetesVersion is the target version of the control plane. NB: This value defaults to the Machine object spec.version

Validation: Minimum length: 1
Maximum length: 256

No
controlPlaneEndpoint
string
controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint is specified but without a TCP port, the BindPort is used. Possible usages are: e.g. In a cluster with more than one control plane instances, this field should be assigned the address of the external load balancer in front of the control plane instances. e.g. in environments with enforced node recycling, the ControlPlaneEndpoint could be used for assigning a stable DNS to the control plane. NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.

Validation: Minimum length: 1
Maximum length: 512

No
apiServer
APIServer
apiServer contains extra settings for the API server control plane componentNo
controllerManager
ControlPlaneComponent
controllerManager contains extra settings for the controller manager control plane componentNo
scheduler
ControlPlaneComponent
scheduler contains extra settings for the scheduler control plane componentNo
dns
DNS
dns defines the options for the DNS add-on installed in the cluster.No
certificatesDir
string
certificatesDir specifies where to store or look for all required certificates. NB: if not provided, this will default to /etc/kubernetes/pki

Validation: Minimum length: 1
Maximum length: 512

No
imageRepository
string
imageRepository sets the container registry to pull images from. * If not set, the default registry of kubeadm will be used, i.e. * registry.k8s.io (new registry): ≥ v1.22.17, ≥ v1.23.15, ≥ v1.24.9, ≥ v1.25.0 * k8s.gcr.io (old registry): all older versions Please note that when imageRepository is not set we don't allow upgrades to versions ≥ v1.22.0 which use the old registry (k8s.gcr.io). Please use a newer patch version with the new registry instead (i.e. ≥ v1.22.17, ≥ v1.23.15, ≥ v1.24.9, ≥ v1.25.0). * If the version is a CI build (kubernetes version starts with ci/ or ci-cross/) gcr.io/k8s-staging-ci-images will be used as a default for control plane components and for kube-proxy, while registry.k8s.io will be used for all the other images.

Validation: Minimum length: 1
Maximum length: 512

No
featureGates
map[string]bool
featureGates enabled by the user.No
certificateValidityPeriodDays
int32
certificateValidityPeriodDays specifies the validity period for non-CA certificates generated by kubeadm. If not specified, kubeadm will use a default of 365 days (1 year). This field is only supported with Kubernetes v1.31 or above.

Validation: Minimum: 1
Maximum: 1095

No
caCertificateValidityPeriodDays
int32
caCertificateValidityPeriodDays specifies the validity period for CA certificates generated by Cluster API. If not specified, Cluster API will use a default of 3650 days (10 years). This field cannot be modified.

Validation: Minimum: 1
Maximum: 36500

No
encryptionAlgorithm
EncryptionAlgorithmType
encryptionAlgorithm holds the type of asymmetric encryption algorithm used for keys and certificates. Can be one of "RSA-2048", "RSA-3072", "RSA-4096", "ECDSA-P256" or "ECDSA-P384". For Kubernetes 1.34 or above, "ECDSA-P384" is supported. If not specified, Cluster API will use RSA-2048 as default. When this field is modified every certificate generated afterward will use the new encryptionAlgorithm. Existing CA certificates and service account keys are not rotated. This field is only supported with Kubernetes v1.31 or above.No
clusterName
string
clusterName is the cluster name

Validation: Minimum length: 1
Maximum length: 63

No

DiskSetup

DiskSetup defines input for generated disk_setup and fs_setup in cloud-init.

Appears in: KubeadmConfigSpec

FieldDescriptionRequired
partitions
[]Partition
partitions specifies the list of the partitions to setup.

Validation: Maximum items: 100

No
filesystems
[]Filesystem
filesystems specifies the list of file systems to setup.

Validation: Maximum items: 100

No

File

File defines the input for generating write_files in cloud-init.

Appears in: KubeadmConfigSpec

FieldDescriptionRequired
path
string
path specifies the full path on disk where to store the file.

Validation: Minimum length: 1
Maximum length: 512

Yes
owner
string
owner specifies the ownership of the file, e.g. "root:root".

Validation: Minimum length: 1
Maximum length: 256

No
permissions
string
permissions specifies the permissions to assign to the file, e.g. "0640".

Validation: Minimum length: 1
Maximum length: 16

No
encoding
Encoding
encoding specifies the encoding of the file contents.No
append
bool
append specifies whether to append Content to existing file if Path exists.No
content
string
content is the actual content of the file.

Validation: Minimum length: 1
Maximum length: 10240

No
contentFrom
FileSource
contentFrom is a referenced source of content to populate the file.No

Format

Format specifies the output format of the bootstrap data

Appears in: KubeadmConfigSpec

IgnitionSpec

IgnitionSpec contains Ignition specific configuration.

Appears in: KubeadmConfigSpec

FieldDescriptionRequired
containerLinuxConfig
ContainerLinuxConfig
containerLinuxConfig contains CLC specific configuration.No

InitConfiguration

InitConfiguration contains a list of elements that is specific "kubeadm init"-only runtime information.

Appears in: KubeadmConfigSpec

FieldDescriptionRequired
bootstrapTokens
[]BootstrapToken
bootstrapTokens is respected at kubeadm init time and describes a set of Bootstrap Tokens to create. This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature

Validation: Maximum items: 100

No
nodeRegistration
NodeRegistrationOptions
nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. When used in the context of control plane nodes, NodeRegistration should remain consistent across both InitConfiguration and JoinConfigurationNo
localAPIEndpoint
APIEndpoint
localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process fails you may set the desired value here.No
skipPhases
[]string
skipPhases is a list of phases to skip during command execution. The list of phases can be obtained with the "kubeadm init --help" command. This option takes effect only on Kubernetes ≥1.22.0.

Validation: Maximum items: 50
items:MinLength: 1
items:MaxLength: 256

No
patches
Patches
patches contains options related to applying patches to components deployed by kubeadm during "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22No

JoinConfiguration

JoinConfiguration contains elements describing a particular node.

Appears in: KubeadmConfigSpec

FieldDescriptionRequired
nodeRegistration
NodeRegistrationOptions
nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. When used in the context of control plane nodes, NodeRegistration should remain consistent across both InitConfiguration and JoinConfigurationNo
caCertPath
string
caCertPath is the path to the SSL certificate authority used to secure comunications between node and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". TODO: revisit when there is defaulting from k/k

Validation: Minimum length: 1
Maximum length: 512

No
discovery
Discovery
discovery specifies the options for the kubelet to use during the TLS Bootstrap process TODO: revisit when there is defaulting from k/kNo
controlPlane
JoinControlPlane
controlPlane defines the additional control plane instance to be deployed on the joining node. If nil, no additional control plane instance will be deployed.No
skipPhases
[]string
skipPhases is a list of phases to skip during command execution. The list of phases can be obtained with the "kubeadm init --help" command. This option takes effect only on Kubernetes ≥1.22.0.

Validation: Maximum items: 50
items:MinLength: 1
items:MaxLength: 256

No
patches
Patches
patches contains options related to applying patches to components deployed by kubeadm during "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22No

KubeadmConfigTemplateResource

KubeadmConfigTemplateResource defines the Template structure.

Appears in: KubeadmConfigTemplateSpec

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
KubeadmConfigSpec
spec is the desired state of KubeadmConfig.No

KubeadmConfigV1Beta2Status

KubeadmConfigV1Beta2Status groups all the fields that will be added or modified in KubeadmConfig with the V1Beta2 version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.

Appears in: KubeadmConfigStatus

FieldDescriptionRequired
conditions
[]Condition
conditions represents the observations of a KubeadmConfig's current state. Known condition types are Ready, DataSecretAvailable, CertificatesAvailable.

Validation: Maximum items: 32

No

MountPoints

MountPoints defines input for generated mounts in cloud-init.

Appears in: KubeadmConfigSpec

NTP

NTP defines input for generated ntp in cloud-init.

Appears in: KubeadmConfigSpec

FieldDescriptionRequired
servers
[]string
servers specifies which NTP servers to use

Validation: items:MaxLength: 512
Maximum items: 100
items:MinLength: 1

No
enabled
bool
enabled specifies whether NTP should be enabledNo

User

User defines the input for a generated user in cloud-init.

Appears in: KubeadmConfigSpec

FieldDescriptionRequired
name
string
name specifies the user name

Validation: Minimum length: 1
Maximum length: 256

Yes
gecos
string
gecos specifies the gecos to use for the user

Validation: Minimum length: 1
Maximum length: 256

No
groups
string
groups specifies the additional groups for the user

Validation: Minimum length: 1
Maximum length: 256

No
homeDir
string
homeDir specifies the home directory to use for the user

Validation: Minimum length: 1
Maximum length: 256

No
inactive
bool
inactive specifies whether to mark the user as inactiveNo
shell
string
shell specifies the user's shell

Validation: Minimum length: 1
Maximum length: 256

No
passwd
string
passwd specifies a hashed password for the user

Validation: Minimum length: 1
Maximum length: 256

No
passwdFrom
PasswdSource
passwdFrom is a referenced source of passwd to populate the passwd.No
primaryGroup
string
primaryGroup specifies the primary group for the user

Validation: Minimum length: 1
Maximum length: 256

No
lockPassword
bool
lockPassword specifies if password login should be disabledNo
sudo
string
sudo specifies a sudo role for the user

Validation: Maximum length: 256
Minimum length: 1

No
sshAuthorizedKeys
[]string
sshAuthorizedKeys specifies a list of ssh authorized keys for the user

Validation: Maximum items: 100
items:MinLength: 1
items:MaxLength: 2048

No

APIEndpoint

APIEndpoint struct contains elements of API server instance deployed on a node.

Appears in: ClusterStatus, InitConfiguration, JoinControlPlane

FieldDescriptionRequired
advertiseAddress
string
advertiseAddress sets the IP address for the API server to advertise.

Validation: Minimum length: 1
Maximum length: 39

No
bindPort
int32
bindPort sets the secure port for the API Server to bind to. Defaults to 6443.No

APIServer

APIServer holds settings necessary for API server deployments in the cluster.

Appears in: ClusterConfiguration

FieldDescriptionRequired
certSANs
[]string
certSANs sets extra Subject Alternative Names for the API Server signing cert.

Validation: Maximum items: 100
items:MinLength: 1
items:MaxLength: 253

No
timeoutForControlPlane
Duration
timeoutForControlPlane controls the timeout that we use for API server to appearNo

BootstrapToken

BootstrapToken describes one bootstrap token, stored as a Secret in the cluster.

Appears in: InitConfiguration

FieldDescriptionRequired
token
BootstrapTokenString
token is used for establishing bidirectional trust between nodes and control-planes. Used for joining nodes in the cluster.Yes
description
string
description sets a human-friendly message why this token exists and what it's used for, so other administrators can know its purpose.

Validation: Minimum length: 1
Maximum length: 512

No
ttl
Duration
ttl defines the time to live for this token. Defaults to 24h. Expires and TTL are mutually exclusive.No
expires
Time
expires specifies the timestamp when this token expires. Defaults to being set dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.No
usages
[]string
usages describes the ways in which this token can be used. Can by default be used for establishing bidirectional trust, but that can be changed here.

Validation: items:MinLength: 1
items:MaxLength: 256
Maximum items: 100

No
groups
[]string
groups specifies the extra groups that this token will authenticate as when/if used for authentication

Validation: Maximum items: 100
items:MinLength: 1
items:MaxLength: 256

No

ContainerLinuxConfig

ContainerLinuxConfig contains CLC-specific configuration.

We use a structured type here to allow adding additional fields, for example 'version'.

Appears in: IgnitionSpec

FieldDescriptionRequired
additionalConfig
string
additionalConfig contains additional configuration to be merged with the Ignition configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging

The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/

Validation: Minimum length: 1
Maximum length: 32768

No
strict
bool
strict controls if AdditionalConfig should be strictly parsed. If so, warnings are treated as errors.No

ControlPlaneComponent

ControlPlaneComponent holds settings common to control plane component of the cluster.

Appears in: APIServer, ClusterConfiguration

FieldDescriptionRequired
extraArgs
map[string]string
extraArgs is an extra set of flags to pass to the control plane component. TODO: This is temporary and ideally we would like to switch all components to use ComponentConfig + ConfigMaps.No
extraVolumes
[]HostPathMount
extraVolumes is an extra set of host volumes, mounted to the control plane component.

Validation: Maximum items: 100

No
extraEnvs
[]EnvVar
extraEnvs is an extra set of environment variables to pass to the control plane component. Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. This option takes effect only on Kubernetes ≥1.31.0.

Validation: Maximum items: 100

No

DNS

DNS defines the DNS addon that should be used in the cluster.

Appears in: ClusterConfiguration

Discovery

Discovery specifies the options for the kubelet to use during the TLS Bootstrap process.

Appears in: JoinConfiguration

FieldDescriptionRequired
bootstrapToken
BootstrapTokenDiscovery
bootstrapToken is used to set the options for bootstrap token based discovery BootstrapToken and File are mutually exclusiveNo
file
FileDiscovery
file is used to specify a file or URL to a kubeconfig file from which to load cluster information BootstrapToken and File are mutually exclusiveNo
tlsBootstrapToken
string
tlsBootstrapToken is a token used for TLS bootstrapping. If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information

Validation: Minimum length: 1
Maximum length: 512

No
timeout
Duration
timeout modifies the discovery timeoutNo

Encoding

Encoding specifies the cloud-init file encoding.

Appears in: File

EncryptionAlgorithmType

EncryptionAlgorithmType can define an asymmetric encryption algorithm type.

Appears in: ClusterConfiguration

Etcd

Etcd contains elements describing Etcd configuration.

Appears in: ClusterConfiguration

FieldDescriptionRequired
local
LocalEtcd
local provides configuration knobs for configuring the local etcd instance Local and External are mutually exclusiveNo
external
ExternalEtcd
external describes how to connect to an external etcd cluster Local and External are mutually exclusiveNo

FileSource

FileSource is a union of all possible external source types for file data. Only one field may be populated in any given instance. Developers adding new sources of data for target systems should add them here.

Appears in: File

FieldDescriptionRequired
secret
SecretFileSource
secret represents a secret that should populate this file.Yes

Filesystem

Filesystem defines the file systems to be created.

Appears in: DiskSetup

FieldDescriptionRequired
device
string
device specifies the device name

Validation: Minimum length: 1
Maximum length: 256

Yes
filesystem
string
filesystem specifies the file system type.

Validation: Minimum length: 1
Maximum length: 128

Yes
label
string
label specifies the file system label to be used. If set to None, no label is used.

Validation: Minimum length: 1
Maximum length: 512

No
partition
string
partition specifies the partition to use. The valid options are: "auto|any", "auto", "any", "none", and <NUM>, where NUM is the actual partition number.

Validation: Minimum length: 1
Maximum length: 128

No
overwrite
bool
overwrite defines whether or not to overwrite any existing filesystem. If true, any pre-existing file system will be destroyed. Use with Caution.No
replaceFS
string
replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>. NOTE: unless you define a label, this requires the use of the 'any' partition directive.

Validation: Minimum length: 1
Maximum length: 128

No
extraOpts
[]string
extraOpts defined extra options to add to the command for creating the file system.

Validation: items:MinLength: 1
items:MaxLength: 256
Maximum items: 100

No

JoinControlPlane

JoinControlPlane contains elements describing an additional control plane instance to be deployed on the joining node.

Appears in: JoinConfiguration

FieldDescriptionRequired
localAPIEndpoint
APIEndpoint
localAPIEndpoint represents the endpoint of the API server instance to be deployed on this node.No

Networking

Networking contains elements describing cluster's networking configuration.

Appears in: ClusterConfiguration

FieldDescriptionRequired
serviceSubnet
string
serviceSubnet is the subnet used by k8s services. Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12" if that's unset.

Validation: Minimum length: 1
Maximum length: 1024

No
podSubnet
string
podSubnet is the subnet used by pods. If unset, the API server will not allocate CIDR ranges for every node. Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set

Validation: Minimum length: 1
Maximum length: 1024

No
dnsDomain
string
dnsDomain is the dns domain used by k8s services. Defaults to "cluster.local".

Validation: Minimum length: 1
Maximum length: 253

No

NodeRegistrationOptions

NodeRegistrationOptions holds fields that relate to registering a new control-plane or node to the cluster, either via "kubeadm init" or "kubeadm join". Note: The NodeRegistrationOptions struct has to be kept in sync with the structs in MarshalJSON.

Appears in: InitConfiguration, JoinConfiguration

FieldDescriptionRequired
name
string
name is the .Metadata.Name field of the Node API object that will be created in this kubeadm init or kubeadm join operation. This field is also used in the CommonName field of the kubelet's client certificate to the API server. Defaults to the hostname of the node if not provided.

Validation: Minimum length: 1
Maximum length: 253

No
criSocket
string
criSocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use

Validation: Maximum length: 512
Minimum length: 1

No
taints
[]Taint
taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the kubeadm init process it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an empty slice, i.e. taints: [] in the YAML file. This field is solely used for Node registration.

Validation: Maximum items: 100

No
kubeletExtraArgs
map[string]string
kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.No
ignorePreflightErrors
[]string
ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered.

Validation: Maximum items: 50
items:MinLength: 1
items:MaxLength: 512

No
imagePullPolicy
string
imagePullPolicy specifies the policy for image pulling during kubeadm "init" and "join" operations. The value of this field must be one of "Always", "IfNotPresent" or "Never". Defaults to "IfNotPresent". This can be used only with Kubernetes version equal to 1.22 and later.

Validation: Allowed values: Always, IfNotPresent, Never

No
imagePullSerial
bool
imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. This option takes effect only on Kubernetes ≥1.31.0. Default: true (defaulted in kubeadm)No

Partition

Partition defines how to create and layout a partition.

Appears in: DiskSetup

FieldDescriptionRequired
device
string
device is the name of the device.

Validation: Minimum length: 1
Maximum length: 256

Yes
layout
bool
layout specifies the device layout. If it is true, a single partition will be created for the entire device. When layout is false, it means don't partition or ignore existing partitioning.Yes
overwrite
bool
overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. Use with caution. Default is 'false'.No
tableType
string
tableType specifies the tupe of partition table. The following are supported: 'mbr': default and setups a MS-DOS partition table 'gpt': setups a GPT partition table

Validation: Allowed values: mbr, gpt

No
diskLayout
[]PartitionSpec
diskLayout specifies an ordered list of partitions, where each item defines the percentage of disk space and optional partition type for that partition. The sum of all partition percentages must not be greater than 100.

Validation: Minimum items: 1
Maximum items: 100

No

PasswdSource

PasswdSource is a union of all possible external source types for passwd data. Only one field may be populated in any given instance. Developers adding new sources of data for target systems should add them here.

Appears in: User

FieldDescriptionRequired
secret
SecretPasswdSource
secret represents a secret that should populate this password.Yes

Patches

Patches contains options related to applying patches to components deployed by kubeadm.

Appears in: InitConfiguration, JoinConfiguration

FieldDescriptionRequired
directory
string
directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically. These files can be written into the target directory via KubeadmConfig.Files which specifies additional files to be created on the machine, either with content inline or by referencing a secret.

Validation: Minimum length: 1
Maximum length: 512

No

BootstrapTokenDiscovery

BootstrapTokenDiscovery is used to set the options for bootstrap token based discovery.

Appears in: Discovery

FieldDescriptionRequired
token
string
token is a token used to validate cluster information fetched from the control-plane.

Validation: Minimum length: 1
Maximum length: 512

No
apiServerEndpoint
string
apiServerEndpoint is an IP or domain name to the API server from which info will be fetched.

Validation: Minimum length: 1
Maximum length: 512

No
caCertHashes
[]string
caCertHashes specifies a set of public key pins to verify when token-based discovery is used. The root CA found during discovery must match one of these values. Specifying an empty set disables root CA pinning, which can be unsafe. Each hash is specified as "<type>:<value>", where the only currently supported type is "sha256". This is a hex-encoded SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded ASN.1. These hashes can be calculated using, for example, OpenSSL: openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex

Validation: Maximum items: 100
items:MinLength: 1
items:MaxLength: 512

No
unsafeSkipCAVerification
bool
unsafeSkipCAVerification allows token-based discovery without CA verification via CACertHashes. This can weaken the security of kubeadm since other nodes can impersonate the control-plane.No

BootstrapTokenString

BootstrapTokenString is a token of the format abcdef.abcdef0123456789 that is used for both validation of the practically of the API server from a joining node's point of view and as an authentication method for the node in the bootstrap phase of "kubeadm join". This token is and should be short-lived.

Appears in: BootstrapToken

EnvVar

EnvVar represents an environment variable present in a Container.

Appears in: ControlPlaneComponent, EnvVar, LocalEtcd

ExternalEtcd

ExternalEtcd describes an external etcd cluster. Kubeadm has no knowledge of where certificate files live and they must be supplied.

Appears in: Etcd

FieldDescriptionRequired
endpoints
[]string
endpoints of etcd members. Required for ExternalEtcd.

Validation: Maximum items: 50
items:MinLength: 1
items:MaxLength: 512

Yes
caFile
string
caFile is an SSL Certificate Authority file used to secure etcd communication. Required if using a TLS connection.

Validation: Minimum length: 1
Maximum length: 512

Yes
certFile
string
certFile is an SSL certification file used to secure etcd communication. Required if using a TLS connection.

Validation: Minimum length: 1
Maximum length: 512

Yes
keyFile
string
keyFile is an SSL key file used to secure etcd communication. Required if using a TLS connection.

Validation: Minimum length: 1
Maximum length: 512

Yes

FileDiscovery

FileDiscovery is used to specify a file or URL to a kubeconfig file from which to load cluster information.

Appears in: Discovery

FieldDescriptionRequired
kubeConfigPath
string
kubeConfigPath is used to specify the actual file path or URL to the kubeconfig file from which to load cluster information

Validation: Maximum length: 512
Minimum length: 1

Yes
kubeConfig
FileDiscoveryKubeConfig
kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information. The file is generated at the path specified in KubeConfigPath.

Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint. Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret.
No

HostPathMount

HostPathMount contains elements describing volumes that are mounted from the host.

Appears in: ControlPlaneComponent

FieldDescriptionRequired
name
string
name of the volume inside the pod template.

Validation: Minimum length: 1
Maximum length: 512

Yes
hostPath
string
hostPath is the path in the host that will be mounted inside the pod.

Validation: Minimum length: 1
Maximum length: 512

Yes
mountPath
string
mountPath is the path inside the pod where hostPath will be mounted.

Validation: Maximum length: 512
Minimum length: 1

Yes
readOnly
bool
readOnly controls write access to the volumeNo
pathType
HostPathType
pathType is the type of the HostPath.No

ImageMeta

ImageMeta allows to customize the image used for components that are not originated from the Kubernetes/Kubernetes release process.

Appears in: DNS, LocalEtcd

FieldDescriptionRequired
imageRepository
string
imageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead.

Validation: Minimum length: 1
Maximum length: 512

No
imageTag
string
imageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.

Validation: Maximum length: 256
Minimum length: 1

No

LocalEtcd

LocalEtcd describes that kubeadm should run an etcd cluster locally.

Appears in: Etcd

FieldDescriptionRequired
dataDir
string
dataDir is the directory etcd will place its data. Defaults to "/var/lib/etcd".

Validation: Minimum length: 1
Maximum length: 512

No
extraArgs
map[string]string
extraArgs are extra arguments provided to the etcd binary when run inside a static pod.No
extraEnvs
[]EnvVar
extraEnvs is an extra set of environment variables to pass to the control plane component. Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. This option takes effect only on Kubernetes ≥1.31.0.

Validation: Maximum items: 100

No
serverCertSANs
[]string
serverCertSANs sets extra Subject Alternative Names for the etcd server signing cert.

Validation: items:MaxLength: 253
Maximum items: 100
items:MinLength: 1

No
peerCertSANs
[]string
peerCertSANs sets extra Subject Alternative Names for the etcd peer signing cert.

Validation: Maximum items: 100
items:MinLength: 1
items:MaxLength: 253

No

PartitionSpec

PartitionSpec defines the size and optional type for a partition.

Appears in: Partition

FieldDescriptionRequired
percentage
int32
percentage of disk that partition will take (1-100)

Validation: Maximum: 100
Minimum: 1

No
partitionType
string
partitionType is the partition type (optional). Supported values are Linux, LinuxSwap, LinuxRAID, LVM, Fat32, NTFS, and LinuxExtended. These are translated to cloud-init partition type codes. A full GPT partition GUID is also supported as a passthrough value.

Validation: Maximum length: 36
Minimum length: 1
partitionType must be one of Linux, LinuxSwap, LinuxRAID, LVM, Fat32, NTFS, LinuxExtended or a full GPT partition GUID

No

SecretFileSource

SecretFileSource adapts a Secret into a FileSource.

The contents of the target Secret's Data field will be presented as files using the keys in the Data field as the file names.

Appears in: FileSource

FieldDescriptionRequired
name
string
name of the secret in the KubeadmBootstrapConfig's namespace to use.

Validation: Minimum length: 1
Maximum length: 253

Yes
key
string
key is the key in the secret's data map for this value.

Validation: Minimum length: 1
Maximum length: 256

Yes

SecretPasswdSource

SecretPasswdSource adapts a Secret into a PasswdSource.

The contents of the target Secret's Data field will be presented as passwd using the keys in the Data field as the file names.

Appears in: PasswdSource

FieldDescriptionRequired
name
string
name of the secret in the KubeadmBootstrapConfig's namespace to use.

Validation: Minimum length: 1
Maximum length: 253

Yes
key
string
key is the key in the secret's data map for this value.

Validation: Minimum length: 1
Maximum length: 256

Yes

FileDiscoveryKubeConfig

FileDiscoveryKubeConfig contains elements describing how to generate the kubeconfig for bootstrapping.

Appears in: FileDiscovery

FieldDescriptionRequired
cluster
KubeConfigCluster
cluster contains information about how to communicate with the kubernetes cluster.

By default the following fields are automatically populated:
  • Server with the Cluster's ControlPlaneEndpoint.
  • CertificateAuthorityData with the Cluster's CA certificate.
No
user
KubeConfigUser
user contains information that describes identity information. This is used to tell the kubernetes cluster who you are.Yes

KubeConfigCluster

KubeConfigCluster contains information about how to communicate with a kubernetes cluster.

Adapted from clientcmdv1.Cluster.

Appears in: FileDiscoveryKubeConfig

FieldDescriptionRequired
server
string
server is the address of the kubernetes cluster (https://hostname:port).

Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint.

Validation: Minimum length: 1
Maximum length: 512

No
tlsServerName
string
tlsServerName is used to check server certificate. If TLSServerName is empty, the hostname used to contact the server is used.

Validation: Minimum length: 1
Maximum length: 512

No
insecureSkipTLSVerify
bool
insecureSkipTLSVerify skips the validity check for the server's certificate. This will make your HTTPS connections insecure.No
certificateAuthorityData
[]byte
certificateAuthorityData contains PEM-encoded certificate authority certificates.

Defaults to the Cluster's CA certificate if empty.

Validation: Minimum length: 1
Maximum length: 51200

No
proxyURL
string
proxyURL is the URL to the proxy to be used for all requests made by this client. URLs with "http", "https", and "socks5" schemes are supported. If this configuration is not provided or the empty string, the client attempts to construct a proxy configuration from http_proxy and https_proxy environment variables. If these environment variables are not set, the client does not attempt to proxy requests.

socks5 proxying does not currently support spdy streaming endpoints (exec, attach, port forward).

Validation: Minimum length: 1
Maximum length: 512

No

KubeConfigUser

KubeConfigUser contains information that describes identity information. This is used to tell the kubernetes cluster who you are.

Either authProvider or exec must be filled.

Adapted from clientcmdv1.AuthInfo.

Appears in: FileDiscoveryKubeConfig

FieldDescriptionRequired
authProvider
KubeConfigAuthProvider
authProvider specifies a custom authentication plugin for the kubernetes cluster.No
exec
KubeConfigAuthExec
exec specifies a custom exec-based authentication plugin for the kubernetes cluster.No

KubeConfigAuthExec

KubeConfigAuthExec specifies a command to provide client credentials. The command is exec'd and outputs structured stdout holding credentials.

See the client.authentication.k8s.io API group for specifications of the exact input and output format.

Appears in: KubeConfigUser

FieldDescriptionRequired
command
string
command to execute.

Validation: Minimum length: 1
Maximum length: 1024

Yes
args
[]string
args is the arguments to pass to the command when executing it.

Validation: Maximum items: 100
items:MinLength: 1
items:MaxLength: 512

No
env
[]KubeConfigAuthExecEnv
env defines additional environment variables to expose to the process. These are unioned with the host's environment, as well as variables client-go uses to pass argument to the plugin.

Validation: Maximum items: 100

No
apiVersion
string
apiVersion is preferred input version of the ExecInfo. The returned ExecCredentials MUST use the same encoding version as the input. Defaults to client.authentication.k8s.io/v1 if not set.

Validation: Minimum length: 1
Maximum length: 512

No
provideClusterInfo
bool
provideClusterInfo determines whether or not to provide cluster information, which could potentially contain very large CA data, to this exec plugin as a part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for reading this environment variable.No

KubeConfigAuthProvider

KubeConfigAuthProvider holds the configuration for a specified auth provider.

Appears in: KubeConfigUser

FieldDescriptionRequired
name
string
name is the name of the authentication plugin.

Validation: Maximum length: 256
Minimum length: 1

Yes
config
map[string]string
config holds the parameters for the authentication plugin.No

KubeConfigAuthExecEnv

KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based credential plugin.

Appears in: KubeConfigAuthExec

FieldDescriptionRequired
name
string
name of the environment variable

Validation: Minimum length: 1
Maximum length: 512

Yes
value
string
value of the environment variable

Validation: Minimum length: 1
Maximum length: 512

Yes

bootstrap.cluster.x-k8s.io/v1beta2

Resource Types:

KubeadmConfig

KubeadmConfig is the Schema for the kubeadmconfigs API.

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
KubeadmConfigSpec
spec is the desired state of KubeadmConfig.No
status
KubeadmConfigStatus
status is the observed state of KubeadmConfig.No

KubeadmConfigTemplate

KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates API.

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
KubeadmConfigTemplateSpec
spec is the desired state of KubeadmConfigTemplate.No

KubeadmConfigSpec

KubeadmConfigSpec defines the desired state of KubeadmConfig. Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined.

Appears in: KubeadmConfig, KubeadmConfigTemplateResource

FieldDescriptionRequired
clusterConfiguration
ClusterConfiguration
clusterConfiguration along with InitConfiguration are the configurations necessary for the init commandNo
initConfiguration
InitConfiguration
initConfiguration along with ClusterConfiguration are the configurations necessary for the init commandNo
joinConfiguration
JoinConfiguration
joinConfiguration is the kubeadm configuration for the join commandNo
files
[]File
files specifies extra files to be passed to user_data upon creation.

Validation: Minimum items: 1
Maximum items: 200

No
diskSetup
DiskSetup
diskSetup specifies options for the creation of partition tables and file systems on devices.No
mounts
[]MountPoints
mounts specifies a list of mount points to be setup.

Validation: Minimum items: 1
Maximum items: 100

No
bootCommands
[]string
bootCommands specifies extra commands to run very early in the boot process via the cloud-init bootcmd module. bootcmd will run on every boot, 'cloud-init-per' command can be used to make bootcmd run exactly once. This is typically run in the cloud-init.service systemd unit. This has no effect in Ignition.

Validation: Minimum items: 1
Maximum items: 1000
items:MinLength: 1
items:MaxLength: 10240

No
preKubeadmCommands
[]string
preKubeadmCommands specifies extra commands to run before kubeadm runs. With cloud-init, this is prepended to the runcmd module configuration, and is typically executed in the cloud-final.service systemd unit. In Ignition, this is prepended to /etc/kubeadm.sh.

Validation: Minimum items: 1
Maximum items: 1000
items:MinLength: 1
items:MaxLength: 10240

No
postKubeadmCommands
[]string
postKubeadmCommands specifies extra commands to run after kubeadm runs. With cloud-init, this is appended to the runcmd module configuration, and is typically executed in the cloud-final.service systemd unit. In Ignition, this is appended to /etc/kubeadm.sh.

Validation: Minimum items: 1
Maximum items: 1000
items:MinLength: 1
items:MaxLength: 10240

No
users
[]User
users specifies extra users to add

Validation: Minimum items: 1
Maximum items: 100

No
ntp
NTP
ntp specifies NTP configurationNo
format
Format
format specifies the output format of the bootstrap data. Defaults to cloud-config if not set.No
verbosity
int32
verbosity is the number for the kubeadm log level verbosity. It overrides the --v flag in kubeadm commands.No
ignition
IgnitionSpec
ignition contains Ignition specific configuration.No

KubeadmConfigStatus

KubeadmConfigStatus defines the observed state of KubeadmConfig.

Appears in: KubeadmConfig

FieldDescriptionRequired
conditions
[]Condition
conditions represents the observations of a KubeadmConfig's current state. Known condition types are Ready, DataSecretAvailable, CertificatesAvailable.

Validation: Maximum items: 32

No
initialization
KubeadmConfigInitializationStatus
initialization provides observations of the KubeadmConfig initialization process. NOTE: Fields in this struct are part of the Cluster API contract and are used to orchestrate initial Machine provisioning.No
dataSecretName
string
dataSecretName is the name of the secret that stores the bootstrap data script.

Validation: Minimum length: 1
Maximum length: 253

No
observedGeneration
int64
observedGeneration is the latest generation observed by the controller.

Validation: Minimum: 1

No
deprecated
KubeadmConfigDeprecatedStatus
deprecated groups all the status fields that are deprecated and will be removed when all the nested field are removed.No

KubeadmConfigTemplateSpec

KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate.

Appears in: KubeadmConfigTemplate

FieldDescriptionRequired
template
KubeadmConfigTemplateResource
template defines the desired state of KubeadmConfigTemplate.No

ClusterConfiguration

ClusterConfiguration contains cluster-wide configuration for a kubeadm cluster.

Appears in: KubeadmConfigSpec

FieldDescriptionRequired
etcd
Etcd
etcd holds configuration for etcd. NB: This value defaults to a Local (stacked) etcdNo
controlPlaneEndpoint
string
controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint is specified but without a TCP port, the BindPort is used. Possible usages are: e.g. In a cluster with more than one control plane instances, this field should be assigned the address of the external load balancer in front of the control plane instances. e.g. in environments with enforced node recycling, the ControlPlaneEndpoint could be used for assigning a stable DNS to the control plane. NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.

Validation: Maximum length: 512
Minimum length: 1

No
apiServer
APIServer
apiServer contains extra settings for the API server control plane componentNo
controllerManager
ControllerManager
controllerManager contains extra settings for the controller manager control plane componentNo
scheduler
Scheduler
scheduler contains extra settings for the scheduler control plane componentNo
dns
DNS
dns defines the options for the DNS add-on installed in the cluster.No
certificatesDir
string
certificatesDir specifies where to store or look for all required certificates. NB: if not provided, this will default to /etc/kubernetes/pki

Validation: Minimum length: 1
Maximum length: 512

No
imageRepository
string
imageRepository sets the container registry to pull images from. If not set, the default registry of kubeadm will be used (registry.k8s.io).

Validation: Maximum length: 512
Minimum length: 1

No
featureGates
map[string]bool
featureGates enabled by the user.No
certificateValidityPeriodDays
int32
certificateValidityPeriodDays specifies the validity period for non-CA certificates generated by kubeadm. If not specified, kubeadm will use a default of 365 days (1 year). This field is only supported with Kubernetes v1.31 or above.

Validation: Minimum: 1
Maximum: 1095

No
caCertificateValidityPeriodDays
int32
caCertificateValidityPeriodDays specifies the validity period for CA certificates generated by Cluster API. If not specified, Cluster API will use a default of 3650 days (10 years). This field cannot be modified.

Validation: Minimum: 1
Maximum: 36500

No
encryptionAlgorithm
EncryptionAlgorithmType
encryptionAlgorithm holds the type of asymmetric encryption algorithm used for keys and certificates. Can be one of "RSA-2048", "RSA-3072", "RSA-4096", "ECDSA-P256" or "ECDSA-P384". For Kubernetes 1.34 or above, "ECDSA-P384" is supported. If not specified, Cluster API will use RSA-2048 as default. When this field is modified every certificate generated afterward will use the new encryptionAlgorithm. Existing CA certificates and service account keys are not rotated. This field is only supported with Kubernetes v1.31 or above.No

DiskSetup

DiskSetup defines input for generated disk_setup and fs_setup in cloud-init.

Appears in: KubeadmConfigSpec

FieldDescriptionRequired
partitions
[]Partition
partitions specifies the list of the partitions to setup.

Validation: Maximum items: 100

No
filesystems
[]Filesystem
filesystems specifies the list of file systems to setup.

Validation: Maximum items: 100

No

File

File defines the input for generating write_files in cloud-init.

Appears in: KubeadmConfigSpec

FieldDescriptionRequired
path
string
path specifies the full path on disk where to store the file.

Validation: Minimum length: 1
Maximum length: 512

No
owner
string
owner specifies the ownership of the file, e.g. "root:root".

Validation: Minimum length: 1
Maximum length: 256

No
permissions
string
permissions specifies the permissions to assign to the file, e.g. "0640".

Validation: Minimum length: 1
Maximum length: 16

No
encoding
Encoding
encoding specifies the encoding of the file contents.No
append
bool
append specifies whether to append Content to existing file if Path exists.No
content
string
content is the actual content of the file.

Validation: Minimum length: 1
Maximum length: 10240

No
contentFrom
FileSource
contentFrom is a referenced source of content to populate the file.No

Format

Format specifies the output format of the bootstrap data

Appears in: KubeadmConfigSpec

IgnitionSpec

IgnitionSpec contains Ignition specific configuration.

Appears in: KubeadmConfigSpec

FieldDescriptionRequired
containerLinuxConfig
ContainerLinuxConfig
containerLinuxConfig contains CLC specific configuration.No

InitConfiguration

InitConfiguration contains a list of elements that is specific "kubeadm init"-only runtime information.

Appears in: KubeadmConfigSpec

FieldDescriptionRequired
bootstrapTokens
[]BootstrapToken
bootstrapTokens is respected at kubeadm init time and describes a set of Bootstrap Tokens to create. This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature

Validation: Minimum items: 1
Maximum items: 100

No
nodeRegistration
NodeRegistrationOptions
nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. When used in the context of control plane nodes, NodeRegistration should remain consistent across both InitConfiguration and JoinConfigurationNo
localAPIEndpoint
APIEndpoint
localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process fails you may set the desired value here.No
skipPhases
[]string
skipPhases is a list of phases to skip during command execution. The list of phases can be obtained with the "kubeadm init --help" command. This option takes effect only on Kubernetes ≥1.22.0.

Validation: items:MinLength: 1
items:MaxLength: 256
Minimum items: 1
Maximum items: 50

No
patches
Patches
patches contains options related to applying patches to components deployed by kubeadm during "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22No
timeouts
Timeouts
timeouts holds various timeouts that apply to kubeadm commands.No

JoinConfiguration

JoinConfiguration contains elements describing a particular node.

Appears in: KubeadmConfigSpec

FieldDescriptionRequired
nodeRegistration
NodeRegistrationOptions
nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. When used in the context of control plane nodes, NodeRegistration should remain consistent across both InitConfiguration and JoinConfigurationNo
caCertPath
string
caCertPath is the path to the SSL certificate authority used to secure communications between node and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". TODO: revisit when there is defaulting from k/k

Validation: Minimum length: 1
Maximum length: 512

No
discovery
Discovery
discovery specifies the options for the kubelet to use during the TLS Bootstrap process TODO: revisit when there is defaulting from k/kNo
controlPlane
JoinControlPlane
controlPlane defines the additional control plane instance to be deployed on the joining node. If nil, no additional control plane instance will be deployed.No
skipPhases
[]string
skipPhases is a list of phases to skip during command execution. The list of phases can be obtained with the "kubeadm init --help" command. This option takes effect only on Kubernetes ≥1.22.0.

Validation: Minimum items: 1
Maximum items: 50
items:MinLength: 1
items:MaxLength: 256

No
patches
Patches
patches contains options related to applying patches to components deployed by kubeadm during "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22No
timeouts
Timeouts
timeouts holds various timeouts that apply to kubeadm commands.No

KubeadmConfigDeprecatedStatus

KubeadmConfigDeprecatedStatus groups all the status fields that are deprecated and will be removed in a future version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.

Appears in: KubeadmConfigStatus

FieldDescriptionRequired
v1beta1
KubeadmConfigV1Beta1DeprecatedStatus
v1beta1 groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped.No

KubeadmConfigInitializationStatus

KubeadmConfigInitializationStatus provides observations of the KubeadmConfig initialization process.

Appears in: KubeadmConfigStatus

FieldDescriptionRequired
dataSecretCreated
bool
dataSecretCreated is true when the Machine's boostrap secret is created. NOTE: this field is part of the Cluster API contract, and it is used to orchestrate initial Machine provisioning.No

KubeadmConfigTemplateResource

KubeadmConfigTemplateResource defines the Template structure.

Appears in: KubeadmConfigTemplateSpec

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
KubeadmConfigSpec
spec is the desired state of KubeadmConfig.No

MountPoints

MountPoints defines input for generated mounts in cloud-init.

Appears in: KubeadmConfigSpec

NTP

NTP defines input for generated ntp in cloud-init.

Appears in: KubeadmConfigSpec

FieldDescriptionRequired
servers
[]string
servers specifies which NTP servers to use

Validation: Maximum items: 100
items:MinLength: 1
items:MaxLength: 512

No
enabled
bool
enabled specifies whether NTP should be enabledNo

User

User defines the input for a generated user in cloud-init.

Appears in: KubeadmConfigSpec

FieldDescriptionRequired
name
string
name specifies the user name

Validation: Minimum length: 1
Maximum length: 256

No
gecos
string
gecos specifies the gecos to use for the user

Validation: Maximum length: 256
Minimum length: 1

No
groups
string
groups specifies the additional groups for the user

Validation: Minimum length: 1
Maximum length: 256

No
homeDir
string
homeDir specifies the home directory to use for the user

Validation: Minimum length: 1
Maximum length: 256

No
inactive
bool
inactive specifies whether to mark the user as inactiveNo
shell
string
shell specifies the user's shell

Validation: Minimum length: 1
Maximum length: 256

No
passwd
string
passwd specifies a hashed password for the user

Validation: Minimum length: 1
Maximum length: 256

No
passwdFrom
PasswdSource
passwdFrom is a referenced source of passwd to populate the passwd.No
primaryGroup
string
primaryGroup specifies the primary group for the user

Validation: Minimum length: 1
Maximum length: 256

No
lockPassword
bool
lockPassword specifies if password login should be disabledNo
sudo
string
sudo specifies a sudo role for the user

Validation: Minimum length: 1
Maximum length: 256

No
sshAuthorizedKeys
[]string
sshAuthorizedKeys specifies a list of ssh authorized keys for the user

Validation: Maximum items: 100
items:MinLength: 1
items:MaxLength: 2048

No

APIEndpoint

APIEndpoint struct contains elements of API server instance deployed on a node.

Appears in: InitConfiguration, JoinControlPlane

FieldDescriptionRequired
advertiseAddress
string
advertiseAddress sets the IP address for the API server to advertise.

Validation: Minimum length: 1
Maximum length: 39

No
bindPort
int32
bindPort sets the secure port for the API Server to bind to. Defaults to 6443.

Validation: Minimum: 1

No

APIServer

APIServer holds settings necessary for API server deployments in the cluster.

Appears in: ClusterConfiguration

FieldDescriptionRequired
extraArgs
[]Arg
extraArgs is a list of args to pass to the control plane component. The arg name must match the command line flag name except without leading dash(es). Extra arguments will override existing default arguments set by kubeadm.

Validation: Minimum items: 1
Maximum items: 100
extraArgs name must be unique

No
extraVolumes
[]HostPathMount
extraVolumes is an extra set of host volumes, mounted to the control plane component.

Validation: Minimum items: 1
Maximum items: 100

No
extraEnvs
[]EnvVar
extraEnvs is an extra set of environment variables to pass to the control plane component. Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. This option takes effect only on Kubernetes ≥1.31.0.

Validation: Minimum items: 1
Maximum items: 100

No
certSANs
[]string
certSANs sets extra Subject Alternative Names for the API Server signing cert.

Validation: Minimum items: 1
Maximum items: 100
items:MinLength: 1
items:MaxLength: 253

No

BootstrapToken

BootstrapToken describes one bootstrap token, stored as a Secret in the cluster.

Appears in: InitConfiguration

FieldDescriptionRequired
token
BootstrapTokenString
token is used for establishing bidirectional trust between nodes and control-planes. Used for joining nodes in the cluster.No
description
string
description sets a human-friendly message why this token exists and what it's used for, so other administrators can know its purpose.

Validation: Minimum length: 1
Maximum length: 512

No
ttlSeconds
int32
ttlSeconds defines the time to live for this token. Defaults to 24h. Expires and ttlSeconds are mutually exclusive.

Validation: Minimum: 0

No
expires
Time
expires specifies the timestamp when this token expires. Defaults to being set dynamically at runtime based on the ttlSeconds. Expires and ttlSeconds are mutually exclusive.No
usages
[]string
usages describes the ways in which this token can be used. Can by default be used for establishing bidirectional trust, but that can be changed here.

Validation: items:MaxLength: 256
Minimum items: 1
Maximum items: 100
items:MinLength: 1

No
groups
[]string
groups specifies the extra groups that this token will authenticate as when/if used for authentication

Validation: items:MinLength: 1
items:MaxLength: 256
Minimum items: 1
Maximum items: 100

No

ContainerLinuxConfig

ContainerLinuxConfig contains CLC-specific configuration.

We use a structured type here to allow adding additional fields, for example 'version'.

Appears in: IgnitionSpec

FieldDescriptionRequired
additionalConfig
string
additionalConfig contains additional configuration to be merged with the Ignition configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging

The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/

Validation: Minimum length: 1
Maximum length: 32768

No
strict
bool
strict controls if AdditionalConfig should be strictly parsed. If so, warnings are treated as errors.No

ControllerManager

ControllerManager holds settings necessary for controller-manager deployments in the cluster.

Appears in: ClusterConfiguration

FieldDescriptionRequired
extraArgs
[]Arg
extraArgs is a list of args to pass to the control plane component. The arg name must match the command line flag name except without leading dash(es). Extra arguments will override existing default arguments set by kubeadm.

Validation: Minimum items: 1
Maximum items: 100
extraArgs name must be unique

No
extraVolumes
[]HostPathMount
extraVolumes is an extra set of host volumes, mounted to the control plane component.

Validation: Maximum items: 100
Minimum items: 1

No
extraEnvs
[]EnvVar
extraEnvs is an extra set of environment variables to pass to the control plane component. Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. This option takes effect only on Kubernetes ≥1.31.0.

Validation: Maximum items: 100
Minimum items: 1

No

DNS

DNS defines the DNS addon that should be used in the cluster.

Appears in: ClusterConfiguration

FieldDescriptionRequired
imageRepository
string
imageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead.

Validation: Minimum length: 1
Maximum length: 512

No
imageTag
string
imageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.

Validation: Minimum length: 1
Maximum length: 256

No

Discovery

Discovery specifies the options for the kubelet to use during the TLS Bootstrap process.

Appears in: JoinConfiguration

FieldDescriptionRequired
bootstrapToken
BootstrapTokenDiscovery
bootstrapToken is used to set the options for bootstrap token based discovery BootstrapToken and File are mutually exclusiveNo
file
FileDiscovery
file is used to specify a file or URL to a kubeconfig file from which to load cluster information BootstrapToken and File are mutually exclusiveNo
tlsBootstrapToken
string
tlsBootstrapToken is a token used for TLS bootstrapping. If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information

Validation: Minimum length: 1
Maximum length: 512

No

Encoding

Encoding specifies the cloud-init file encoding.

Appears in: File

EncryptionAlgorithmType

EncryptionAlgorithmType can define an asymmetric encryption algorithm type.

Appears in: ClusterConfiguration

Etcd

Etcd contains elements describing Etcd configuration.

Appears in: ClusterConfiguration

FieldDescriptionRequired
local
LocalEtcd
local provides configuration knobs for configuring the local etcd instance Local and External are mutually exclusiveNo
external
ExternalEtcd
external describes how to connect to an external etcd cluster Local and External are mutually exclusiveNo

FileSource

FileSource is a union of all possible external source types for file data. Only one field may be populated in any given instance. Developers adding new sources of data for target systems should add them here.

Appears in: File

FieldDescriptionRequired
secret
SecretFileSource
secret represents a secret that should populate this file.No

Filesystem

Filesystem defines the file systems to be created.

Appears in: DiskSetup

FieldDescriptionRequired
device
string
device specifies the device name

Validation: Minimum length: 1
Maximum length: 256

No
filesystem
string
filesystem specifies the file system type.

Validation: Minimum length: 1
Maximum length: 128

No
label
string
label specifies the file system label to be used. If set to None, no label is used.

Validation: Minimum length: 1
Maximum length: 512

No
partition
string
partition specifies the partition to use. The valid options are: "auto|any", "auto", "any", "none", and <NUM>, where NUM is the actual partition number.

Validation: Minimum length: 1
Maximum length: 128

No
overwrite
bool
overwrite defines whether or not to overwrite any existing filesystem. If true, any pre-existing file system will be destroyed. Use with Caution.No
replaceFS
string
replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>. NOTE: unless you define a label, this requires the use of the 'any' partition directive.

Validation: Minimum length: 1
Maximum length: 128

No
extraOpts
[]string
extraOpts defined extra options to add to the command for creating the file system.

Validation: Maximum items: 100
items:MinLength: 1
items:MaxLength: 256

No

JoinControlPlane

JoinControlPlane contains elements describing an additional control plane instance to be deployed on the joining node.

Appears in: JoinConfiguration

FieldDescriptionRequired
localAPIEndpoint
APIEndpoint
localAPIEndpoint represents the endpoint of the API server instance to be deployed on this node.No

KubeadmConfigV1Beta1DeprecatedStatus

KubeadmConfigV1Beta1DeprecatedStatus groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.

Appears in: KubeadmConfigDeprecatedStatus

FieldDescriptionRequired
conditions
Conditions
conditions defines current service state of the KubeadmConfig.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
No
failureReason
string
failureReason will be set on non-retryable errors

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.

Validation: Minimum length: 1
Maximum length: 256

No
failureMessage
string
failureMessage will be set on non-retryable errors

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.

Validation: Minimum length: 1
Maximum length: 10240

No

NodeRegistrationOptions

NodeRegistrationOptions holds fields that relate to registering a new control-plane or node to the cluster, either via "kubeadm init" or "kubeadm join". Note: The NodeRegistrationOptions struct has to be kept in sync with the structs in MarshalJSON.

Appears in: InitConfiguration, JoinConfiguration

FieldDescriptionRequired
name
string
name is the .Metadata.Name field of the Node API object that will be created in this kubeadm init or kubeadm join operation. This field is also used in the CommonName field of the kubelet's client certificate to the API server. Defaults to the hostname of the node if not provided.

Validation: Minimum length: 1
Maximum length: 253

No
criSocket
string
criSocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use

Validation: Minimum length: 1
Maximum length: 512

No
taints
[]Taint
taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the kubeadm init process it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an empty slice, i.e. taints: [] in the YAML file. This field is solely used for Node registration.

Validation: Minimum items: 0
Maximum items: 100

No
kubeletExtraArgs
[]Arg
kubeletExtraArgs is a list of args to pass to kubelet. The arg name must match the command line flag name except without leading dash(es). Extra arguments will override existing default arguments set by kubeadm.

Validation: Minimum items: 1
Maximum items: 100
kubeletExtraArgs name must be unique

No
ignorePreflightErrors
[]string
ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered, e.g. 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.

Validation: Minimum items: 1
Maximum items: 50
items:MinLength: 1
items:MaxLength: 512

No
imagePullPolicy
PullPolicy
imagePullPolicy specifies the policy for image pulling during kubeadm "init" and "join" operations. The value of this field must be one of "Always", "IfNotPresent" or "Never". Defaults to "IfNotPresent" if not set.

Validation: Allowed values: Always, IfNotPresent, Never

No
imagePullSerial
bool
imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. This option takes effect only on Kubernetes ≥1.31.0. Default: true (defaulted in kubeadm)No

Partition

Partition defines how to create and layout a partition.

Appears in: DiskSetup

FieldDescriptionRequired
device
string
device is the name of the device.

Validation: Minimum length: 1
Maximum length: 256

No
layout
bool
layout specifies the device layout. If it is true, a single partition will be created for the entire device. When layout is false, it means don't partition or ignore existing partitioning. Mutually exclusive with diskLayout.No
overwrite
bool
overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. Use with caution. Default is 'false'.No
tableType
string
tableType specifies the tupe of partition table. The following are supported: 'mbr': default and setups a MS-DOS partition table 'gpt': setups a GPT partition table

Validation: Allowed values: mbr, gpt

No
diskLayout
[]PartitionSpec
diskLayout specifies an ordered list of partitions, where each item defines the percentage of disk space and optional partition type for that partition. The sum of all partition percentages must not be greater than 100. Mutually exclusive with layout.

Validation: Minimum items: 1
Maximum items: 100

No

PasswdSource

PasswdSource is a union of all possible external source types for passwd data. Only one field may be populated in any given instance. Developers adding new sources of data for target systems should add them here.

Appears in: User

FieldDescriptionRequired
secret
SecretPasswdSource
secret represents a secret that should populate this password.No

Patches

Patches contains options related to applying patches to components deployed by kubeadm.

Appears in: InitConfiguration, JoinConfiguration

FieldDescriptionRequired
directory
string
directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically. These files can be written into the target directory via KubeadmConfig.Files which specifies additional files to be created on the machine, either with content inline or by referencing a secret.

Validation: Minimum length: 1
Maximum length: 512

No

Scheduler

Scheduler holds settings necessary for scheduler deployments in the cluster.

Appears in: ClusterConfiguration

FieldDescriptionRequired
extraArgs
[]Arg
extraArgs is a list of args to pass to the control plane component. The arg name must match the command line flag name except without leading dash(es). Extra arguments will override existing default arguments set by kubeadm.

Validation: Minimum items: 1
Maximum items: 100
extraArgs name must be unique

No
extraVolumes
[]HostPathMount
extraVolumes is an extra set of host volumes, mounted to the control plane component.

Validation: Minimum items: 1
Maximum items: 100

No
extraEnvs
[]EnvVar
extraEnvs is an extra set of environment variables to pass to the control plane component. Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. This option takes effect only on Kubernetes ≥1.31.0.

Validation: Minimum items: 1
Maximum items: 100

No

Timeouts

Timeouts holds various timeouts that apply to kubeadm commands.

Appears in: InitConfiguration, JoinConfiguration

FieldDescriptionRequired
controlPlaneComponentHealthCheckSeconds
int32
controlPlaneComponentHealthCheckSeconds is the amount of time to wait for a control plane component, such as the API server, to be healthy during "kubeadm init" and "kubeadm join". If not set, it defaults to 4m (240s).

Validation: Minimum: 0

No
kubeletHealthCheckSeconds
int32
kubeletHealthCheckSeconds is the amount of time to wait for the kubelet to be healthy during "kubeadm init" and "kubeadm join". If not set, it defaults to 4m (240s).

Validation: Minimum: 0

No
kubernetesAPICallSeconds
int32
kubernetesAPICallSeconds is the amount of time to wait for the kubeadm client to complete a request to the API server. This applies to all types of methods (GET, POST, etc). If not set, it defaults to 1m (60s).

Validation: Minimum: 0

No
etcdAPICallSeconds
int32
etcdAPICallSeconds is the amount of time to wait for the kubeadm etcd client to complete a request to the etcd cluster. If not set, it defaults to 2m (120s).

Validation: Minimum: 0

No
tlsBootstrapSeconds
int32
tlsBootstrapSeconds is the amount of time to wait for the kubelet to complete TLS bootstrap for a joining node. If not set, it defaults to 5m (300s).

Validation: Minimum: 0

No
discoverySeconds
int32
discoverySeconds is the amount of time to wait for kubeadm to validate the API server identity for a joining node. If not set, it defaults to 5m (300s).

Validation: Minimum: 0

No

Arg

Arg represents an argument with a name and a value.

Appears in: APIServer, ControllerManager, LocalEtcd, NodeRegistrationOptions, Scheduler

FieldDescriptionRequired
name
string
name is the Name of the extraArg.

Validation: Minimum length: 1
Maximum length: 256

No
value
string
value is the Value of the extraArg.

Validation: Minimum length: 0
Maximum length: 1024

No

BootstrapTokenDiscovery

BootstrapTokenDiscovery is used to set the options for bootstrap token based discovery.

Appears in: Discovery

FieldDescriptionRequired
token
string
token is a token used to validate cluster information fetched from the control-plane.

Validation: Minimum length: 1
Maximum length: 512

No
apiServerEndpoint
string
apiServerEndpoint is an IP or domain name to the API server from which info will be fetched.

Validation: Minimum length: 1
Maximum length: 512

No
caCertHashes
[]string
caCertHashes specifies a set of public key pins to verify when token-based discovery is used. The root CA found during discovery must match one of these values. Specifying an empty set disables root CA pinning, which can be unsafe. Each hash is specified as "<type>:<value>", where the only currently supported type is "sha256". This is a hex-encoded SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded ASN.1. These hashes can be calculated using, for example, OpenSSL: openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex

Validation: Maximum items: 100
items:MinLength: 1
items:MaxLength: 512
Minimum items: 1

No
unsafeSkipCAVerification
bool
unsafeSkipCAVerification allows token-based discovery without CA verification via CACertHashes. This can weaken the security of kubeadm since other nodes can impersonate the control-plane.No

BootstrapTokenString

BootstrapTokenString is a token of the format abcdef.abcdef0123456789 that is used for both validation of the practically of the API server from a joining node's point of view and as an authentication method for the node in the bootstrap phase of "kubeadm join". This token is and should be short-lived.

Appears in: BootstrapToken

EnvVar

EnvVar represents an environment variable present in a Container.

Appears in: APIServer, ControllerManager, EnvVar, LocalEtcd, Scheduler

ExternalEtcd

ExternalEtcd describes an external etcd cluster. Kubeadm has no knowledge of where certificate files live and they must be supplied.

Appears in: Etcd

FieldDescriptionRequired
endpoints
[]string
endpoints of etcd members. Required for ExternalEtcd.

Validation: Maximum items: 50
items:MinLength: 1
items:MaxLength: 512
Minimum items: 1

No
caFile
string
caFile is an SSL Certificate Authority file used to secure etcd communication. Required if using a TLS connection.

Validation: Minimum length: 1
Maximum length: 512

No
certFile
string
certFile is an SSL certification file used to secure etcd communication. Required if using a TLS connection.

Validation: Minimum length: 1
Maximum length: 512

No
keyFile
string
keyFile is an SSL key file used to secure etcd communication. Required if using a TLS connection.

Validation: Minimum length: 1
Maximum length: 512

No

FileDiscovery

FileDiscovery is used to specify a file or URL to a kubeconfig file from which to load cluster information.

Appears in: Discovery

FieldDescriptionRequired
kubeConfigPath
string
kubeConfigPath is used to specify the actual file path or URL to the kubeconfig file from which to load cluster information

Validation: Minimum length: 1
Maximum length: 512

No
kubeConfig
FileDiscoveryKubeConfig
kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information. The file is generated at the path specified in KubeConfigPath.

Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint. Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret.
No

HostPathMount

HostPathMount contains elements describing volumes that are mounted from the host.

Appears in: APIServer, ControllerManager, Scheduler

FieldDescriptionRequired
name
string
name of the volume inside the pod template.

Validation: Minimum length: 1
Maximum length: 512

No
hostPath
string
hostPath is the path in the host that will be mounted inside the pod.

Validation: Minimum length: 1
Maximum length: 512

No
mountPath
string
mountPath is the path inside the pod where hostPath will be mounted.

Validation: Minimum length: 1
Maximum length: 512

No
readOnly
bool
readOnly controls write access to the volumeNo
pathType
HostPathType
pathType is the type of the HostPath.No

LocalEtcd

LocalEtcd describes that kubeadm should run an etcd cluster locally.

Appears in: Etcd

FieldDescriptionRequired
imageRepository
string
imageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead.

Validation: Minimum length: 1
Maximum length: 512

No
imageTag
string
imageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.

Validation: Maximum length: 256
Minimum length: 1

No
dataDir
string
dataDir is the directory etcd will place its data. Defaults to "/var/lib/etcd".

Validation: Maximum length: 512
Minimum length: 1

No
extraArgs
[]Arg
extraArgs is a list of args to pass to etcd. The arg name must match the command line flag name except without leading dash(es). Extra arguments will override existing default arguments set by kubeadm.

Validation: Minimum items: 1
Maximum items: 100
extraArgs name must be unique

No
extraEnvs
[]EnvVar
extraEnvs is an extra set of environment variables to pass to etcd. Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. This option takes effect only on Kubernetes ≥1.31.0.

Validation: Minimum items: 1
Maximum items: 100

No
serverCertSANs
[]string
serverCertSANs sets extra Subject Alternative Names for the etcd server signing cert.

Validation: Minimum items: 1
Maximum items: 100
items:MinLength: 1
items:MaxLength: 253

No
peerCertSANs
[]string
peerCertSANs sets extra Subject Alternative Names for the etcd peer signing cert.

Validation: Minimum items: 1
Maximum items: 100
items:MinLength: 1
items:MaxLength: 253

No

PartitionSpec

PartitionSpec defines the size and optional type for a partition.

Appears in: Partition

FieldDescriptionRequired
percentage
int32
percentage of disk that partition will take (1-100)

Validation: Minimum: 1
Maximum: 100

No
partitionType
string
partitionType is the partition type (optional). Supported values are Linux, LinuxSwap, LinuxRAID, LVM, Fat32, NTFS, and LinuxExtended. These are translated to cloud-init partition type codes. A full GPT partition GUID is also supported as a passthrough value.

Validation: Minimum length: 1
Maximum length: 36
partitionType must be one of Linux, LinuxSwap, LinuxRAID, LVM, Fat32, NTFS, LinuxExtended or a full GPT partition GUID

No

SecretFileSource

SecretFileSource adapts a Secret into a FileSource.

The contents of the target Secret's Data field will be presented as files using the keys in the Data field as the file names.

Appears in: FileSource

FieldDescriptionRequired
name
string
name of the secret in the KubeadmBootstrapConfig's namespace to use.

Validation: Minimum length: 1
Maximum length: 253

No
key
string
key is the key in the secret's data map for this value.

Validation: Minimum length: 1
Maximum length: 256

No

SecretPasswdSource

SecretPasswdSource adapts a Secret into a PasswdSource.

The contents of the target Secret's Data field will be presented as passwd using the keys in the Data field as the file names.

Appears in: PasswdSource

FieldDescriptionRequired
name
string
name of the secret in the KubeadmBootstrapConfig's namespace to use.

Validation: Minimum length: 1
Maximum length: 253

No
key
string
key is the key in the secret's data map for this value.

Validation: Minimum length: 1
Maximum length: 256

No

FileDiscoveryKubeConfig

FileDiscoveryKubeConfig contains elements describing how to generate the kubeconfig for bootstrapping.

Appears in: FileDiscovery

FieldDescriptionRequired
cluster
KubeConfigCluster
cluster contains information about how to communicate with the kubernetes cluster.

By default the following fields are automatically populated:
  • Server with the Cluster's ControlPlaneEndpoint.
  • CertificateAuthorityData with the Cluster's CA certificate.
No
user
KubeConfigUser
user contains information that describes identity information. This is used to tell the kubernetes cluster who you are.No

KubeConfigCluster

KubeConfigCluster contains information about how to communicate with a kubernetes cluster.

Adapted from clientcmdv1.Cluster.

Appears in: FileDiscoveryKubeConfig

FieldDescriptionRequired
server
string
server is the address of the kubernetes cluster (https://hostname:port).

Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint.

Validation: Minimum length: 1
Maximum length: 512

No
tlsServerName
string
tlsServerName is used to check server certificate. If TLSServerName is empty, the hostname used to contact the server is used.

Validation: Minimum length: 1
Maximum length: 512

No
insecureSkipTLSVerify
bool
insecureSkipTLSVerify skips the validity check for the server's certificate. This will make your HTTPS connections insecure.No
certificateAuthorityData
[]byte
certificateAuthorityData contains PEM-encoded certificate authority certificates.

Defaults to the Cluster's CA certificate if empty.

Validation: Minimum length: 1
Maximum length: 51200

No
proxyURL
string
proxyURL is the URL to the proxy to be used for all requests made by this client. URLs with "http", "https", and "socks5" schemes are supported. If this configuration is not provided or the empty string, the client attempts to construct a proxy configuration from http_proxy and https_proxy environment variables. If these environment variables are not set, the client does not attempt to proxy requests.

socks5 proxying does not currently support spdy streaming endpoints (exec, attach, port forward).

Validation: Minimum length: 1
Maximum length: 512

No

KubeConfigUser

KubeConfigUser contains information that describes identity information. This is used to tell the kubernetes cluster who you are.

Either authProvider or exec must be filled.

Adapted from clientcmdv1.AuthInfo.

Appears in: FileDiscoveryKubeConfig

FieldDescriptionRequired
authProvider
KubeConfigAuthProvider
authProvider specifies a custom authentication plugin for the kubernetes cluster.No
exec
KubeConfigAuthExec
exec specifies a custom exec-based authentication plugin for the kubernetes cluster.No

KubeConfigAuthExec

KubeConfigAuthExec specifies a command to provide client credentials. The command is exec'd and outputs structured stdout holding credentials.

See the client.authentication.k8s.io API group for specifications of the exact input and output format.

Appears in: KubeConfigUser

FieldDescriptionRequired
command
string
command to execute.

Validation: Minimum length: 1
Maximum length: 1024

No
args
[]string
args is the arguments to pass to the command when executing it.

Validation: Maximum items: 100
items:MinLength: 1
items:MaxLength: 512
Minimum items: 1

No
env
[]KubeConfigAuthExecEnv
env defines additional environment variables to expose to the process. These are unioned with the host's environment, as well as variables client-go uses to pass argument to the plugin.

Validation: Minimum items: 1
Maximum items: 100

No
apiVersion
string
apiVersion is preferred input version of the ExecInfo. The returned ExecCredentials MUST use the same encoding version as the input. Defaults to client.authentication.k8s.io/v1 if not set.

Validation: Minimum length: 1
Maximum length: 512

No
provideClusterInfo
bool
provideClusterInfo determines whether or not to provide cluster information, which could potentially contain very large CA data, to this exec plugin as a part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for reading this environment variable.No

KubeConfigAuthProvider

KubeConfigAuthProvider holds the configuration for a specified auth provider.

Appears in: KubeConfigUser

FieldDescriptionRequired
name
string
name is the name of the authentication plugin.

Validation: Minimum length: 1
Maximum length: 256

No
config
map[string]string
config holds the parameters for the authentication plugin.No

KubeConfigAuthExecEnv

KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based credential plugin.

Appears in: KubeConfigAuthExec

FieldDescriptionRequired
name
string
name of the environment variable

Validation: Minimum length: 1
Maximum length: 512

No
value
string
value of the environment variable

Validation: Minimum length: 1
Maximum length: 512

No

cluster.x-k8s.io/v1beta1

Resource Types:

Cluster

Cluster is the Schema for the clusters API.

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
ClusterSpec
spec is the desired state of Cluster.No
status
ClusterStatus
status is the observed state of Cluster.No

ClusterClass

ClusterClass is a template which can be used to create managed topologies.

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
ClusterClassSpec
spec is the desired state of ClusterClass.No
status
ClusterClassStatus
status is the observed state of ClusterClass.No

Machine

Machine is the Schema for the machines API.

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
MachineSpec
spec is the desired state of Machine.No
status
MachineStatus
status is the observed state of Machine.No

MachineDeployment

MachineDeployment is the Schema for the machinedeployments API.

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
MachineDeploymentSpec
spec is the desired state of MachineDeployment.No
status
MachineDeploymentStatus
status is the observed state of MachineDeployment.No

MachineDrainRule

MachineDrainRule is the Schema for the MachineDrainRule API.

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataYes
spec
MachineDrainRuleSpec
spec defines the spec of a MachineDrainRule.Yes

MachineHealthCheck

MachineHealthCheck is the Schema for the machinehealthchecks API.

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
MachineHealthCheckSpec
spec is the specification of machine health check policyNo
status
MachineHealthCheckStatus
status is the most recently observed status of MachineHealthCheck resourceNo

MachineSet

MachineSet is the Schema for the machinesets API.

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
MachineSetSpec
spec is the desired state of MachineSet.No
status
MachineSetStatus
status is the observed state of MachineSet.No

ClusterClassSpec

ClusterClassSpec describes the desired state of the ClusterClass.

Appears in: ClusterClass

FieldDescriptionRequired
availabilityGates
[]ClusterAvailabilityGate
availabilityGates specifies additional conditions to include when evaluating Cluster Available condition.

NOTE: this field is considered only for computing v1beta2 conditions. NOTE: If a Cluster is using this ClusterClass, and this Cluster defines a custom list of availabilityGates, such list overrides availabilityGates defined in this field.

Validation: Maximum items: 32

No
infrastructure
LocalObjectTemplate
infrastructure is a reference to a provider-specific template that holds the details for provisioning infrastructure specific cluster for the underlying provider. The underlying provider is responsible for the implementation of the template to an infrastructure cluster.No
infrastructureNamingStrategy
InfrastructureNamingStrategy
infrastructureNamingStrategy allows changing the naming pattern used when creating the infrastructure object.No
controlPlane
ControlPlaneClass
controlPlane is a reference to a local struct that holds the details for provisioning the Control Plane for the Cluster.No
workers
WorkersClass
workers describes the worker nodes for the cluster. It is a collection of node types which can be used to create the worker nodes of the cluster.No
variables
[]ClusterClassVariable
variables defines the variables which can be configured in the Cluster topology and are then used in patches.

Validation: Maximum items: 1000

No
patches
[]ClusterClassPatch
patches defines the patches which are applied to customize referenced templates of a ClusterClass. Note: Patches will be applied in the order of the array.

Validation: Maximum items: 1000

No
upgrade
ClusterClassUpgrade
upgrade defines the upgrade configuration for clusters using this ClusterClass.No
kubernetesVersions
[]string
kubernetesVersions is the list of Kubernetes versions that can be used for clusters using this ClusterClass. The list of version must be ordered from the older to the newer version, and there should be at least one version for every minor in between the first and the last version.

Validation: Maximum items: 100
items:MinLength: 1
items:MaxLength: 256
Minimum items: 1

No

ClusterClassStatus

ClusterClassStatus defines the observed state of the ClusterClass.

Appears in: ClusterClass

FieldDescriptionRequired
variables
[]ClusterClassStatusVariable
variables is a list of ClusterClassStatusVariable that are defined for the ClusterClass.

Validation: Maximum items: 1000

No
conditions
Conditions
conditions defines current observed state of the ClusterClass.No
observedGeneration
int64
observedGeneration is the latest generation observed by the controller.No
v1beta2
ClusterClassV1Beta2Status
v1beta2 groups all the fields that will be added or modified in ClusterClass's status with the V1Beta2 version.No

ClusterSpec

ClusterSpec defines the desired state of Cluster.

Appears in: Cluster

FieldDescriptionRequired
paused
bool
paused can be used to prevent controllers from processing the Cluster and all its associated objects.No
clusterNetwork
ClusterNetwork
clusterNetwork represents the cluster network configuration.No
controlPlaneEndpoint
APIEndpoint
controlPlaneEndpoint represents the endpoint used to communicate with the control plane.No
controlPlaneRef
ObjectReference
controlPlaneRef is an optional reference to a provider-specific resource that holds the details for provisioning the Control Plane for a Cluster.No
infrastructureRef
ObjectReference
infrastructureRef is a reference to a provider-specific resource that holds the details for provisioning infrastructure for a cluster in said provider.No
topology
Topology
topology encapsulates the topology for the cluster. NOTE: It is required to enable the ClusterTopology feature gate flag to activate managed topologies support.No
availabilityGates
[]ClusterAvailabilityGate
availabilityGates specifies additional conditions to include when evaluating Cluster Available condition.

If this field is not defined and the Cluster implements a managed topology, availabilityGates from the corresponding ClusterClass will be used, if any.

NOTE: this field is considered only for computing v1beta2 conditions.

Validation: Maximum items: 32

No

ClusterStatus

ClusterStatus defines the observed state of Cluster.

Appears in: Cluster

FieldDescriptionRequired
failureDomains
FailureDomains
failureDomains is a slice of failure domain objects synced from the infrastructure provider.No
failureReason
ClusterStatusError
failureReason indicates that there is a fatal problem reconciling the state, and will be set to a token value suitable for programmatic interpretation.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
No
failureMessage
string
failureMessage indicates that there is a fatal problem reconciling the state, and will be set to a descriptive error message.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.

Validation: Minimum length: 1
Maximum length: 10240

No
phase
string
phase represents the current phase of cluster actuation.

Validation: Allowed values: Pending, Provisioning, Provisioned, Deleting, Failed, Unknown

No
infrastructureReady
bool
infrastructureReady is the state of the infrastructure provider.No
controlPlaneReady
bool
controlPlaneReady denotes if the control plane became ready during initial provisioning to receive requests. NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning. The value of this field is never updated after provisioning is completed. Please use conditions to check the operational state of the control plane.No
conditions
Conditions
conditions defines current service state of the cluster.No
observedGeneration
int64
observedGeneration is the latest generation observed by the controller.No
v1beta2
ClusterV1Beta2Status
v1beta2 groups all the fields that will be added or modified in Cluster's status with the V1Beta2 version.No

MachineDeploymentSpec

MachineDeploymentSpec defines the desired state of MachineDeployment.

Appears in: MachineDeployment

FieldDescriptionRequired
clusterName
string
clusterName is the name of the Cluster this object belongs to.

Validation: Minimum length: 1
Maximum length: 63

Yes
replicas
int32
replicas is the number of desired machines. This is a pointer to distinguish between explicit zero and not specified.

Defaults to: * if the Kubernetes autoscaler min size and max size annotations are set:
  • if it's a new MachineDeployment, use min size
  • if the replicas field of the old MachineDeployment is < min size, use min size
  • if the replicas field of the old MachineDeployment is > max size, use max size
  • if the replicas field of the old MachineDeployment is in the (min size, max size) range, keep the value from the oldMD
* otherwise use 1 Note: Defaulting will be run whenever the replicas field is not set: * A new MachineDeployment is created with replicas not set. * On an existing MachineDeployment the replicas field was first set and is now unset. Those cases are especially relevant for the following Kubernetes autoscaler use cases: * A new MachineDeployment is created and replicas should be managed by the autoscaler * An existing MachineDeployment which initially wasn't controlled by the autoscaler should be later controlled by the autoscaler
No
rolloutAfter
Time
rolloutAfter is a field to indicate a rollout should be performed after the specified time even if no changes have been made to the MachineDeployment. Example: In the YAML the time can be specified in the RFC3339 format. To specify the rolloutAfter target as March 9, 2023, at 9 am UTC use "2023-03-09T09:00:00Z".No
selector
LabelSelector
selector is the label selector for machines. Existing MachineSets whose machines are selected by this will be the ones affected by this deployment. It must match the machine template's labels.Yes
template
MachineTemplateSpec
template describes the machines that will be created.Yes
strategy
MachineDeploymentStrategy
strategy is the deployment strategy to use to replace existing machines with new ones.No
machineNamingStrategy
MachineNamingStrategy
machineNamingStrategy allows changing the naming pattern used when creating Machines. Note: InfraMachines & BootstrapConfigs will use the same name as the corresponding Machines.No
minReadySeconds
int32
minReadySeconds is the minimum number of seconds for which a Node for a newly created machine should be ready before considering the replica available. Defaults to 0 (machine will be considered available as soon as the Node is ready)No
revisionHistoryLimit
int32
revisionHistoryLimit is the number of old MachineSets to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1.

Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/10479 for more details.
No
paused
bool
paused indicates that the deployment is paused.No
progressDeadlineSeconds
int32
progressDeadlineSeconds is the maximum time in seconds for a deployment to make progress before it is considered to be failed. The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status. Note that progress will not be estimated during the time a deployment is paused. Defaults to 600s.

Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/11470 for more details.
No

MachineDeploymentStatus

MachineDeploymentStatus defines the observed state of MachineDeployment.

Appears in: MachineDeployment

FieldDescriptionRequired
observedGeneration
int64
observedGeneration is the generation observed by the deployment controller.No
selector
string
selector is the same as the label selector but in the string format to avoid introspection by clients. The string will be in the same format as the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors

Validation: Minimum length: 1
Maximum length: 4096

No
replicas
int32
replicas is the total number of non-terminated machines targeted by this deployment (their labels match the selector).No
updatedReplicas
int32
updatedReplicas is the total number of non-terminated machines targeted by this deployment that have the desired template spec.No
readyReplicas
int32
readyReplicas is the total number of ready machines targeted by this deployment.No
availableReplicas
int32
availableReplicas is the total number of available machines (ready for at least minReadySeconds) targeted by this deployment.No
unavailableReplicas
int32
unavailableReplicas is the total number of unavailable machines targeted by this deployment. This is the total number of machines that are still required for the deployment to have 100% available capacity. They may either be machines that are running but not yet available or machines that still have not been created.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
No
phase
string
phase represents the current phase of a MachineDeployment (ScalingUp, ScalingDown, Running, Failed, or Unknown).

Validation: Allowed values: ScalingUp, ScalingDown, Running, Failed, Unknown

No
conditions
Conditions
conditions defines current service state of the MachineDeployment.No
v1beta2
MachineDeploymentV1Beta2Status
v1beta2 groups all the fields that will be added or modified in MachineDeployment's status with the V1Beta2 version.No

MachineDrainRuleSpec

MachineDrainRuleSpec defines the spec of a MachineDrainRule.

Appears in: MachineDrainRule

FieldDescriptionRequired
drain
MachineDrainRuleDrainConfig
drain configures if and how Pods are drained.Yes
machines
[]MachineDrainRuleMachineSelector
machines defines to which Machines this MachineDrainRule should be applied.

If machines is not set, the MachineDrainRule applies to all Machines in the Namespace. If machines contains multiple selectors, the results are ORed. Within a single Machine selector the results of selector and clusterSelector are ANDed. Machines will be selected from all Clusters in the Namespace unless otherwise restricted with the clusterSelector.

Example: Selects control plane Machines in all Clusters or Machines with label "os" == "linux" in Clusters with label "stage" == "production".

  • selector:
matchExpressions:
  • key: cluster.x-k8s.io/control-plane
operator: Exists
  • selector:
matchLabels: os: linux clusterSelector: matchExpressions:
  • key: stage
operator: In values:
  • production

Validation: Minimum items: 1
Maximum items: 32
entries in machines must be unique

No
pods
[]MachineDrainRulePodSelector
pods defines to which Pods this MachineDrainRule should be applied.

If pods is not set, the MachineDrainRule applies to all Pods in all Namespaces. If pods contains multiple selectors, the results are ORed. Within a single Pod selector the results of selector and namespaceSelector are ANDed. Pods will be selected from all Namespaces unless otherwise restricted with the namespaceSelector.

Example: Selects Pods with label "app" == "logging" in all Namespaces or Pods with label "app" == "prometheus" in the "monitoring" Namespace.

  • selector:
matchExpressions:
  • key: app
operator: In values:
  • logging
  • selector:
matchLabels: app: prometheus namespaceSelector: matchLabels: kubernetes.io/metadata.name: monitoring

Validation: Minimum items: 1
Maximum items: 32
entries in pods must be unique

No

MachineHealthCheckSpec

MachineHealthCheckSpec defines the desired state of MachineHealthCheck.

Appears in: MachineHealthCheck

FieldDescriptionRequired
clusterName
string
clusterName is the name of the Cluster this object belongs to.

Validation: Minimum length: 1
Maximum length: 63

Yes
selector
LabelSelector
selector is a label selector to match machines whose health will be exercisedYes
unhealthyConditions
[]UnhealthyCondition
unhealthyConditions contains a list of the conditions that determine whether a node is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy.

Validation: Maximum items: 100

No
unhealthyMachineConditions
[]UnhealthyMachineCondition
unhealthyMachineConditions contains a list of the machine conditions that determine whether a machine is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the machine is unhealthy.

Validation: Maximum items: 100
Minimum items: 1

No
maxUnhealthy
IntOrString
maxUnhealthy specifies the maximum number of unhealthy machines allowed. Any further remediation is only allowed if at most "maxUnhealthy" machines selected by "selector" are not healthy.

Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/10722 for more details.
No
unhealthyRange
string
unhealthyRange specifies the range of unhealthy machines allowed. Any further remediation is only allowed if the number of machines selected by "selector" as not healthy is within the range of "unhealthyRange". Takes precedence over maxUnhealthy. Eg. "[3-5]" - This means that remediation will be allowed only when: (a) there are at least 3 unhealthy machines (and) (b) there are at most 5 unhealthy machines

Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/10722 for more details.

Validation: Minimum length: 1
Maximum length: 32
Pattern: ^\[[0-9]+-[0-9]+\]$

No
nodeStartupTimeout
Duration
nodeStartupTimeout allows to set the maximum time for MachineHealthCheck to consider a Machine unhealthy if a corresponding Node isn't associated through a Spec.ProviderID field.

The duration set in this field is compared to the greatest of:
  • Cluster's infrastructure ready condition timestamp (if and when available)
  • Control Plane's initialized condition timestamp (if and when available)
  • Machine's infrastructure ready condition timestamp (if and when available)
  • Machine's metadata creation timestamp


Defaults to 10 minutes. If you wish to disable this feature, set the value explicitly to 0.
No
remediationTemplate
ObjectReference
remediationTemplate is a reference to a remediation template provided by an infrastructure provider.

This field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Cluster API.
No

MachineHealthCheckStatus

MachineHealthCheckStatus defines the observed state of MachineHealthCheck.

Appears in: MachineHealthCheck

FieldDescriptionRequired
expectedMachines
int32
expectedMachines is the total number of machines counted by this machine health check

Validation: Minimum: 0

No
currentHealthy
int32
currentHealthy is the total number of healthy machines counted by this machine health check

Validation: Minimum: 0

No
remediationsAllowed
int32
remediationsAllowed is the number of further remediations allowed by this machine health check before maxUnhealthy short circuiting will be applied

Validation: Minimum: 0

No
observedGeneration
int64
observedGeneration is the latest generation observed by the controller.No
targets
[]string
targets shows the current list of machines the machine health check is watching

Validation: Maximum items: 10000
items:MinLength: 1
items:MaxLength: 253

No
conditions
Conditions
conditions defines current service state of the MachineHealthCheck.No
v1beta2
MachineHealthCheckV1Beta2Status
v1beta2 groups all the fields that will be added or modified in MachineHealthCheck's status with the V1Beta2 version.No

MachineSetSpec

MachineSetSpec defines the desired state of MachineSet.

Appears in: MachineSet

FieldDescriptionRequired
clusterName
string
clusterName is the name of the Cluster this object belongs to.

Validation: Minimum length: 1
Maximum length: 63

Yes
replicas
int32
replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified.

Defaults to: * if the Kubernetes autoscaler min size and max size annotations are set:
  • if it's a new MachineSet, use min size
  • if the replicas field of the old MachineSet is < min size, use min size
  • if the replicas field of the old MachineSet is > max size, use max size
  • if the replicas field of the old MachineSet is in the (min size, max size) range, keep the value from the oldMS
* otherwise use 1 Note: Defaulting will be run whenever the replicas field is not set: * A new MachineSet is created with replicas not set. * On an existing MachineSet the replicas field was first set and is now unset. Those cases are especially relevant for the following Kubernetes autoscaler use cases: * A new MachineSet is created and replicas should be managed by the autoscaler * An existing MachineSet which initially wasn't controlled by the autoscaler should be later controlled by the autoscaler
No
minReadySeconds
int32
minReadySeconds is the minimum number of seconds for which a Node for a newly created machine should be ready before considering the replica available. Defaults to 0 (machine will be considered available as soon as the Node is ready)No
deletePolicy
string
deletePolicy defines the policy used to identify nodes to delete when downscaling. Defaults to "Random". Valid values are "Random, "Newest", "Oldest"

Validation: Allowed values: Random, Newest, Oldest

No
selector
LabelSelector
selector is a label query over machines that should match the replica count. Label keys and values that must match in order to be controlled by this MachineSet. It must match the machine template's labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectorsYes
template
MachineTemplateSpec
template is the object that describes the machine that will be created if insufficient replicas are detected. Object references to custom resources are treated as templates.No
machineNamingStrategy
MachineNamingStrategy
machineNamingStrategy allows changing the naming pattern used when creating Machines. Note: InfraMachines & BootstrapConfigs will use the same name as the corresponding Machines.No

MachineSetStatus

MachineSetStatus defines the observed state of MachineSet.

Appears in: MachineSet

FieldDescriptionRequired
selector
string
selector is the same as the label selector but in the string format to avoid introspection by clients. The string will be in the same format as the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors

Validation: Minimum length: 1
Maximum length: 4096

No
replicas
int32
replicas is the most recently observed number of replicas.No
fullyLabeledReplicas
int32
fullyLabeledReplicas is the number of replicas that have labels matching the labels of the machine template of the MachineSet.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
No
readyReplicas
int32
readyReplicas is the number of ready replicas for this MachineSet. A machine is considered ready when the node has been created and is "Ready".No
availableReplicas
int32
availableReplicas is the number of available replicas (ready for at least minReadySeconds) for this MachineSet.No
observedGeneration
int64
observedGeneration reflects the generation of the most recently observed MachineSet.No
failureReason
MachineSetStatusError
failureReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation.

In the event that there is a terminal problem reconciling the replicas, both FailureReason and FailureMessage will be set. FailureReason will be populated with a succinct value suitable for machine interpretation, while FailureMessage will contain a more verbose string suitable for logging and human consumption.

These fields should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the MachineTemplate's spec or the configuration of the machine controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the machine controller, or the responsible machine controller itself being critically misconfigured.

Any transient errors that occur during the reconciliation of Machines can be added as events to the MachineSet object and/or logged in the controller's output.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
No
failureMessage
string
failureMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.

Validation: Minimum length: 1
Maximum length: 10240

No
conditions
Conditions
conditions defines current service state of the MachineSet.No
v1beta2
MachineSetV1Beta2Status
v1beta2 groups all the fields that will be added or modified in MachineSet's status with the V1Beta2 version.No

MachineSpec

MachineSpec defines the desired state of Machine.

Appears in: Machine, MachineTemplateSpec

FieldDescriptionRequired
clusterName
string
clusterName is the name of the Cluster this object belongs to.

Validation: Minimum length: 1
Maximum length: 63

Yes
bootstrap
Bootstrap
bootstrap is a reference to a local struct which encapsulates fields to configure the Machine’s bootstrapping mechanism.Yes
infrastructureRef
ObjectReference
infrastructureRef is a required reference to a custom resource offered by an infrastructure provider.Yes
version
string
version defines the desired Kubernetes version. This field is meant to be optionally used by bootstrap providers.

Validation: Minimum length: 1
Maximum length: 256

No
providerID
string
providerID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a generic out-of-tree provider for autoscaler, this field is required by autoscaler to be able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver and then a comparison is done to find out unregistered machines and are marked for delete. This field will be set by the actuators and consumed by higher level entities like autoscaler that will be interfacing with cluster-api as generic provider.

Validation: Minimum length: 1
Maximum length: 512

No
failureDomain
string
failureDomain is the failure domain the machine will be created in. Must match a key in the FailureDomains map stored on the cluster object.

Validation: Minimum length: 1
Maximum length: 256

No
readinessGates
[]MachineReadinessGate
readinessGates specifies additional conditions to include when evaluating Machine Ready condition.

This field can be used e.g. by Cluster API control plane providers to extend the semantic of the Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc.

Another example are external controllers, e.g. responsible to install special software/hardware on the Machines; they can include the status of those components with a new condition and add this condition to ReadinessGates.

NOTE: This field is considered only for computing v1beta2 conditions. NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those readiness gates condition are reporting the same message, when computing the Machine's Ready condition those readinessGates will be replaced by a single entry reporting "Control plane components: " + message. This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster).

Validation: Maximum items: 32

No
nodeDrainTimeout
Duration
nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from kubectl drain --timeoutNo
nodeVolumeDetachTimeout
Duration
nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.No
nodeDeletionTimeout
Duration
nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. Defaults to 10 seconds.No
taints
[]MachineTaint
taints are the node taints that Cluster API will manage. This list is not necessarily complete: other Kubernetes components may add or remove other taints from nodes, e.g. the node controller might add the node.kubernetes.io/not-ready taint. Only those taints defined in this list will be added or removed by core Cluster API controllers.

There can be at most 64 taints. A pod would have to tolerate all existing taints to run on the corresponding node.

NOTE: This list is implemented as a "map" type, meaning that individual elements can be managed by different owners.

Validation: Minimum items: 1
Maximum items: 64

No

MachineStatus

MachineStatus defines the observed state of Machine.

Appears in: Machine

FieldDescriptionRequired
nodeRef
ObjectReference
nodeRef will point to the corresponding Node if it exists.No
nodeInfo
NodeSystemInfo
nodeInfo is a set of ids/uuids to uniquely identify the node. More info: https://kubernetes.io/docs/concepts/nodes/node/#infoNo
lastUpdated
Time
lastUpdated identifies when the phase of the Machine last transitioned.No
failureReason
MachineStatusError
failureReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation.

This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured.

Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
No
failureMessage
string
failureMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption.

This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured.

Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.

Validation: Minimum length: 1
Maximum length: 10240

No
addresses
MachineAddresses
addresses is a list of addresses assigned to the machine. This field is copied from the infrastructure provider reference.No
phase
string
phase represents the current phase of machine actuation.

Validation: Allowed values: Pending, Provisioning, Provisioned, Running, Deleting, Deleted, Failed, Unknown

No
certificatesExpiryDate
Time
certificatesExpiryDate is the expiry date of the machine certificates. This value is only set for control plane machines.No
bootstrapReady
bool
bootstrapReady is the state of the bootstrap provider.No
infrastructureReady
bool
infrastructureReady is the state of the infrastructure provider.No
observedGeneration
int64
observedGeneration is the latest generation observed by the controller.No
conditions
Conditions
conditions defines current service state of the Machine.No
deletion
MachineDeletionStatus
deletion contains information relating to removal of the Machine. Only present when the Machine has a deletionTimestamp and drain or wait for volume detach started.No
v1beta2
MachineV1Beta2Status
v1beta2 groups all the fields that will be added or modified in Machine's status with the V1Beta2 version.No

ObjectMeta

ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. This is a copy of customizable fields from metav1.ObjectMeta.

ObjectMeta is embedded in Machine.Spec, MachineDeployment.Template and MachineSet.Template, which are not top-level Kubernetes objects. Given that metav1.ObjectMeta has lots of special cases and read-only fields which end up in the generated CRD validation, having it as a subset simplifies the API and some issues that can impact user experience.

During the upgrade to controller-tools@v2 for v1alpha2, we noticed a failure would occur running Cluster API test suite against the new CRDs, specifically spec.metadata.creationTimestamp in body must be of type string: "null". The investigation showed that controller-tools@v2 behaves differently than its previous version when handling types from metav1 package.

In more details, we found that embedded (non-top level) types that embedded metav1.ObjectMeta had validation properties, including for creationTimestamp (metav1.Time). The metav1.Time type specifies a custom json marshaller that, when IsZero() is true, returns null which breaks validation because the field isn't marked as nullable.

In future versions, controller-tools@v2 might allow overriding the type and validation for embedded types. When that happens, this hack should be revisited.

Appears in: Cluster, ClusterClass, ControlPlaneClass, ControlPlaneTopology, Machine, MachineDeployment, MachineDeploymentClassTemplate, MachineDeploymentTopology, MachineDrainRule, MachineHealthCheck, MachineSet, MachineTemplateSpec

FieldDescriptionRequired
labels
map[string]string
labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labelsNo
annotations
map[string]string
annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotationsNo

APIEndpoint

APIEndpoint represents a reachable Kubernetes API endpoint.

Appears in: ClusterSpec

FieldDescriptionRequired
host
string
host is the hostname on which the API server is serving. TODO: Can't set MinLength=1 for now, because this struct is not always used in pointer fields so today we have cases where host is set to an empty string.

Validation: Maximum length: 512

No
port
int32
port is the port on which the API server is serving.No

Bootstrap

Bootstrap encapsulates fields to configure the Machine’s bootstrapping mechanism.

Appears in: MachineSpec

FieldDescriptionRequired
configRef
ObjectReference
configRef is a reference to a bootstrap provider-specific resource that holds configuration details. The reference is optional to allow users/operators to specify Bootstrap.DataSecretName without the need of a controller.No
dataSecretName
string
dataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine should remain in the Pending state.

Validation: Minimum length: 0
Maximum length: 253

No

ClusterAvailabilityGate

ClusterAvailabilityGate contains the type of a Cluster condition to be used as availability gate.

Appears in: ClusterClassSpec, ClusterSpec

FieldDescriptionRequired
conditionType
string
conditionType refers to a condition with matching type in the Cluster's condition list. If the conditions doesn't exist, it will be treated as unknown. Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as availability gates.

Validation: Pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
Minimum length: 1
Maximum length: 316

Yes
polarity
ConditionPolarity
polarity of the conditionType specified in this availabilityGate. Valid values are Positive, Negative and omitted. When omitted, the default behaviour will be Positive. A positive polarity means that the condition should report a true status under normal conditions. A negative polarity means that the condition should report a false status under normal conditions.

Validation: Allowed values: Positive, Negative

No

ClusterClassPatch

ClusterClassPatch defines a patch which is applied to customize the referenced templates.

Appears in: ClusterClassSpec

FieldDescriptionRequired
name
string
name of the patch.

Validation: Minimum length: 1
Maximum length: 256

Yes
description
string
description is a human-readable description of this patch.

Validation: Minimum length: 1
Maximum length: 1024

No
enabledIf
string
enabledIf is a Go template to be used to calculate if a patch should be enabled. It can reference variables defined in .spec.variables and builtin variables. The patch will be enabled if the template evaluates to true, otherwise it will be disabled. If EnabledIf is not set, the patch will be enabled per default.

Validation: Minimum length: 1
Maximum length: 256

No
definitions
[]PatchDefinition
definitions define inline patches. Note: Patches will be applied in the order of the array. Note: Exactly one of Definitions or External must be set.

Validation: Maximum items: 100

No
external
ExternalPatchDefinition
external defines an external patch. Note: Exactly one of Definitions or External must be set.No

ClusterClassStatusVariable

ClusterClassStatusVariable defines a variable which appears in the status of a ClusterClass.

Appears in: ClusterClassStatus

FieldDescriptionRequired
name
string
name is the name of the variable.

Validation: Maximum length: 256
Minimum length: 1

Yes
definitionsConflict
bool
definitionsConflict specifies whether or not there are conflicting definitions for a single variable name.No
definitions
[]ClusterClassStatusVariableDefinition
definitions is a list of definitions for a variable.

Validation: Maximum items: 100

Yes

ClusterClassUpgrade

ClusterClassUpgrade defines the upgrade configuration for clusters using the ClusterClass.

Appears in: ClusterClassSpec

FieldDescriptionRequired
external
ClusterClassUpgradeExternal
external defines external runtime extensions for upgrade operations.No

ClusterClassV1Beta2Status

ClusterClassV1Beta2Status groups all the fields that will be added or modified in ClusterClass with the V1Beta2 version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.

Appears in: ClusterClassStatus

FieldDescriptionRequired
conditions
[]Condition
conditions represents the observations of a ClusterClass's current state. Known condition types are VariablesReady, RefVersionsUpToDate, Paused.

Validation: Maximum items: 32

No

ClusterClassVariable

ClusterClassVariable defines a variable which can be configured in the Cluster topology and used in patches.

Appears in: ClusterClassSpec

FieldDescriptionRequired
name
string
name of the variable.

Validation: Minimum length: 1
Maximum length: 256

Yes
required
bool
required specifies if the variable is required. Note: this applies to the variable as a whole and thus the top-level object defined in the schema. If nested fields are required, this will be specified inside the schema.Yes
metadata
ClusterClassVariableMetadata
metadata is the metadata of a variable. It can be used to add additional data for higher level tools to a ClusterClassVariable.

Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please use XMetadata in JSONSchemaProps instead.
No
schema
VariableSchema
schema defines the schema of the variable.Yes

ClusterNetwork

ClusterNetwork specifies the different networking parameters for a cluster.

Appears in: ClusterSpec

FieldDescriptionRequired
apiServerPort
int32
apiServerPort specifies the port the API Server should bind to. Defaults to 6443.No
services
NetworkRanges
services is the network ranges from which service VIPs are allocated.No
pods
NetworkRanges
pods is the network ranges from which Pod networks are allocated.No
serviceDomain
string
serviceDomain is the domain name for services.

Validation: Minimum length: 1
Maximum length: 253

No

ClusterV1Beta2Status

ClusterV1Beta2Status groups all the fields that will be added or modified in Cluster with the V1Beta2 version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.

Appears in: ClusterStatus

FieldDescriptionRequired
conditions
[]Condition
conditions represents the observations of a Cluster's current state. Known condition types are Available, InfrastructureReady, ControlPlaneInitialized, ControlPlaneAvailable, WorkersAvailable, MachinesReady MachinesUpToDate, RemoteConnectionProbe, ScalingUp, ScalingDown, Remediating, Deleting, Paused. Additionally, a TopologyReconciled condition will be added in case the Cluster is referencing a ClusterClass / defining a managed Topology.

Validation: Maximum items: 32

No
controlPlane
ClusterControlPlaneStatus
controlPlane groups all the observations about Cluster's ControlPlane current state.No
workers
WorkersStatus
workers groups all the observations about Cluster's Workers current state.No

Conditions

Conditions provide observations of the operational state of a Cluster API resource.

Appears in: ClusterClassStatus, ClusterStatus, MachineDeploymentStatus, MachineHealthCheckStatus, MachineSetStatus, MachineStatus

ControlPlaneClass

ControlPlaneClass defines the class for the control plane.

Appears in: ClusterClassSpec

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane if the ControlPlaneTemplate referenced is machine based. If not, it is applied only to the ControlPlane. At runtime this metadata is merged with the corresponding metadata from the topology.

This field is supported if and only if the control plane provider template referenced is Machine based.
No
machineInfrastructure
LocalObjectTemplate
machineInfrastructure defines the metadata and infrastructure information for control plane machines.

This field is supported if and only if the control plane provider template referenced above is Machine based and supports setting replicas.
No
machineHealthCheck
MachineHealthCheckClass
machineHealthCheck defines a MachineHealthCheck for this ControlPlaneClass. This field is supported if and only if the ControlPlane provider template referenced above is Machine based and supports setting replicas.No
namingStrategy
ControlPlaneClassNamingStrategy
namingStrategy allows changing the naming pattern used when creating the control plane provider object.No
nodeDrainTimeout
Duration
nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from kubectl drain --timeout NOTE: This value can be overridden while defining a Cluster.Topology.No
nodeVolumeDetachTimeout
Duration
nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. NOTE: This value can be overridden while defining a Cluster.Topology.No
nodeDeletionTimeout
Duration
nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. Defaults to 10 seconds. NOTE: This value can be overridden while defining a Cluster.Topology.No
taints
[]MachineTaint
taints are the node taints that Cluster API will manage. This list is not necessarily complete: other Kubernetes components may add or remove other taints from nodes, e.g. the node controller might add the node.kubernetes.io/not-ready taint. Only those taints defined in this list will be added or removed by core Cluster API controllers.

There can be at most 64 taints. A pod would have to tolerate all existing taints to run on the corresponding node.

NOTE: This list is implemented as a "map" type, meaning that individual elements can be managed by different owners.

Validation: Minimum items: 1
Maximum items: 64

No
readinessGates
[]MachineReadinessGate
readinessGates specifies additional conditions to include when evaluating Machine Ready condition.

This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine.

NOTE: This field is considered only for computing v1beta2 conditions. NOTE: If a Cluster defines a custom list of readinessGates for the control plane, such list overrides readinessGates defined in this field. NOTE: Specific control plane provider implementations might automatically extend the list of readinessGates; e.g. the kubeadm control provider adds ReadinessGates for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc.

Validation: Maximum items: 32

No

FailureDomains

FailureDomains is a slice of FailureDomains.

Appears in: ClusterStatus

InfrastructureNamingStrategy

InfrastructureNamingStrategy defines the naming strategy for infrastructure objects.

Appears in: ClusterClassSpec

FieldDescriptionRequired
template
string
template defines the template to use for generating the name of the Infrastructure object. If not defined, it will fallback to {{ .cluster.name }}-{{ .random }}. If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will get concatenated with a random suffix of length 5. The templating mechanism provides the following arguments: * .cluster.name: The name of the cluster object. * .random: A random alphanumeric string, without vowels, of length 5.

Validation: Minimum length: 1
Maximum length: 1024

No

LocalObjectTemplate

LocalObjectTemplate defines a template for a topology Class.

Appears in: ClusterClassSpec, ControlPlaneClass, MachineDeploymentClassTemplate

FieldDescriptionRequired
ref
ObjectReference
ref is a required reference to a custom resource offered by a provider.Yes

MachineAddresses

MachineAddresses is a slice of MachineAddress items to be used by infrastructure providers.

Appears in: MachineStatus

MachineDeletionStatus

MachineDeletionStatus is the deletion state of the Machine.

Appears in: MachineStatus

FieldDescriptionRequired
nodeDrainStartTime
Time
nodeDrainStartTime is the time when the drain of the node started and is used to determine if the NodeDrainTimeout is exceeded. Only present when the Machine has a deletionTimestamp and draining the node had been started.No
waitForNodeVolumeDetachStartTime
Time
waitForNodeVolumeDetachStartTime is the time when waiting for volume detachment started and is used to determine if the NodeVolumeDetachTimeout is exceeded. Detaching volumes from nodes is usually done by CSI implementations and the current state is observed from the node's .Status.VolumesAttached field. Only present when the Machine has a deletionTimestamp and waiting for volume detachments had been started.No

MachineDeploymentStrategy

MachineDeploymentStrategy describes how to replace existing machines with new ones.

Appears in: MachineDeploymentClass, MachineDeploymentSpec, MachineDeploymentTopology

FieldDescriptionRequired
type
MachineDeploymentStrategyType
type of deployment. Allowed values are RollingUpdate and OnDelete. The default is RollingUpdate.

Validation: Allowed values: RollingUpdate, OnDelete

No
rollingUpdate
MachineRollingUpdateDeployment
rollingUpdate is the rolling update config params. Present only if MachineDeploymentStrategyType = RollingUpdate.No
remediation
RemediationStrategy
remediation controls the strategy of remediating unhealthy machines and how remediating operations should occur during the lifecycle of the dependant MachineSets.No

MachineDeploymentV1Beta2Status

MachineDeploymentV1Beta2Status groups all the fields that will be added or modified in MachineDeployment with the V1Beta2 version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.

Appears in: MachineDeploymentStatus

FieldDescriptionRequired
conditions
[]Condition
conditions represents the observations of a MachineDeployment's current state. Known condition types are Available, MachinesReady, MachinesUpToDate, ScalingUp, ScalingDown, Remediating, Deleting, Paused.

Validation: Maximum items: 32

No
readyReplicas
int32
readyReplicas is the number of ready replicas for this MachineDeployment. A machine is considered ready when Machine's Ready condition is true.No
availableReplicas
int32
availableReplicas is the number of available replicas for this MachineDeployment. A machine is considered available when Machine's Available condition is true.No
upToDateReplicas
int32
upToDateReplicas is the number of up-to-date replicas targeted by this deployment. A machine is considered up-to-date when Machine's UpToDate condition is true.No

MachineDrainRuleDrainConfig

MachineDrainRuleDrainConfig configures if and how Pods are drained.

Appears in: MachineDrainRuleSpec

FieldDescriptionRequired
behavior
MachineDrainRuleDrainBehavior
behavior defines the drain behavior. Can be either "Drain", "Skip", or "WaitCompleted". "Drain" means that the Pods to which this MachineDrainRule applies will be drained. If behavior is set to "Drain" the order in which Pods are drained can be configured with the order field. When draining Pods of a Node the Pods will be grouped by order and one group after another will be drained (by increasing order). Cluster API will wait until all Pods of a group are terminated / removed from the Node before starting with the next group. "Skip" means that the Pods to which this MachineDrainRule applies will be skipped during drain. "WaitCompleted" means that the pods to which this MachineDrainRule applies will never be evicted and we wait for them to be completed, it is enforced that pods marked with this behavior always have Order=0.Yes
order
int32
order defines the order in which Pods are drained. Pods with higher order are drained after Pods with lower order. order can only be set if behavior is set to "Drain". If order is not set, 0 will be used. Valid values for order are from -2147483648 to 2147483647 (inclusive).No

MachineDrainRuleMachineSelector

MachineDrainRuleMachineSelector defines to which Machines this MachineDrainRule should be applied.

Appears in: MachineDrainRuleSpec

FieldDescriptionRequired
selector
LabelSelector
selector is a label selector which selects Machines by their labels. This field follows standard label selector semantics; if not present or empty, it selects all Machines.

If clusterSelector is also set, then the selector as a whole selects Machines matching selector belonging to Clusters selected by clusterSelector. If clusterSelector is not set, it selects all Machines matching selector in all Clusters.
No
clusterSelector
LabelSelector
clusterSelector is a label selector which selects Machines by the labels of their Clusters. This field follows standard label selector semantics; if not present or empty, it selects Machines of all Clusters.

If selector is also set, then the selector as a whole selects Machines matching selector belonging to Clusters selected by clusterSelector. If selector is not set, it selects all Machines belonging to Clusters selected by clusterSelector.
No

MachineDrainRulePodSelector

MachineDrainRulePodSelector defines to which Pods this MachineDrainRule should be applied.

Appears in: MachineDrainRuleSpec

FieldDescriptionRequired
selector
LabelSelector
selector is a label selector which selects Pods by their labels. This field follows standard label selector semantics; if not present or empty, it selects all Pods.

If namespaceSelector is also set, then the selector as a whole selects Pods matching selector in Namespaces selected by namespaceSelector. If namespaceSelector is not set, it selects all Pods matching selector in all Namespaces.
No
namespaceSelector
LabelSelector
namespaceSelector is a label selector which selects Pods by the labels of their Namespaces. This field follows standard label selector semantics; if not present or empty, it selects Pods of all Namespaces.

If selector is also set, then the selector as a whole selects Pods matching selector in Namespaces selected by namespaceSelector. If selector is not set, it selects all Pods in Namespaces selected by namespaceSelector.
No

MachineHealthCheckV1Beta2Status

MachineHealthCheckV1Beta2Status groups all the fields that will be added or modified in MachineHealthCheck with the V1Beta2 version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.

Appears in: MachineHealthCheckStatus

FieldDescriptionRequired
conditions
[]Condition
conditions represents the observations of a MachineHealthCheck's current state. Known condition types are RemediationAllowed, Paused.

Validation: Maximum items: 32

No

MachineNamingStrategy

MachineNamingStrategy allows changing the naming pattern used when creating Machines. Note: InfraMachines & BootstrapConfigs will use the same name as the corresponding Machines.

Appears in: MachineDeploymentSpec, MachineSetSpec

FieldDescriptionRequired
template
string
template defines the template to use for generating the names of the Machine objects. If not defined, it will fallback to {{ .machineSet.name }}-{{ .random }}. If the generated name string exceeds 63 characters, it will be trimmed to 58 characters and will get concatenated with a random suffix of length 5. Length of the template string must not exceed 256 characters. The template allows the following variables .cluster.name, .machineSet.name and .random. The variable .cluster.name retrieves the name of the cluster object that owns the Machines being created. The variable .machineSet.name retrieves the name of the MachineSet object that owns the Machines being created. The variable .random is substituted with random alphanumeric string, without vowels, of length 5. This variable is required part of the template. If not provided, validation will fail.

Validation: Minimum length: 1
Maximum length: 256

No

MachineReadinessGate

MachineReadinessGate contains the type of a Machine condition to be used as a readiness gate.

Appears in: ControlPlaneClass, ControlPlaneTopology, MachineDeploymentClass, MachineDeploymentTopology, MachineSpec

FieldDescriptionRequired
conditionType
string
conditionType refers to a condition with matching type in the Machine's condition list. If the conditions doesn't exist, it will be treated as unknown. Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates.

Validation: Maximum length: 316
Pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
Minimum length: 1

Yes
polarity
ConditionPolarity
polarity of the conditionType specified in this readinessGate. Valid values are Positive, Negative and omitted. When omitted, the default behaviour will be Positive. A positive polarity means that the condition should report a true status under normal conditions. A negative polarity means that the condition should report a false status under normal conditions.

Validation: Allowed values: Positive, Negative

No

MachineSetV1Beta2Status

MachineSetV1Beta2Status groups all the fields that will be added or modified in MachineSetStatus with the V1Beta2 version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.

Appears in: MachineSetStatus

FieldDescriptionRequired
conditions
[]Condition
conditions represents the observations of a MachineSet's current state. Known condition types are MachinesReady, MachinesUpToDate, ScalingUp, ScalingDown, Remediating, Deleting, Paused.

Validation: Maximum items: 32

No
readyReplicas
int32
readyReplicas is the number of ready replicas for this MachineSet. A machine is considered ready when Machine's Ready condition is true.No
availableReplicas
int32
availableReplicas is the number of available replicas for this MachineSet. A machine is considered available when Machine's Available condition is true.No
upToDateReplicas
int32
upToDateReplicas is the number of up-to-date replicas for this MachineSet. A machine is considered up-to-date when Machine's UpToDate condition is true.No

MachineTaint

MachineTaint defines a taint equivalent to corev1.Taint, but additionally having a propagation field.

Appears in: ControlPlaneClass, ControlPlaneTopology, MachineDeploymentClass, MachineDeploymentTopology, MachineSpec

FieldDescriptionRequired
key
string
key is the taint key to be applied to a node. Must be a valid qualified name of maximum size 63 characters with an optional subdomain prefix of maximum size 253 characters, separated by a /.

Validation: Pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/)?([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]$
Minimum length: 1
Maximum length: 317

No
value
string
value is the taint value corresponding to the taint key. It must be a valid label value of maximum size 63 characters.

Validation: Maximum length: 63
Pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$
Minimum length: 1

No
effect
TaintEffect
effect is the effect for the taint. Valid values are NoSchedule, PreferNoSchedule and NoExecute.

Validation: Allowed values: NoSchedule, PreferNoSchedule, NoExecute

No
propagation
MachineTaintPropagation
propagation defines how this taint should be propagated to nodes. Valid values are 'Always' and 'OnInitialization'. Always: The taint will be continuously reconciled. If it is not set for a node, it will be added during reconciliation. OnInitialization: The taint will be added during node initialization. If it gets removed from the node later on it will not get added again.No

MachineTemplateSpec

MachineTemplateSpec describes the data needed to create a Machine from a template.

Appears in: MachineDeploymentSpec, MachineSetSpec

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
MachineSpec
spec is the specification of the desired behavior of the machine. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusNo

MachineV1Beta2Status

MachineV1Beta2Status groups all the fields that will be added or modified in MachineStatus with the V1Beta2 version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.

Appears in: MachineStatus

FieldDescriptionRequired
conditions
[]Condition
conditions represents the observations of a Machine's current state. Known condition types are Available, Ready, UpToDate, BootstrapConfigReady, InfrastructureReady, NodeReady, NodeHealthy, Deleting, Paused. If a MachineHealthCheck is targeting this machine, also HealthCheckSucceeded, OwnerRemediated conditions are added. Additionally control plane Machines controlled by KubeadmControlPlane will have following additional conditions: APIServerPodHealthy, ControllerManagerPodHealthy, SchedulerPodHealthy, EtcdPodHealthy, EtcdMemberHealthy.

Validation: Maximum items: 32

No

Topology

Topology encapsulates the information of the managed resources.

Appears in: ClusterSpec

FieldDescriptionRequired
class
string
class is the name of the ClusterClass object to create the topology.

Validation: Minimum length: 1
Maximum length: 253

Yes
classNamespace
string
classNamespace is the namespace of the ClusterClass that should be used for the topology. If classNamespace is empty or not set, it is defaulted to the namespace of the Cluster object. classNamespace must be a valid namespace name and because of that be at most 63 characters in length and it must consist only of lower case alphanumeric characters or hyphens (-), and must start and end with an alphanumeric character.

Validation: Minimum length: 1
Maximum length: 63
Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$

No
version
string
version is the Kubernetes version of the cluster.

Validation: Minimum length: 1
Maximum length: 256

Yes
rolloutAfter
Time
rolloutAfter performs a rollout of the entire cluster one component at a time, control plane first and then machine deployments.

Deprecated: This field has no function and is going to be removed in the next apiVersion.
No
controlPlane
ControlPlaneTopology
controlPlane describes the cluster control plane.No
workers
WorkersTopology
workers encapsulates the different constructs that form the worker nodes for the cluster.No
variables
[]ClusterVariable
variables can be used to customize the Cluster through patches. They must comply to the corresponding VariableClasses defined in the ClusterClass.

Validation: Maximum items: 1000

No

UnhealthyCondition

UnhealthyCondition represents a Node condition type and value with a timeout specified as a duration. When the named condition has been in the given status for at least the timeout value, a node is considered unhealthy.

Appears in: MachineHealthCheckClass, MachineHealthCheckSpec

FieldDescriptionRequired
type
NodeConditionType
type of Node condition

Validation: Type: string
Minimum length: 1

Yes
status
ConditionStatus
status of the condition, one of True, False, Unknown.

Validation: Type: string
Minimum length: 1

Yes
timeout
Duration
timeout is the duration that a node must be in a given status for, after which the node is considered unhealthy. For example, with a value of "1h", the node must match the status for at least 1 hour before being considered unhealthy.Yes

UnhealthyMachineCondition

UnhealthyMachineCondition represents a Machine condition type and value with a timeout specified as a duration. When the named condition has been in the given status for at least the timeout value, a machine is considered unhealthy.

Appears in: MachineHealthCheckClass, MachineHealthCheckSpec

FieldDescriptionRequired
type
string
type of Machine condition

Validation: Pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
Minimum length: 1
Maximum length: 316
type must not be one of: Ready, Available, HealthCheckSucceeded, OwnerRemediated, ExternallyRemediated

No
status
ConditionStatus
status of the condition, one of True, False, Unknown.

Validation: Allowed values: True, False, Unknown

No
timeout
Duration
timeout is the duration that a Machine must be in a given status for, after which the Machine is considered unhealthy. For example, with a value of "1h", the Machine must match the status for at least 1 hour before being considered unhealthy.Yes

WorkersClass

WorkersClass is a collection of deployment classes.

Appears in: ClusterClassSpec

FieldDescriptionRequired
machineDeployments
[]MachineDeploymentClass
machineDeployments is a list of machine deployment classes that can be used to create a set of worker nodes.

Validation: Maximum items: 100

No
machinePools
[]MachinePoolClass
machinePools is a list of machine pool classes that can be used to create a set of worker nodes.

Validation: Maximum items: 100

No

ClusterClassStatusVariableDefinition

ClusterClassStatusVariableDefinition defines a variable which appears in the status of a ClusterClass.

Appears in: ClusterClassStatusVariable

FieldDescriptionRequired
from
string
from specifies the origin of the variable definition. This will be inline for variables defined in the ClusterClass or the name of a patch defined in the ClusterClass for variables discovered from a DiscoverVariables runtime extensions.

Validation: Minimum length: 1
Maximum length: 256

Yes
required
bool
required specifies if the variable is required. Note: this applies to the variable as a whole and thus the top-level object defined in the schema. If nested fields are required, this will be specified inside the schema.Yes
metadata
ClusterClassVariableMetadata
metadata is the metadata of a variable. It can be used to add additional data for higher level tools to a ClusterClassVariable.

Deprecated: This field is deprecated and is going to be removed in the next apiVersion.
No
schema
VariableSchema
schema defines the schema of the variable.Yes

ClusterClassUpgradeExternal

ClusterClassUpgradeExternal defines external runtime extensions for upgrade operations.

Appears in: ClusterClassUpgrade

FieldDescriptionRequired
generateUpgradePlanExtension
string
generateUpgradePlanExtension references an extension which is called to generate upgrade plan.

Validation: Minimum length: 1
Maximum length: 512

No

ClusterClassVariableMetadata

ClusterClassVariableMetadata is the metadata of a variable. It can be used to add additional data for higher level tools to a ClusterClassVariable.

Deprecated: This struct is deprecated and is going to be removed in the next apiVersion.

Appears in: ClusterClassStatusVariableDefinition, ClusterClassVariable

FieldDescriptionRequired
labels
map[string]string
labels is a map of string keys and values that can be used to organize and categorize (scope and select) variables.No
annotations
map[string]string
annotations is an unstructured key value map that can be used to store and retrieve arbitrary metadata. They are not queryable.No

ClusterControlPlaneStatus

ClusterControlPlaneStatus groups all the observations about control plane current state.

Appears in: ClusterV1Beta2Status

FieldDescriptionRequired
desiredReplicas
int32
desiredReplicas is the total number of desired control plane machines in this cluster.No
replicas
int32
replicas is the total number of control plane machines in this cluster. NOTE: replicas also includes machines still being provisioned or being deleted.No
upToDateReplicas
int32
upToDateReplicas is the number of up-to-date control plane machines in this cluster. A machine is considered up-to-date when Machine's UpToDate condition is true.No
readyReplicas
int32
readyReplicas is the total number of ready control plane machines in this cluster. A machine is considered ready when Machine's Ready condition is true.No
availableReplicas
int32
availableReplicas is the total number of available control plane machines in this cluster. A machine is considered available when Machine's Available condition is true.No

ClusterVariable

ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a Variable definition in the ClusterClass status variables.

Appears in: ControlPlaneVariables, MachineDeploymentVariables, Topology

FieldDescriptionRequired
name
string
name of the variable.

Validation: Minimum length: 1
Maximum length: 256

Yes
definitionFrom
string
definitionFrom specifies where the definition of this Variable is from.

Deprecated: This field is deprecated, must not be set anymore and is going to be removed in the next apiVersion.

Validation: Maximum length: 256

No
value
JSON
value of the variable. Note: the value will be validated against the schema of the corresponding ClusterClassVariable from the ClusterClass. Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools, i.e. it is not possible to have no type field. Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111Yes

Condition

Condition defines an observation of a Cluster API resource operational state.

Appears in: ClusterClassV1Beta2Status, ClusterV1Beta2Status, MachineDeploymentV1Beta2Status, MachineHealthCheckV1Beta2Status, MachineSetV1Beta2Status, MachineV1Beta2Status

FieldDescriptionRequired
type
ConditionType
type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.Yes
status
ConditionStatus
status of the condition, one of True, False, Unknown.Yes
severity
ConditionSeverity
severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.No
lastTransitionTime
Time
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.Yes
reason
string
reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may be empty.

Validation: Minimum length: 1
Maximum length: 256

No
message
string
message is a human readable message indicating details about the transition. This field may be empty.

Validation: Minimum length: 1
Maximum length: 10240

No

ConditionPolarity

ConditionPolarity defines the polarity for a metav1.Condition.

Appears in: ClusterAvailabilityGate, MachineReadinessGate

ControlPlaneClassNamingStrategy

ControlPlaneClassNamingStrategy defines the naming strategy for control plane objects.

Appears in: ControlPlaneClass

FieldDescriptionRequired
template
string
template defines the template to use for generating the name of the ControlPlane object. If not defined, it will fallback to {{ .cluster.name }}-{{ .random }}. If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will get concatenated with a random suffix of length 5. The templating mechanism provides the following arguments: * .cluster.name: The name of the cluster object. * .random: A random alphanumeric string, without vowels, of length 5.

Validation: Minimum length: 1
Maximum length: 1024

No

ControlPlaneTopology

ControlPlaneTopology specifies the parameters for the control plane nodes in the cluster.

Appears in: Topology

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane if the ControlPlaneTemplate referenced by the ClusterClass is machine based. If not, it is applied only to the ControlPlane. At runtime this metadata is merged with the corresponding metadata from the ClusterClass.No
replicas
int32
replicas is the number of control plane nodes. If the value is nil, the ControlPlane object is created without the number of Replicas and it's assumed that the control plane controller does not implement support for this field. When specified against a control plane provider that lacks support for this field, this value will be ignored.No
rollout
ControlPlaneTopologyRolloutSpec
rollout allows you to configure the behavior of rolling updates to the control plane.No
machineHealthCheck
MachineHealthCheckTopology
machineHealthCheck allows to enable, disable and override the MachineHealthCheck configuration in the ClusterClass for this control plane.No
nodeDrainTimeout
Duration
nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from kubectl drain --timeoutNo
nodeVolumeDetachTimeout
Duration
nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.No
nodeDeletionTimeout
Duration
nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. Defaults to 10 seconds.No
taints
[]MachineTaint
taints are the node taints that Cluster API will manage. This list is not necessarily complete: other Kubernetes components may add or remove other taints from nodes, e.g. the node controller might add the node.kubernetes.io/not-ready taint. Only those taints defined in this list will be added or removed by core Cluster API controllers.

There can be at most 64 taints. A pod would have to tolerate all existing taints to run on the corresponding node.

NOTE: This list is implemented as a "map" type, meaning that individual elements can be managed by different owners.

Validation: Minimum items: 1
Maximum items: 64

No
readinessGates
[]MachineReadinessGate
readinessGates specifies additional conditions to include when evaluating Machine Ready condition.

This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine.

If this field is not defined, readinessGates from the corresponding ControlPlaneClass will be used, if any.

NOTE: This field is considered only for computing v1beta2 conditions. NOTE: Specific control plane provider implementations might automatically extend the list of readinessGates; e.g. the kubeadm control provider adds ReadinessGates for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc.

Validation: Maximum items: 32

No
variables
ControlPlaneVariables
variables can be used to customize the ControlPlane through patches.No

ExternalPatchDefinition

ExternalPatchDefinition defines an external patch. Note: At least one of GenerateExtension or ValidateExtension must be set.

Appears in: ClusterClassPatch

FieldDescriptionRequired
generateExtension
string
generateExtension references an extension which is called to generate patches.

Validation: Minimum length: 1
Maximum length: 512

No
validateExtension
string
validateExtension references an extension which is called to validate the topology.

Validation: Minimum length: 1
Maximum length: 512

No
discoverVariablesExtension
string
discoverVariablesExtension references an extension which is called to discover variables.

Validation: Minimum length: 1
Maximum length: 512

No
settings
map[string]string
settings defines key value pairs to be passed to the extensions. Values defined here take precedence over the values defined in the corresponding ExtensionConfig.No

MachineDeploymentClass

MachineDeploymentClass serves as a template to define a set of worker nodes of the cluster provisioned using the ClusterClass.

Appears in: WorkersClass

FieldDescriptionRequired
class
string
class denotes a type of worker node present in the cluster, this name MUST be unique within a ClusterClass and can be referenced in the Cluster to create a managed MachineDeployment.

Validation: Minimum length: 1
Maximum length: 256

Yes
template
MachineDeploymentClassTemplate
template is a local struct containing a collection of templates for creation of MachineDeployment objects representing a set of worker nodes.Yes
machineHealthCheck
MachineHealthCheckClass
machineHealthCheck defines a MachineHealthCheck for this MachineDeploymentClass.No
failureDomain
string
failureDomain is the failure domain the machines will be created in. Must match a key in the FailureDomains map stored on the cluster object. NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.

Validation: Minimum length: 1
Maximum length: 256

No
namingStrategy
MachineDeploymentClassNamingStrategy
namingStrategy allows changing the naming pattern used when creating the MachineDeployment.No
nodeDrainTimeout
Duration
nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from kubectl drain --timeout NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.No
nodeVolumeDetachTimeout
Duration
nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.No
nodeDeletionTimeout
Duration
nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. Defaults to 10 seconds. NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.No
taints
[]MachineTaint
taints are the node taints that Cluster API will manage. This list is not necessarily complete: other Kubernetes components may add or remove other taints from nodes, e.g. the node controller might add the node.kubernetes.io/not-ready taint. Only those taints defined in this list will be added or removed by core Cluster API controllers.

There can be at most 64 taints. A pod would have to tolerate all existing taints to run on the corresponding node.

NOTE: This list is implemented as a "map" type, meaning that individual elements can be managed by different owners.

Validation: Minimum items: 1
Maximum items: 64

No
minReadySeconds
int32
minReadySeconds is the minimum number of seconds for which a newly created machine should be ready. Defaults to 0 (machine will be considered available as soon as it is ready) NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.No
readinessGates
[]MachineReadinessGate
readinessGates specifies additional conditions to include when evaluating Machine Ready condition.

This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine.

NOTE: This field is considered only for computing v1beta2 conditions. NOTE: If a Cluster defines a custom list of readinessGates for a MachineDeployment using this MachineDeploymentClass, such list overrides readinessGates defined in this field.

Validation: Maximum items: 32

No
strategy
MachineDeploymentStrategy
strategy is the deployment strategy to use to replace existing machines with new ones. NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.No

MachineDeploymentStrategyType

MachineDeploymentStrategyType defines the type of MachineDeployment rollout strategies.

Appears in: MachineDeploymentStrategy

MachineDrainRuleDrainBehavior

MachineDrainRuleDrainBehavior defines the drain behavior. Can be either "Drain", "Skip", or "WaitCompleted".

Appears in: MachineDrainRuleDrainConfig

MachineHealthCheckClass

MachineHealthCheckClass defines a MachineHealthCheck for a group of Machines.

Appears in: ControlPlaneClass, MachineDeploymentClass, MachineHealthCheckTopology

FieldDescriptionRequired
unhealthyConditions
[]UnhealthyCondition
unhealthyConditions contains a list of the conditions that determine whether a node is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy.

Validation: Maximum items: 100

No
unhealthyMachineConditions
[]UnhealthyMachineCondition
unhealthyMachineConditions contains a list of the machine conditions that determine whether a machine is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the machine is unhealthy.

Validation: Minimum items: 1
Maximum items: 100

No
maxUnhealthy
IntOrString
maxUnhealthy specifies the maximum number of unhealthy machines allowed. Any further remediation is only allowed if at most "maxUnhealthy" machines selected by "selector" are not healthy.No
unhealthyRange
string
unhealthyRange specifies the range of unhealthy machines allowed. Any further remediation is only allowed if the number of machines selected by "selector" as not healthy is within the range of "unhealthyRange". Takes precedence over maxUnhealthy. Eg. "[3-5]" - This means that remediation will be allowed only when: (a) there are at least 3 unhealthy machines (and) (b) there are at most 5 unhealthy machines

Validation: Pattern: ^\[[0-9]+-[0-9]+\]$
Minimum length: 1
Maximum length: 32

No
nodeStartupTimeout
Duration
nodeStartupTimeout allows to set the maximum time for MachineHealthCheck to consider a Machine unhealthy if a corresponding Node isn't associated through a Spec.ProviderID field.

The duration set in this field is compared to the greatest of:
  • Cluster's infrastructure ready condition timestamp (if and when available)
  • Control Plane's initialized condition timestamp (if and when available)
  • Machine's infrastructure ready condition timestamp (if and when available)
  • Machine's metadata creation timestamp


Defaults to 10 minutes. If you wish to disable this feature, set the value explicitly to 0.
No
remediationTemplate
ObjectReference
remediationTemplate is a reference to a remediation template provided by an infrastructure provider.

This field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Cluster API.
No

MachineRollingUpdateDeployment

MachineRollingUpdateDeployment is used to control the desired behavior of rolling update.

Appears in: MachineDeploymentStrategy

FieldDescriptionRequired
maxUnavailable
IntOrString
maxUnavailable is the maximum number of machines that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 0. Example: when this is set to 30%, the old MachineSet can be scaled down to 70% of desired machines immediately when the rolling update starts. Once new machines are ready, old MachineSet can be scaled down further, followed by scaling up the new MachineSet, ensuring that the total number of machines available at all times during the update is at least 70% of desired machines.No
maxSurge
IntOrString
maxSurge is the maximum number of machines that can be scheduled above the desired number of machines. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 1. Example: when this is set to 30%, the new MachineSet can be scaled up immediately when the rolling update starts, such that the total number of old and new machines do not exceed 130% of desired machines. Once old machines have been killed, new MachineSet can be scaled up further, ensuring that total number of machines running at any time during the update is at most 130% of desired machines.No
deletePolicy
string
deletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling. Valid values are "Random, "Newest", "Oldest" When no value is supplied, the default DeletePolicy of MachineSet is used

Validation: Allowed values: Random, Newest, Oldest

No

MachineTaintPropagation

MachineTaintPropagation defines when a taint should be propagated to nodes.

Appears in: MachineTaint

NetworkRanges

NetworkRanges represents ranges of network addresses.

Appears in: ClusterNetwork

FieldDescriptionRequired
cidrBlocks
[]string
cidrBlocks is a list of CIDR blocks.

Validation: items:MinLength: 1
items:MaxLength: 43
Maximum items: 100

Yes

PatchDefinition

PatchDefinition defines a patch which is applied to customize the referenced templates.

Appears in: ClusterClassPatch

FieldDescriptionRequired
selector
PatchSelector
selector defines on which templates the patch should be applied.Yes
jsonPatches
[]JSONPatch
jsonPatches defines the patches which should be applied on the templates matching the selector. Note: Patches will be applied in the order of the array.

Validation: Maximum items: 100

Yes

RemediationStrategy

RemediationStrategy allows to define how the MachineSet can control scaling operations.

Appears in: MachineDeploymentStrategy

FieldDescriptionRequired
maxInFlight
IntOrString
maxInFlight determines how many in flight remediations should happen at the same time.

Remediation only happens on the MachineSet with the most current revision, while older MachineSets (usually present during rollout operations) aren't allowed to remediate.

Note: In general (independent of remediations), unhealthy machines are always prioritized during scale down operations over healthy ones.

MaxInFlight can be set to a fixed number or a percentage. Example: when this is set to 20%, the MachineSet controller deletes at most 20% of the desired replicas.

If not set, remediation is limited to all machines (bounded by replicas) under the active MachineSet's management.
No

VariableSchema

VariableSchema defines the schema of a variable.

Appears in: ClusterClassStatusVariableDefinition, ClusterClassVariable

FieldDescriptionRequired
openAPIV3Schema
JSONSchemaProps
openAPIV3Schema defines the schema of a variable via OpenAPI v3 schema. The schema is a subset of the schema used in Kubernetes CRDs.Yes

WorkersStatus

WorkersStatus groups all the observations about workers current state.

Appears in: ClusterV1Beta2Status

FieldDescriptionRequired
desiredReplicas
int32
desiredReplicas is the total number of desired worker machines in this cluster.No
replicas
int32
replicas is the total number of worker machines in this cluster. NOTE: replicas also includes machines still being provisioned or being deleted.No
upToDateReplicas
int32
upToDateReplicas is the number of up-to-date worker machines in this cluster. A machine is considered up-to-date when Machine's UpToDate condition is true.No
readyReplicas
int32
readyReplicas is the total number of ready worker machines in this cluster. A machine is considered ready when Machine's Ready condition is true.No
availableReplicas
int32
availableReplicas is the total number of available worker machines in this cluster. A machine is considered available when Machine's Available condition is true.No

WorkersTopology

WorkersTopology represents the different sets of worker nodes in the cluster.

Appears in: Topology

FieldDescriptionRequired
machineDeployments
[]MachineDeploymentTopology
machineDeployments is a list of machine deployments in the cluster.

Validation: Maximum items: 2000

No
machinePools
[]MachinePoolTopology
machinePools is a list of machine pools in the cluster.

Validation: Maximum items: 2000

No

ConditionSeverity

ConditionSeverity expresses the severity of a Condition Type failing.

Appears in: Condition

ConditionType

ConditionType is a valid value for Condition.Type.

Appears in: Condition

ControlPlaneTopologyRolloutSpec

ControlPlaneTopologyRolloutSpec defines the rollout behavior.

Appears in: ControlPlaneTopology

FieldDescriptionRequired
after
Time
after is a field to indicate a rollout should be performed after the specified time even if no changes have been made to the ControlPlane. Example: In the YAML the time can be specified in the RFC3339 format. To specify the rolloutAfter target as March 9, 2023, at 9 am UTC use "2023-03-09T09:00:00Z".No

ControlPlaneVariables

ControlPlaneVariables can be used to provide variables for the ControlPlane.

Appears in: ControlPlaneTopology

FieldDescriptionRequired
overrides
[]ClusterVariable
overrides can be used to override Cluster level variables.

Validation: Maximum items: 1000

No

JSONPatch

JSONPatch defines a JSON patch.

Appears in: PatchDefinition

FieldDescriptionRequired
op
string
op defines the operation of the patch. Note: Only add, replace and remove are supported.

Validation: Allowed values: add, replace, remove

Yes
path
string
path defines the path of the patch. Note: Only the spec of a template can be patched, thus the path has to start with /spec/. Note: For now the only allowed array modifications are append and prepend, i.e.: * for op: add: only index 0 (prepend) and - (append) are allowed * for op: replace or remove: no indexes are allowed

Validation: Minimum length: 1
Maximum length: 512

Yes
value
JSON
value defines the value of the patch. Note: Either Value or ValueFrom is required for add and replace operations. Only one of them is allowed to be set at the same time. Note: We have to use apiextensionsv1.JSON instead of our JSON type, because controller-tools has a hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type (unset type field). Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111No
valueFrom
JSONPatchValue
valueFrom defines the value of the patch. Note: Either Value or ValueFrom is required for add and replace operations. Only one of them is allowed to be set at the same time.No

JSONSchemaProps

JSONSchemaProps is a JSON-Schema following Specification Draft 4 (http://json-schema.org/). This struct has been initially copied from apiextensionsv1.JSONSchemaProps, but all fields which are not supported in CAPI have been removed.

Appears in: JSONSchemaProps, VariableSchema

FieldDescriptionRequired
description
string
description is a human-readable description of this variable.

Validation: Minimum length: 1
Maximum length: 4096

No
example
JSON
example is an example for this variable.No
type
string
type is the type of the variable. Valid values are: object, array, string, integer, number or boolean.

Validation: Allowed values: object, array, string, integer, number, boolean

No
properties
map[string]JSONSchemaProps
properties specifies fields of an object. NOTE: Can only be set if type is object. NOTE: Properties is mutually exclusive with AdditionalProperties. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible.

Validation: Schemaless: {}

No
additionalProperties
JSONSchemaProps
additionalProperties specifies the schema of values in a map (keys are always strings). NOTE: Can only be set if type is object. NOTE: AdditionalProperties is mutually exclusive with Properties. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible.

Validation: Schemaless: {}

No
maxProperties
int64
maxProperties is the maximum amount of entries in a map or properties in an object. NOTE: Can only be set if type is object.No
minProperties
int64
minProperties is the minimum amount of entries in a map or properties in an object. NOTE: Can only be set if type is object.No
required
[]string
required specifies which fields of an object are required. NOTE: Can only be set if type is object.

Validation: Maximum items: 1000
items:MinLength: 1
items:MaxLength: 256

No
items
JSONSchemaProps
items specifies fields of an array. NOTE: Can only be set if type is array. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible.

Validation: Schemaless: {}

No
maxItems
int64
maxItems is the max length of an array variable. NOTE: Can only be set if type is array.No
minItems
int64
minItems is the min length of an array variable. NOTE: Can only be set if type is array.No
uniqueItems
bool
uniqueItems specifies if items in an array must be unique. NOTE: Can only be set if type is array.No
format
string
format is an OpenAPI v3 format string. Unknown formats are ignored. For a list of supported formats please see: (of the k8s.io/apiextensions-apiserver version we're currently using) https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go NOTE: Can only be set if type is string.

Validation: Minimum length: 1
Maximum length: 32

No
maxLength
int64
maxLength is the max length of a string variable. NOTE: Can only be set if type is string.No
minLength
int64
minLength is the min length of a string variable. NOTE: Can only be set if type is string.No
pattern
string
pattern is the regex which a string variable must match. NOTE: Can only be set if type is string.

Validation: Minimum length: 1
Maximum length: 512

No
maximum
int64
maximum is the maximum of an integer or number variable. If ExclusiveMaximum is false, the variable is valid if it is lower than, or equal to, the value of Maximum. If ExclusiveMaximum is true, the variable is valid if it is strictly lower than the value of Maximum. NOTE: Can only be set if type is integer or number.No
exclusiveMaximum
bool
exclusiveMaximum specifies if the Maximum is exclusive. NOTE: Can only be set if type is integer or number.No
minimum
int64
minimum is the minimum of an integer or number variable. If ExclusiveMinimum is false, the variable is valid if it is greater than, or equal to, the value of Minimum. If ExclusiveMinimum is true, the variable is valid if it is strictly greater than the value of Minimum. NOTE: Can only be set if type is integer or number.No
exclusiveMinimum
bool
exclusiveMinimum specifies if the Minimum is exclusive. NOTE: Can only be set if type is integer or number.No
x-kubernetes-preserve-unknown-fields
bool
x-kubernetes-preserve-unknown-fields allows setting fields in a variable object which are not defined in the variable schema. This affects fields recursively, except if nested properties or additionalProperties are specified in the schema.No
enum
[]JSON
enum is the list of valid values of the variable. NOTE: Can be set for all types.

Validation: Maximum items: 100

No
default
JSON
default is the default value of the variable. NOTE: Can be set for all types.No
x-kubernetes-validations
[]ValidationRule
x-kubernetes-validations describes a list of validation rules written in the CEL expression language.

Validation: Maximum items: 100

No
x-metadata
VariableSchemaMetadata
x-metadata is the metadata of a variable or a nested field within a variable. It can be used to add additional data for higher level tools.No
x-kubernetes-int-or-string
bool
x-kubernetes-int-or-string specifies that this value is either an integer or a string. If this is true, an empty type is allowed and type as child of anyOf is permitted if following one of the following patterns:

1) anyOf:
  • type: integer
  • type: string
2) allOf:
  • anyOf:
  • type: integer
  • type: string
  • ... zero or more
No
allOf
[]JSONSchemaProps
allOf specifies that the variable must validate against all of the subschemas in the array. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible.

Validation: Schemaless: {}

No
oneOf
[]JSONSchemaProps
oneOf specifies that the variable must validate against exactly one of the subschemas in the array. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible.

Validation: Schemaless: {}

No
anyOf
[]JSONSchemaProps
anyOf specifies that the variable must validate against one or more of the subschemas in the array. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible.

Validation: Schemaless: {}

No
not
JSONSchemaProps
not specifies that the variable must not validate against the subschema. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible.

Validation: Schemaless: {}

No

MachineDeploymentClassNamingStrategy

MachineDeploymentClassNamingStrategy defines the naming strategy for machine deployment objects.

Appears in: MachineDeploymentClass

FieldDescriptionRequired
template
string
template defines the template to use for generating the name of the MachineDeployment object. If not defined, it will fallback to {{ .cluster.name }}-{{ .machineDeployment.topologyName }}-{{ .random }}. If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will get concatenated with a random suffix of length 5. The templating mechanism provides the following arguments: * .cluster.name: The name of the cluster object. * .random: A random alphanumeric string, without vowels, of length 5. * .machineDeployment.topologyName: The name of the MachineDeployment topology (Cluster.spec.topology.workers.machineDeployments[].name).

Validation: Minimum length: 1
Maximum length: 1024

No

MachineDeploymentClassTemplate

MachineDeploymentClassTemplate defines how a MachineDeployment generated from a MachineDeploymentClass should look like.

Appears in: MachineDeploymentClass

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment. At runtime this metadata is merged with the corresponding metadata from the topology.No
bootstrap
LocalObjectTemplate
bootstrap contains the bootstrap template reference to be used for the creation of worker Machines.Yes
infrastructure
LocalObjectTemplate
infrastructure contains the infrastructure template reference to be used for the creation of worker Machines.Yes

MachineDeploymentTopology

MachineDeploymentTopology specifies the different parameters for a set of worker nodes in the topology. This set of nodes is managed by a MachineDeployment object whose lifecycle is managed by the Cluster controller.

Appears in: WorkersTopology

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment. At runtime this metadata is merged with the corresponding metadata from the ClusterClass.No
class
string
class is the name of the MachineDeploymentClass used to create the set of worker nodes. This should match one of the deployment classes defined in the ClusterClass object mentioned in the Cluster.Spec.Class field.

Validation: Minimum length: 1
Maximum length: 256

Yes
name
string
name is the unique identifier for this MachineDeploymentTopology. The value is used with other unique identifiers to create a MachineDeployment's Name (e.g. cluster's name, etc). In case the name is greater than the allowed maximum length, the values are hashed together.

Validation: Minimum length: 1
Maximum length: 63

Yes
failureDomain
string
failureDomain is the failure domain the machines will be created in. Must match a key in the FailureDomains map stored on the cluster object.

Validation: Minimum length: 1
Maximum length: 256

No
replicas
int32
replicas is the number of worker nodes belonging to this set. If the value is nil, the MachineDeployment is created without the number of Replicas (defaulting to 1) and it's assumed that an external entity (like cluster autoscaler) is responsible for the management of this value.No
machineHealthCheck
MachineHealthCheckTopology
machineHealthCheck allows to enable, disable and override the MachineHealthCheck configuration in the ClusterClass for this MachineDeployment.No
nodeDrainTimeout
Duration
nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from kubectl drain --timeoutNo
nodeVolumeDetachTimeout
Duration
nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.No
nodeDeletionTimeout
Duration
nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. Defaults to 10 seconds.No
taints
[]MachineTaint
taints are the node taints that Cluster API will manage. This list is not necessarily complete: other Kubernetes components may add or remove other taints from nodes, e.g. the node controller might add the node.kubernetes.io/not-ready taint. Only those taints defined in this list will be added or removed by core Cluster API controllers.

There can be at most 64 taints. A pod would have to tolerate all existing taints to run on the corresponding node.

NOTE: This list is implemented as a "map" type, meaning that individual elements can be managed by different owners.

Validation: Maximum items: 64
Minimum items: 1

No
minReadySeconds
int32
minReadySeconds is the minimum number of seconds for which a newly created machine should be ready. Defaults to 0 (machine will be considered available as soon as it is ready)No
readinessGates
[]MachineReadinessGate
readinessGates specifies additional conditions to include when evaluating Machine Ready condition.

This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine.

If this field is not defined, readinessGates from the corresponding MachineDeploymentClass will be used, if any.

NOTE: This field is considered only for computing v1beta2 conditions.

Validation: Maximum items: 32

No
rollout
MachineDeploymentTopologyRolloutSpec
rollout allows you to configure the behaviour of rolling updates to the MachineDeployment Machines. It allows you to define the strategy used during rolling replacements.No
strategy
MachineDeploymentStrategy
strategy is the deployment strategy to use to replace existing machines with new ones.No
variables
MachineDeploymentVariables
variables can be used to customize the MachineDeployment through patches.No

MachineHealthCheckTopology

MachineHealthCheckTopology defines a MachineHealthCheck for a group of machines.

Appears in: ControlPlaneTopology, MachineDeploymentTopology

FieldDescriptionRequired
enable
bool
enable controls if a MachineHealthCheck should be created for the target machines.

If false: No MachineHealthCheck will be created.

If not set(default): A MachineHealthCheck will be created if it is defined here or in the associated ClusterClass. If no MachineHealthCheck is defined then none will be created.

If true: A MachineHealthCheck is guaranteed to be created. Cluster validation will block if enable is true and no MachineHealthCheck definition is available.
No

PatchSelector

PatchSelector defines on which templates the patch should be applied. Note: Matching on APIVersion and Kind is mandatory, to enforce that the patches are written for the correct version. The version of the references in the ClusterClass may be automatically updated during reconciliation if there is a newer version for the same contract. Note: The results of selection based on the individual fields are ANDed.

Appears in: PatchDefinition

FieldDescriptionRequired
apiVersion
string
apiVersion filters templates by apiVersion.

Validation: Maximum length: 512
Minimum length: 1

Yes
kind
string
kind filters templates by kind.

Validation: Minimum length: 1
Maximum length: 256

Yes
matchResources
PatchSelectorMatch
matchResources selects templates based on where they are referenced.Yes

JSONPatchValue

JSONPatchValue defines the value of a patch. Note: Only one of the fields is allowed to be set at the same time.

Appears in: JSONPatch

FieldDescriptionRequired
variable
string
variable is the variable to be used as value. Variable can be one of the variables defined in .spec.variables or a builtin variable.

Validation: Minimum length: 1
Maximum length: 256

No
template
string
template is the Go template to be used to calculate the value. A template can reference variables defined in .spec.variables and builtin variables. Note: The template must evaluate to a valid YAML or JSON value.

Validation: Minimum length: 1
Maximum length: 10240

No

MachineDeploymentTopologyRolloutSpec

MachineDeploymentTopologyRolloutSpec defines the rollout behavior.

Appears in: MachineDeploymentTopology

FieldDescriptionRequired
after
Time
after is a field to indicate a rollout should be performed after the specified time even if no changes have been made to the MachineDeployment. Example: In the YAML the time can be specified in the RFC3339 format. To specify the rolloutAfter target as March 9, 2023, at 9 am UTC use "2023-03-09T09:00:00Z".No

MachineDeploymentVariables

MachineDeploymentVariables can be used to provide variables for a specific MachineDeployment.

Appears in: MachineDeploymentTopology

FieldDescriptionRequired
overrides
[]ClusterVariable
overrides can be used to override Cluster level variables.

Validation: Maximum items: 1000

No

PatchSelectorMatch

PatchSelectorMatch selects templates based on where they are referenced. Note: The selector must match at least one template. Note: The results of selection based on the individual fields are ORed.

Appears in: PatchSelector

FieldDescriptionRequired
controlPlane
bool
controlPlane selects templates referenced in .spec.ControlPlane. Note: this will match the controlPlane and also the controlPlane machineInfrastructure (depending on the kind and apiVersion).No
infrastructureCluster
bool
infrastructureCluster selects templates referenced in .spec.infrastructure.No
machineDeploymentClass
PatchSelectorMatchMachineDeploymentClass
machineDeploymentClass selects templates referenced in specific MachineDeploymentClasses in .spec.workers.machineDeployments.No
machinePoolClass
PatchSelectorMatchMachinePoolClass
machinePoolClass selects templates referenced in specific MachinePoolClasses in .spec.workers.machinePools.No

ValidationRule

ValidationRule describes a validation rule written in the CEL expression language.

Appears in: JSONSchemaProps

FieldDescriptionDefaultRequired
rule
string
rule represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec The Rule is scoped to the location of the x-kubernetes-validations extension in the schema. The self variable in the CEL expression is bound to the scoped value. If the Rule is scoped to an object with properties, the accessible properties of the object are field selectable via self.field and field presence can be checked via has(self.field). If the Rule is scoped to an object with additionalProperties (i.e. a map) the value of the map are accessible via self[mapKey], map containment can be checked via mapKey in self and all entries of the map are accessible via CEL macros and functions such as self.all(...). If the Rule is scoped to an array, the elements of the array are accessible via self[i] and also by macros and functions. If the Rule is scoped to a scalar, self is bound to the scalar value. Examples:
  • Rule scoped to a map of objects: {"rule": "self.components['Widget'].priority < 10"}
  • Rule scoped to a list of integers: {"rule": "self.values.all(value, value ≥ 0 && value < 100)"}
  • Rule scoped to a string value: {"rule": "self.startsWith('kube')"}


Unknown data preserved in custom resources via x-kubernetes-preserve-unknown-fields is not accessible in CEL expressions. This includes:
  • Unknown field values that are preserved by object schemas with x-kubernetes-preserve-unknown-fields.
  • Object properties where the property schema is of an "unknown type". An "unknown type" is recursively defined as:
  • A schema with no type and x-kubernetes-preserve-unknown-fields set to true
  • An array where the items schema is of an "unknown type"
  • An object where the additionalProperties schema is of an "unknown type"


Only property names of the form [a-zA-Z_.-/][a-zA-Z0-9_.-/]* are accessible. Accessible property names are escaped according to the following rules when accessed in the expression:
  • '__' escapes to '__underscores__'
  • '.' escapes to '__dot__'
  • '-' escapes to '__dash__'
  • '/' escapes to '__slash__'
  • Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:
"true", "false", "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if", "import", "let", "loop", "package", "namespace", "return". Examples:
  • Rule accessing a property named "namespace": {"rule": "self.__namespace__ > 0"}
  • Rule accessing a property named "x-prop": {"rule": "self.x__dash__prop > 0"}
  • Rule accessing a property named "redact__d": {"rule": "self.redact__underscores__d > 0"}


If rule makes use of the oldSelf variable it is implicitly a transition rule.

By default, the oldSelf variable is the same type as self.

Transition rules by default are applied only on UPDATE requests and are skipped if an old value could not be found.

Validation: Maximum length: 4096
Minimum length: 1

Yes
message
string
message represents the message displayed when validation fails. The message is required if the Rule contains line breaks. The message must not contain line breaks. If unset, the message is "failed rule: {Rule}". e.g. "must be a URL with the host matching spec.host"

Validation: Minimum length: 1
Maximum length: 512

No
messageExpression
string
messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. Since messageExpression is used as a failure message, it must evaluate to a string. If both message and messageExpression are present on a rule, then messageExpression will be used if validation fails. If messageExpression results in a runtime error, the validation failure message is produced as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset. messageExpression has access to all the same variables as the rule; the only difference is the return type. Example: "x must be less than max ("+string(self.max)+")"

Validation: Minimum length: 1
Maximum length: 1024

No
reason
FieldValueErrorReason
reason provides a machine-readable validation failure reason that is returned to the caller when a request fails this validation rule. The currently supported reasons are: "FieldValueInvalid", "FieldValueForbidden", "FieldValueRequired", "FieldValueDuplicate". If not set, default to use "FieldValueInvalid". All future added reasons must be accepted by clients when reading this value and unknown reasons should be treated as FieldValueInvalid.

Validation: Allowed values: FieldValueInvalid, FieldValueForbidden, FieldValueRequired, FieldValueDuplicate

FieldValueInvalidNo
fieldPath
string
fieldPath represents the field path returned when the validation fails. It must be a relative JSON path (i.e. with array notation) scoped to the location of this x-kubernetes-validations extension in the schema and refer to an existing field. e.g. when validation checks if a specific attribute foo under a map testMap, the fieldPath could be set to .testMap.foo If the validation checks two lists must have unique attributes, the fieldPath could be set to either of the list: e.g. .testList It does not support list numeric index. It supports child operation to refer to an existing field currently. Refer to JSONPath support in Kubernetes for more info. Numeric index of array is not supported. For field name which contains special characters, use ['specialName'] to refer the field name. e.g. for attribute foo.34$ appears in a list testList, the fieldPath could be set to .testList['foo.34$']

Validation: Minimum length: 1
Maximum length: 512

No

VariableSchemaMetadata

VariableSchemaMetadata is the metadata of a variable or a nested field within a variable. It can be used to add additional data for higher level tools.

Appears in: JSONSchemaProps

FieldDescriptionRequired
labels
map[string]string
labels is a map of string keys and values that can be used to organize and categorize (scope and select) variables.No
annotations
map[string]string
annotations is an unstructured key value map that can be used to store and retrieve arbitrary metadata. They are not queryable.No

FieldValueErrorReason

FieldValueErrorReason is a machine-readable value providing more detail about why a field failed the validation.

Appears in: ValidationRule

PatchSelectorMatchMachineDeploymentClass

PatchSelectorMatchMachineDeploymentClass selects templates referenced in specific MachineDeploymentClasses in .spec.workers.machineDeployments.

Appears in: PatchSelectorMatch

FieldDescriptionRequired
names
[]string
names selects templates by class names.

Validation: Maximum items: 100
items:MinLength: 1
items:MaxLength: 256

No

MachineAddressType

MachineAddressType describes a valid MachineAddress type.

Appears in: MachineAddress

cluster.x-k8s.io/v1beta2

Resource Types:

Cluster

Cluster is the Schema for the clusters API.

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
ClusterSpec
spec is the desired state of Cluster.No
status
ClusterStatus
status is the observed state of Cluster.No

ClusterClass

ClusterClass is a template which can be used to create managed topologies. NOTE: This CRD can only be used if the ClusterTopology feature gate is enabled.

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
ClusterClassSpec
spec is the desired state of ClusterClass.No
status
ClusterClassStatus
status is the observed state of ClusterClass.No

Machine

Machine is the Schema for the machines API.

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
MachineSpec
spec is the desired state of Machine.No
status
MachineStatus
status is the observed state of Machine.No

MachineDeployment

MachineDeployment is the Schema for the machinedeployments API.

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
MachineDeploymentSpec
spec is the desired state of MachineDeployment.No
status
MachineDeploymentStatus
status is the observed state of MachineDeployment.No

MachineDrainRule

MachineDrainRule is the Schema for the MachineDrainRule API.

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataYes
spec
MachineDrainRuleSpec
spec defines the spec of a MachineDrainRule.No

MachineHealthCheck

MachineHealthCheck is the Schema for the machinehealthchecks API.

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
MachineHealthCheckSpec
spec is the specification of machine health check policyNo
status
MachineHealthCheckStatus
status is the most recently observed status of MachineHealthCheck resourceNo

MachineSet

MachineSet is the Schema for the machinesets API.

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
MachineSetSpec
spec is the desired state of MachineSet.No
status
MachineSetStatus
status is the observed state of MachineSet.No

ClusterClassSpec

ClusterClassSpec describes the desired state of the ClusterClass.

Appears in: ClusterClass

FieldDescriptionRequired
availabilityGates
[]ClusterAvailabilityGate
availabilityGates specifies additional conditions to include when evaluating Cluster Available condition.

NOTE: If a Cluster is using this ClusterClass, and this Cluster defines a custom list of availabilityGates, such list overrides availabilityGates defined in this field.

Validation: Maximum items: 32
Minimum items: 1

No
infrastructure
InfrastructureClass
infrastructure is a reference to a local struct that holds the details for provisioning the infrastructure cluster for the Cluster.No
controlPlane
ControlPlaneClass
controlPlane is a reference to a local struct that holds the details for provisioning the Control Plane for the Cluster.No
workers
WorkersClass
workers describes the worker nodes for the cluster. It is a collection of node types which can be used to create the worker nodes of the cluster.No
variables
[]ClusterClassVariable
variables defines the variables which can be configured in the Cluster topology and are then used in patches.

Validation: Minimum items: 1
Maximum items: 1000

No
patches
[]ClusterClassPatch
patches defines the patches which are applied to customize referenced templates of a ClusterClass. Note: Patches will be applied in the order of the array.

Validation: Maximum items: 1000
Minimum items: 1

No
upgrade
ClusterClassUpgrade
upgrade defines the upgrade configuration for clusters using this ClusterClass.No
kubernetesVersions
[]string
kubernetesVersions is the list of Kubernetes versions that can be used for clusters using this ClusterClass. The list of version must be ordered from the older to the newer version, and there should be at least one version for every minor in between the first and the last version.

Validation: Maximum items: 100
items:MinLength: 1
items:MaxLength: 256
Minimum items: 1

No

ClusterClassStatus

ClusterClassStatus defines the observed state of the ClusterClass.

Appears in: ClusterClass

FieldDescriptionRequired
conditions
[]Condition
conditions represents the observations of a ClusterClass's current state. Known condition types are VariablesReady, RefVersionsUpToDate, Paused.

Validation: Maximum items: 32

No
variables
[]ClusterClassStatusVariable
variables is a list of ClusterClassStatusVariable that are defined for the ClusterClass.

Validation: Maximum items: 1000

No
observedGeneration
int64
observedGeneration is the latest generation observed by the controller.

Validation: Minimum: 1

No
deprecated
ClusterClassDeprecatedStatus
deprecated groups all the status fields that are deprecated and will be removed when all the nested field are removed.No

ClusterSpec

ClusterSpec defines the desired state of Cluster.

Appears in: Cluster

FieldDescriptionRequired
paused
bool
paused can be used to prevent controllers from processing the Cluster and all its associated objects.No
clusterNetwork
ClusterNetwork
clusterNetwork represents the cluster network configuration.No
controlPlaneEndpoint
APIEndpoint
controlPlaneEndpoint represents the endpoint used to communicate with the control plane.No
controlPlaneRef
ContractVersionedObjectReference
controlPlaneRef is an optional reference to a provider-specific resource that holds the details for provisioning the Control Plane for a Cluster.No
infrastructureRef
ContractVersionedObjectReference
infrastructureRef is a reference to a provider-specific resource that holds the details for provisioning infrastructure for a cluster in said provider.No
topology
Topology
topology encapsulates the topology for the cluster. NOTE: It is required to enable the ClusterTopology feature gate flag to activate managed topologies support.No
availabilityGates
[]ClusterAvailabilityGate
availabilityGates specifies additional conditions to include when evaluating Cluster Available condition.

If this field is not defined and the Cluster implements a managed topology, availabilityGates from the corresponding ClusterClass will be used, if any.

Validation: Minimum items: 1
Maximum items: 32

No

ClusterStatus

ClusterStatus defines the observed state of Cluster.

Appears in: Cluster

FieldDescriptionRequired
conditions
[]Condition
conditions represents the observations of a Cluster's current state. Known condition types are Available, InfrastructureReady, ControlPlaneInitialized, ControlPlaneAvailable, WorkersAvailable, MachinesReady MachinesUpToDate, RemoteConnectionProbe, ScalingUp, ScalingDown, Remediating, Deleting, Paused. Additionally, a TopologyReconciled condition will be added in case the Cluster is referencing a ClusterClass / defining a managed Topology.

Validation: Maximum items: 32

No
initialization
ClusterInitializationStatus
initialization provides observations of the Cluster initialization process. NOTE: Fields in this struct are part of the Cluster API contract and are used to orchestrate initial Cluster provisioning.No
controlPlane
ClusterControlPlaneStatus
controlPlane groups all the observations about Cluster's ControlPlane current state.No
workers
WorkersStatus
workers groups all the observations about Cluster's Workers current state.No
failureDomains
[]FailureDomain
failureDomains is a slice of failure domain objects synced from the infrastructure provider.

Validation: Minimum items: 1
Maximum items: 100

No
phase
string
phase represents the current phase of cluster actuation.

Validation: Allowed values: Pending, Provisioning, Provisioned, Deleting, Failed, Unknown

No
observedGeneration
int64
observedGeneration is the latest generation observed by the controller.

Validation: Minimum: 1

No
deprecated
ClusterDeprecatedStatus
deprecated groups all the status fields that are deprecated and will be removed when all the nested field are removed.No

MachineDeploymentSpec

MachineDeploymentSpec defines the desired state of MachineDeployment.

Appears in: MachineDeployment

FieldDescriptionRequired
clusterName
string
clusterName is the name of the Cluster this object belongs to.

Validation: Minimum length: 1
Maximum length: 63

No
replicas
int32
replicas is the number of desired machines. This is a pointer to distinguish between explicit zero and not specified.

Defaults to: * if the Kubernetes autoscaler min size and max size annotations are set:
  • if it's a new MachineDeployment, use min size
  • if the replicas field of the old MachineDeployment is < min size, use min size
  • if the replicas field of the old MachineDeployment is > max size, use max size
  • if the replicas field of the old MachineDeployment is in the (min size, max size) range, keep the value from the oldMD
* otherwise use 1 Note: Defaulting will be run whenever the replicas field is not set: * A new MachineDeployment is created with replicas not set. * On an existing MachineDeployment the replicas field was first set and is now unset. Those cases are especially relevant for the following Kubernetes autoscaler use cases: * A new MachineDeployment is created and replicas should be managed by the autoscaler * An existing MachineDeployment which initially wasn't controlled by the autoscaler should be later controlled by the autoscaler
No
rollout
MachineDeploymentRolloutSpec
rollout allows you to configure the behaviour of rolling updates to the MachineDeployment Machines. It allows you to require that all Machines are replaced after a certain time, and allows you to define the strategy used during rolling replacements.No
selector
LabelSelector
selector is the label selector for machines. Existing MachineSets whose machines are selected by this will be the ones affected by this deployment. It must match the machine template's labels.No
template
MachineTemplateSpec
template describes the machines that will be created.No
machineNaming
MachineNamingSpec
machineNaming allows changing the naming pattern used when creating Machines. Note: InfraMachines & BootstrapConfigs will use the same name as the corresponding Machines.No
remediation
MachineDeploymentRemediationSpec
remediation controls how unhealthy Machines are remediated.No
deletion
MachineDeploymentDeletionSpec
deletion contains configuration options for MachineDeployment deletion.No
paused
bool
paused indicates that the deployment is paused.No

MachineDeploymentStatus

MachineDeploymentStatus defines the observed state of MachineDeployment.

Appears in: MachineDeployment

FieldDescriptionRequired
conditions
[]Condition
conditions represents the observations of a MachineDeployment's current state. Known condition types are Available, MachinesReady, MachinesUpToDate, ScalingUp, ScalingDown, Remediating, Deleting, Paused.

Validation: Maximum items: 32

No
observedGeneration
int64
observedGeneration is the generation observed by the deployment controller.

Validation: Minimum: 1

No
selector
string
selector is the same as the label selector but in the string format to avoid introspection by clients. The string will be in the same format as the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors

Validation: Maximum length: 4096
Minimum length: 1

No
replicas
int32
replicas is the total number of non-terminated machines targeted by this deployment (their labels match the selector).No
readyReplicas
int32
readyReplicas is the number of ready replicas for this MachineDeployment. A machine is considered ready when Machine's Ready condition is true.No
availableReplicas
int32
availableReplicas is the number of available replicas for this MachineDeployment. A machine is considered available when Machine's Available condition is true.No
upToDateReplicas
int32
upToDateReplicas is the number of up-to-date replicas targeted by this deployment. A machine is considered up-to-date when Machine's UpToDate condition is true.No
phase
string
phase represents the current phase of a MachineDeployment (ScalingUp, ScalingDown, Running, Failed, or Unknown).

Validation: Allowed values: ScalingUp, ScalingDown, Running, Failed, Unknown

No
deprecated
MachineDeploymentDeprecatedStatus
deprecated groups all the status fields that are deprecated and will be removed when all the nested field are removed.No

MachineDrainRuleSpec

MachineDrainRuleSpec defines the spec of a MachineDrainRule.

Appears in: MachineDrainRule

FieldDescriptionRequired
drain
MachineDrainRuleDrainConfig
drain configures if and how Pods are drained.No
machines
[]MachineDrainRuleMachineSelector
machines defines to which Machines this MachineDrainRule should be applied.

If machines is not set, the MachineDrainRule applies to all Machines in the Namespace. If machines contains multiple selectors, the results are ORed. Within a single Machine selector the results of selector and clusterSelector are ANDed. Machines will be selected from all Clusters in the Namespace unless otherwise restricted with the clusterSelector.

Example: Selects control plane Machines in all Clusters or Machines with label "os" == "linux" in Clusters with label "stage" == "production".

  • selector:
matchExpressions:
  • key: cluster.x-k8s.io/control-plane
operator: Exists
  • selector:
matchLabels: os: linux clusterSelector: matchExpressions:
  • key: stage
operator: In values:
  • production

Validation: Minimum items: 1
Maximum items: 32
entries in machines must be unique

No
pods
[]MachineDrainRulePodSelector
pods defines to which Pods this MachineDrainRule should be applied.

If pods is not set, the MachineDrainRule applies to all Pods in all Namespaces. If pods contains multiple selectors, the results are ORed. Within a single Pod selector the results of selector and namespaceSelector are ANDed. Pods will be selected from all Namespaces unless otherwise restricted with the namespaceSelector.

Example: Selects Pods with label "app" == "logging" in all Namespaces or Pods with label "app" == "prometheus" in the "monitoring" Namespace.

  • selector:
matchExpressions:
  • key: app
operator: In values:
  • logging
  • selector:
matchLabels: app: prometheus namespaceSelector: matchLabels: kubernetes.io/metadata.name: monitoring

Validation: Minimum items: 1
Maximum items: 32
entries in pods must be unique

No

MachineHealthCheckSpec

MachineHealthCheckSpec defines the desired state of MachineHealthCheck.

Appears in: MachineHealthCheck

FieldDescriptionRequired
clusterName
string
clusterName is the name of the Cluster this object belongs to.

Validation: Minimum length: 1
Maximum length: 63

No
selector
LabelSelector
selector is a label selector to match machines whose health will be exercisedNo
checks
MachineHealthCheckChecks
checks are the checks that are used to evaluate if a Machine is healthy.

Independent of this configuration the MachineHealthCheck controller will always flag Machines with cluster.x-k8s.io/remediate-machine annotation and Machines with deleted Nodes as unhealthy.

Furthermore, if checks.nodeStartupTimeoutSeconds is not set it is defaulted to 10 minutes and evaluated accordingly.
No
remediation
MachineHealthCheckRemediation
remediation configures if and how remediations are triggered if a Machine is unhealthy.

If remediation or remediation.triggerIf is not set, remediation will always be triggered for unhealthy Machines.

If remediation or remediation.templateRef is not set, the OwnerRemediated condition will be set on unhealthy Machines to trigger remediation via the owner of the Machines, for example a MachineSet or a KubeadmControlPlane.
No

MachineHealthCheckStatus

MachineHealthCheckStatus defines the observed state of MachineHealthCheck.

Appears in: MachineHealthCheck

FieldDescriptionRequired
conditions
[]Condition
conditions represents the observations of a MachineHealthCheck's current state. Known condition types are RemediationAllowed, Paused.

Validation: Maximum items: 32

No
expectedMachines
int32
expectedMachines is the total number of machines counted by this machine health check

Validation: Minimum: 0

No
currentHealthy
int32
currentHealthy is the total number of healthy machines counted by this machine health check

Validation: Minimum: 0

No
remediationsAllowed
int32
remediationsAllowed is the number of further remediations allowed by this machine health check before maxUnhealthy short circuiting will be applied

Validation: Minimum: 0

No
observedGeneration
int64
observedGeneration is the latest generation observed by the controller.

Validation: Minimum: 1

No
targets
[]string
targets shows the current list of machines the machine health check is watching

Validation: items:MinLength: 1
items:MaxLength: 253
Maximum items: 10000

No
deprecated
MachineHealthCheckDeprecatedStatus
deprecated groups all the status fields that are deprecated and will be removed when all the nested field are removed.No

MachineSetSpec

MachineSetSpec defines the desired state of MachineSet.

Appears in: MachineSet

FieldDescriptionRequired
clusterName
string
clusterName is the name of the Cluster this object belongs to.

Validation: Minimum length: 1
Maximum length: 63

No
replicas
int32
replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified.

Defaults to: * if the Kubernetes autoscaler min size and max size annotations are set:
  • if it's a new MachineSet, use min size
  • if the replicas field of the old MachineSet is < min size, use min size
  • if the replicas field of the old MachineSet is > max size, use max size
  • if the replicas field of the old MachineSet is in the (min size, max size) range, keep the value from the oldMS
* otherwise use 1 Note: Defaulting will be run whenever the replicas field is not set: * A new MachineSet is created with replicas not set. * On an existing MachineSet the replicas field was first set and is now unset. Those cases are especially relevant for the following Kubernetes autoscaler use cases: * A new MachineSet is created and replicas should be managed by the autoscaler * An existing MachineSet which initially wasn't controlled by the autoscaler should be later controlled by the autoscaler
No
selector
LabelSelector
selector is a label query over machines that should match the replica count. Label keys and values that must match in order to be controlled by this MachineSet. It must match the machine template's labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectorsNo
template
MachineTemplateSpec
template is the object that describes the machine that will be created if insufficient replicas are detected. Object references to custom resources are treated as templates.No
machineNaming
MachineNamingSpec
machineNaming allows changing the naming pattern used when creating Machines. Note: InfraMachines & BootstrapConfigs will use the same name as the corresponding Machines.No
deletion
MachineSetDeletionSpec
deletion contains configuration options for MachineSet deletion.No

MachineSetStatus

MachineSetStatus defines the observed state of MachineSet.

Appears in: MachineSet

FieldDescriptionRequired
conditions
[]Condition
conditions represents the observations of a MachineSet's current state. Known condition types are MachinesReady, MachinesUpToDate, ScalingUp, ScalingDown, Remediating, Deleting, Paused.

Validation: Maximum items: 32

No
selector
string
selector is the same as the label selector but in the string format to avoid introspection by clients. The string will be in the same format as the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors

Validation: Minimum length: 1
Maximum length: 4096

No
replicas
int32
replicas is the most recently observed number of replicas.No
readyReplicas
int32
readyReplicas is the number of ready replicas for this MachineSet. A machine is considered ready when Machine's Ready condition is true.No
availableReplicas
int32
availableReplicas is the number of available replicas for this MachineSet. A machine is considered available when Machine's Available condition is true.No
upToDateReplicas
int32
upToDateReplicas is the number of up-to-date replicas for this MachineSet. A machine is considered up-to-date when Machine's UpToDate condition is true.No
observedGeneration
int64
observedGeneration reflects the generation of the most recently observed MachineSet.

Validation: Minimum: 1

No
deprecated
MachineSetDeprecatedStatus
deprecated groups all the status fields that are deprecated and will be removed when all the nested field are removed.No

MachineSpec

MachineSpec defines the desired state of Machine.

Appears in: Machine, MachineTemplateSpec

FieldDescriptionRequired
clusterName
string
clusterName is the name of the Cluster this object belongs to.

Validation: Maximum length: 63
Minimum length: 1

No
bootstrap
Bootstrap
bootstrap is a reference to a local struct which encapsulates fields to configure the Machine’s bootstrapping mechanism.No
infrastructureRef
ContractVersionedObjectReference
infrastructureRef is a required reference to a custom resource offered by an infrastructure provider.No
version
string
version defines the desired Kubernetes version. This field is meant to be optionally used by bootstrap providers.

Validation: Minimum length: 1
Maximum length: 256

No
providerID
string
providerID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a generic out-of-tree provider for autoscaler, this field is required by autoscaler to be able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver and then a comparison is done to find out unregistered machines and are marked for delete. This field will be set by the actuators and consumed by higher level entities like autoscaler that will be interfacing with cluster-api as generic provider.

Validation: Minimum length: 1
Maximum length: 512

No
failureDomain
string
failureDomain is the failure domain the machine will be created in. Must match the name of a FailureDomain from the Cluster status.

Validation: Minimum length: 1
Maximum length: 256

No
minReadySeconds
int32
minReadySeconds is the minimum number of seconds for which a Machine should be ready before considering it available. Defaults to 0 (Machine will be considered available as soon as the Machine is ready)

Validation: Minimum: 0

No
readinessGates
[]MachineReadinessGate
readinessGates specifies additional conditions to include when evaluating Machine Ready condition.

This field can be used e.g. by Cluster API control plane providers to extend the semantic of the Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc.

Another example are external controllers, e.g. responsible to install special software/hardware on the Machines; they can include the status of those components with a new condition and add this condition to ReadinessGates.

NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those readiness gates condition are reporting the same message, when computing the Machine's Ready condition those readinessGates will be replaced by a single entry reporting "Control plane components: " + message. This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster).

Validation: Minimum items: 1
Maximum items: 32

No
deletion
MachineDeletionSpec
deletion contains configuration options for Machine deletion.No
taints
[]MachineTaint
taints are the node taints that Cluster API will manage. This list is not necessarily complete: other Kubernetes components may add or remove other taints from nodes, e.g. the node controller might add the node.kubernetes.io/not-ready taint. Only those taints defined in this list will be added or removed by core Cluster API controllers.

There can be at most 64 taints. A pod would have to tolerate all existing taints to run on the corresponding node.

NOTE: This list is implemented as a "map" type, meaning that individual elements can be managed by different owners.

Validation: Minimum items: 1
Maximum items: 64

No

MachineStatus

MachineStatus defines the observed state of Machine.

Appears in: Machine

FieldDescriptionRequired
conditions
[]Condition
conditions represents the observations of a Machine's current state. Known condition types are Available, Ready, UpToDate, BootstrapConfigReady, InfrastructureReady, NodeReady, NodeHealthy, Updating, Deleting, Paused. If a MachineHealthCheck is targeting this machine, also HealthCheckSucceeded, OwnerRemediated conditions are added. Additionally control plane Machines controlled by KubeadmControlPlane will have following additional conditions: APIServerPodHealthy, ControllerManagerPodHealthy, SchedulerPodHealthy, EtcdPodHealthy, EtcdMemberHealthy, NodeKubeadmLabelsAndTaintsSet.

Validation: Maximum items: 32

No
initialization
MachineInitializationStatus
initialization provides observations of the Machine initialization process. NOTE: Fields in this struct are part of the Cluster API contract and are used to orchestrate initial Machine provisioning.No
nodeRef
MachineNodeReference
nodeRef will point to the corresponding Node if it exists.No
nodeInfo
NodeSystemInfo
nodeInfo is a set of ids/uuids to uniquely identify the node. More info: https://kubernetes.io/docs/concepts/nodes/node/#infoNo
lastUpdated
Time
lastUpdated identifies when the phase of the Machine last transitioned.No
addresses
MachineAddresses
addresses is a list of addresses assigned to the machine. This field is copied from the infrastructure provider reference.No
failureDomain
string
failureDomain is the failure domain where the Machine has been scheduled.

Validation: Minimum length: 1
Maximum length: 256

No
phase
string
phase represents the current phase of machine actuation.

Validation: Allowed values: Pending, Provisioning, Provisioned, Running, Updating, Deleting, Deleted, Failed, Unknown

No
certificatesExpiryDate
Time
certificatesExpiryDate is the expiry date of the machine certificates. This value is only set for control plane machines.No
observedGeneration
int64
observedGeneration is the latest generation observed by the controller.

Validation: Minimum: 1

No
deletion
MachineDeletionStatus
deletion contains information relating to removal of the Machine. Only present when the Machine has a deletionTimestamp and drain or wait for volume detach started.No
deprecated
MachineDeprecatedStatus
deprecated groups all the status fields that are deprecated and will be removed when all the nested field are removed.No

ObjectMeta

ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. This is a copy of customizable fields from metav1.ObjectMeta.

ObjectMeta is embedded in Machine.Spec, MachineDeployment.Template and MachineSet.Template, which are not top-level Kubernetes objects. Given that metav1.ObjectMeta has lots of special cases and read-only fields which end up in the generated CRD validation, having it as a subset simplifies the API and some issues that can impact user experience.

During the upgrade to controller-tools@v2 for v1alpha2, we noticed a failure would occur running Cluster API test suite against the new CRDs, specifically spec.metadata.creationTimestamp in body must be of type string: "null". The investigation showed that controller-tools@v2 behaves differently than its previous version when handling types from metav1 package.

In more details, we found that embedded (non-top level) types that embedded metav1.ObjectMeta had validation properties, including for creationTimestamp (metav1.Time). The metav1.Time type specifies a custom json marshaller that, when IsZero() is true, returns null which breaks validation because the field isn't marked as nullable.

In future versions, controller-tools@v2 might allow overriding the type and validation for embedded types. When that happens, this hack should be revisited.

Appears in: Cluster, ClusterClass, ControlPlaneClass, ControlPlaneTopology, Machine, MachineDeployment, MachineDeploymentClass, MachineDeploymentTopology, MachineDrainRule, MachineHealthCheck, MachineSet, MachineTemplateSpec

FieldDescriptionRequired
labels
map[string]string
labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labelsNo
annotations
map[string]string
annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotationsNo

APIEndpoint

APIEndpoint represents a reachable Kubernetes API endpoint.

Appears in: ClusterSpec

FieldDescriptionRequired
host
string
host is the hostname on which the API server is serving.

Validation: Minimum length: 1
Maximum length: 512

No
port
int32
port is the port on which the API server is serving.

Validation: Minimum: 1
Maximum: 65535

No

Bootstrap

Bootstrap encapsulates fields to configure the Machine’s bootstrapping mechanism.

Appears in: MachineSpec

FieldDescriptionRequired
configRef
ContractVersionedObjectReference
configRef is a reference to a bootstrap provider-specific resource that holds configuration details. The reference is optional to allow users/operators to specify Bootstrap.DataSecretName without the need of a controller.No
dataSecretName
string
dataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine should remain in the Pending state.

Validation: Maximum length: 253
Minimum length: 0

No

ClusterAvailabilityGate

ClusterAvailabilityGate contains the type of a Cluster condition to be used as availability gate.

Appears in: ClusterClassSpec, ClusterSpec

FieldDescriptionRequired
conditionType
string
conditionType refers to a condition with matching type in the Cluster's condition list. If the conditions doesn't exist, it will be treated as unknown. Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as availability gates.

Validation: Pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
Minimum length: 1
Maximum length: 316

No
polarity
ConditionPolarity
polarity of the conditionType specified in this availabilityGate. Valid values are Positive, Negative and omitted. When omitted, the default behaviour will be Positive. A positive polarity means that the condition should report a true status under normal conditions. A negative polarity means that the condition should report a false status under normal conditions.No

ClusterClassDeprecatedStatus

ClusterClassDeprecatedStatus groups all the status fields that are deprecated and will be removed in a future version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.

Appears in: ClusterClassStatus

FieldDescriptionRequired
v1beta1
ClusterClassV1Beta1DeprecatedStatus
v1beta1 groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped.No

ClusterClassPatch

ClusterClassPatch defines a patch which is applied to customize the referenced templates.

Appears in: ClusterClassSpec

FieldDescriptionRequired
name
string
name of the patch.

Validation: Minimum length: 1
Maximum length: 256

No
description
string
description is a human-readable description of this patch.

Validation: Maximum length: 1024
Minimum length: 1

No
enabledIf
string
enabledIf is a Go template to be used to calculate if a patch should be enabled. It can reference variables defined in .spec.variables and builtin variables. The patch will be enabled if the template evaluates to true, otherwise it will be disabled. If EnabledIf is not set, the patch will be enabled per default.

Validation: Minimum length: 1
Maximum length: 256

No
definitions
[]PatchDefinition
definitions define inline patches. Note: Patches will be applied in the order of the array. Note: Exactly one of Definitions or External must be set.

Validation: Maximum items: 100

No
external
ExternalPatchDefinition
external defines an external patch. Note: Exactly one of Definitions or External must be set.No

ClusterClassStatusVariable

ClusterClassStatusVariable defines a variable which appears in the status of a ClusterClass.

Appears in: ClusterClassStatus

FieldDescriptionRequired
name
string
name is the name of the variable.

Validation: Minimum length: 1
Maximum length: 256

No
definitionsConflict
bool
definitionsConflict specifies whether or not there are conflicting definitions for a single variable name.No
definitions
[]ClusterClassStatusVariableDefinition
definitions is a list of definitions for a variable.

Validation: Minimum items: 1
Maximum items: 100

No

ClusterClassUpgrade

ClusterClassUpgrade defines the upgrade configuration for clusters using the ClusterClass.

Appears in: ClusterClassSpec

FieldDescriptionRequired
external
ClusterClassUpgradeExternal
external defines external runtime extensions for upgrade operations.No

ClusterClassVariable

ClusterClassVariable defines a variable which can be configured in the Cluster topology and used in patches.

Appears in: ClusterClassSpec

FieldDescriptionRequired
name
string
name of the variable.

Validation: Minimum length: 1
Maximum length: 256

No
required
bool
required specifies if the variable is required. Note: this applies to the variable as a whole and thus the top-level object defined in the schema. If nested fields are required, this will be specified inside the schema.No
deprecatedV1Beta1Metadata
ClusterClassVariableMetadata
deprecatedV1Beta1Metadata is the metadata of a variable. It can be used to add additional data for higher level tools to a ClusterClassVariable.

Deprecated: This field is deprecated and will be removed when support for v1beta1 will be dropped. Please use XMetadata in JSONSchemaProps instead.
No
schema
VariableSchema
schema defines the schema of the variable.No

ClusterControlPlaneStatus

ClusterControlPlaneStatus groups all the observations about control plane current state.

Appears in: ClusterStatus

FieldDescriptionRequired
desiredReplicas
int32
desiredReplicas is the total number of desired control plane machines in this cluster.No
replicas
int32
replicas is the total number of control plane machines in this cluster. NOTE: replicas also includes machines still being provisioned or being deleted.No
upToDateReplicas
int32
upToDateReplicas is the number of up-to-date control plane machines in this cluster. A machine is considered up-to-date when Machine's UpToDate condition is true.No
readyReplicas
int32
readyReplicas is the total number of ready control plane machines in this cluster. A machine is considered ready when Machine's Ready condition is true.No
availableReplicas
int32
availableReplicas is the total number of available control plane machines in this cluster. A machine is considered available when Machine's Available condition is true.No

ClusterDeprecatedStatus

ClusterDeprecatedStatus groups all the status fields that are deprecated and will be removed in a future version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.

Appears in: ClusterStatus

FieldDescriptionRequired
v1beta1
ClusterV1Beta1DeprecatedStatus
v1beta1 groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped.No

ClusterInitializationStatus

ClusterInitializationStatus provides observations of the Cluster initialization process. NOTE: Fields in this struct are part of the Cluster API contract and are used to orchestrate initial Cluster provisioning.

Appears in: ClusterStatus

FieldDescriptionRequired
infrastructureProvisioned
bool
infrastructureProvisioned is true when the infrastructure provider reports that Cluster's infrastructure is fully provisioned. NOTE: this field is part of the Cluster API contract, and it is used to orchestrate provisioning. The value of this field is never updated after provisioning is completed.No
controlPlaneInitialized
bool
controlPlaneInitialized denotes when the control plane is functional enough to accept requests. This information is usually used as a signal for starting all the provisioning operations that depends on a functional API server, but do not require a full HA control plane to exists, like e.g. join worker Machines, install core addons like CNI, CPI, CSI etc. NOTE: this field is part of the Cluster API contract, and it is used to orchestrate provisioning. The value of this field is never updated after initialization is completed.No

ClusterNetwork

ClusterNetwork specifies the different networking parameters for a cluster.

Appears in: ClusterSpec

FieldDescriptionRequired
apiServerPort
int32
apiServerPort specifies the port the API Server should bind to. Defaults to 6443.

Validation: Minimum: 1
Maximum: 65535

No
services
NetworkRanges
services is the network ranges from which service VIPs are allocated.No
pods
NetworkRanges
pods is the network ranges from which Pod networks are allocated.No
serviceDomain
string
serviceDomain is the domain name for services.

Validation: Minimum length: 1
Maximum length: 253

No

Condition

Condition defines an observation of a Cluster API resource operational state.

Deprecated: This type is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.

Appears in: ClusterClassStatus, ClusterStatus, MachineDeploymentStatus, MachineHealthCheckStatus, MachineSetStatus, MachineStatus

FieldDescriptionRequired
type
ConditionType
type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.Yes
status
ConditionStatus
status of the condition, one of True, False, Unknown.Yes
severity
ConditionSeverity
severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.No
lastTransitionTime
Time
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.Yes
reason
string
reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may be empty.

Validation: Minimum length: 1
Maximum length: 256

No
message
string
message is a human readable message indicating details about the transition. This field may be empty.

Validation: Minimum length: 1
Maximum length: 10240

No

ContractVersionedObjectReference

ContractVersionedObjectReference is a reference to a resource for which the version is inferred from contract labels.

Appears in: Bootstrap, ClusterSpec, MachineSpec

FieldDescriptionRequired
kind
string
kind of the resource being referenced. kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character.

Validation: Pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Minimum length: 1
Maximum length: 63

No
name
string
name of the resource being referenced. name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.

Validation: Minimum length: 1
Maximum length: 253
Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

No
apiGroup
string
apiGroup is the group of the resource being referenced. apiGroup must be fully qualified domain name. The corresponding version for this reference will be looked up from the contract labels of the corresponding CRD of the resource being referenced.

Validation: Minimum length: 1
Maximum length: 253
Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

No

ControlPlaneClass

ControlPlaneClass defines the class for the control plane.

Appears in: ClusterClassSpec

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane if the ControlPlaneTemplate referenced is machine based. If not, it is applied only to the ControlPlane. At runtime this metadata is merged with the corresponding metadata from the topology.

This field is supported if and only if the control plane provider template referenced is Machine based.
No
templateRef
ClusterClassTemplateReference
templateRef contains the reference to a provider-specific control plane template.No
machineInfrastructure
ControlPlaneClassMachineInfrastructureTemplate
machineInfrastructure defines the metadata and infrastructure information for control plane machines.

This field is supported if and only if the control plane provider template referenced above is Machine based and supports setting replicas.
No
healthCheck
ControlPlaneClassHealthCheck
healthCheck defines a MachineHealthCheck for this ControlPlaneClass. This field is supported if and only if the ControlPlane provider template referenced above is Machine based and supports setting replicas.No
naming
ControlPlaneClassNamingSpec
naming allows changing the naming pattern used when creating the control plane provider object.No
deletion
ControlPlaneClassMachineDeletionSpec
deletion contains configuration options for Machine deletion.No
taints
[]MachineTaint
taints are the node taints that Cluster API will manage. This list is not necessarily complete: other Kubernetes components may add or remove other taints from nodes, e.g. the node controller might add the node.kubernetes.io/not-ready taint. Only those taints defined in this list will be added or removed by core Cluster API controllers.

There can be at most 64 taints. A pod would have to tolerate all existing taints to run on the corresponding node.

NOTE: This list is implemented as a "map" type, meaning that individual elements can be managed by different owners.

Validation: Minimum items: 1
Maximum items: 64

No
readinessGates
[]MachineReadinessGate
readinessGates specifies additional conditions to include when evaluating Machine Ready condition.

This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine.

NOTE: If a Cluster defines a custom list of readinessGates for the control plane, such list overrides readinessGates defined in this field. NOTE: Specific control plane provider implementations might automatically extend the list of readinessGates; e.g. the kubeadm control provider adds ReadinessGates for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc.

Validation: Minimum items: 1
Maximum items: 32

No

FailureDomain

FailureDomain is the Schema for Cluster API failure domains. It allows controllers to understand how many failure domains a cluster can optionally span across.

Appears in: ClusterStatus

FieldDescriptionRequired
name
string
name is the name of the failure domain.

Validation: Minimum length: 1
Maximum length: 256

No
controlPlane
bool
controlPlane determines if this failure domain is suitable for use by control plane machines.No
attributes
map[string]string
attributes is a free form map of attributes an infrastructure provider might use or require.No

InfrastructureClass

InfrastructureClass defines the class for the infrastructure cluster.

Appears in: ClusterClassSpec

FieldDescriptionRequired
templateRef
ClusterClassTemplateReference
templateRef contains the reference to a provider-specific infrastructure cluster template.No
naming
InfrastructureClassNamingSpec
naming allows changing the naming pattern used when creating the infrastructure cluster object.No

MachineAddresses

MachineAddresses is a slice of MachineAddress items to be used by infrastructure providers.

Appears in: MachineStatus

MachineDeletionSpec

MachineDeletionSpec contains configuration options for Machine deletion.

Appears in: MachineSpec

FieldDescriptionRequired
nodeDrainTimeoutSeconds
int32
nodeDrainTimeoutSeconds is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: nodeDrainTimeoutSeconds is different from kubectl drain --timeout

Validation: Minimum: 0

No
nodeVolumeDetachTimeoutSeconds
int32
nodeVolumeDetachTimeoutSeconds is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.

Validation: Minimum: 0

No
nodeDeletionTimeoutSeconds
int32
nodeDeletionTimeoutSeconds defines how long the controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. Defaults to 10 seconds.

Validation: Minimum: 0

No

MachineDeletionStatus

MachineDeletionStatus is the deletion state of the Machine.

Appears in: MachineStatus

FieldDescriptionRequired
nodeDrainStartTime
Time
nodeDrainStartTime is the time when the drain of the node started and is used to determine if the nodeDrainTimeoutSeconds is exceeded. Only present when the Machine has a deletionTimestamp and draining the node had been started.No
waitForNodeVolumeDetachStartTime
Time
waitForNodeVolumeDetachStartTime is the time when waiting for volume detachment started and is used to determine if the nodeVolumeDetachTimeoutSeconds is exceeded. Detaching volumes from nodes is usually done by CSI implementations and the current state is observed from the node's .Status.VolumesAttached field. Only present when the Machine has a deletionTimestamp and waiting for volume detachments had been started.No

MachineDeploymentDeletionSpec

MachineDeploymentDeletionSpec contains configuration options for MachineDeployment deletion.

Appears in: MachineDeploymentSpec

FieldDescriptionRequired
order
MachineSetDeletionOrder
order defines the order in which Machines are deleted when downscaling. Defaults to "Random". Valid values are "Random, "Newest", "Oldest"No

MachineDeploymentDeprecatedStatus

MachineDeploymentDeprecatedStatus groups all the status fields that are deprecated and will be removed in a future version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.

Appears in: MachineDeploymentStatus

FieldDescriptionRequired
v1beta1
MachineDeploymentV1Beta1DeprecatedStatus
v1beta1 groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped.No

MachineDeploymentRemediationSpec

MachineDeploymentRemediationSpec controls how unhealthy Machines are remediated.

Appears in: MachineDeploymentSpec

FieldDescriptionRequired
maxInFlight
IntOrString
maxInFlight determines how many in flight remediations should happen at the same time.

Remediation only happens on the MachineSet with the most current revision, while older MachineSets (usually present during rollout operations) aren't allowed to remediate.

Note: In general (independent of remediations), unhealthy machines are always prioritized during scale down operations over healthy ones.

MaxInFlight can be set to a fixed number or a percentage. Example: when this is set to 20%, the MachineSet controller deletes at most 20% of the desired replicas.

If not set, remediation is limited to all machines (bounded by replicas) under the active MachineSet's management.
No

MachineDeploymentRolloutSpec

MachineDeploymentRolloutSpec defines the rollout behavior.

Appears in: MachineDeploymentSpec

FieldDescriptionRequired
after
Time
after is a field to indicate a rollout should be performed after the specified time even if no changes have been made to the MachineDeployment. Example: In the YAML the time can be specified in the RFC3339 format. To specify the rolloutAfter target as March 9, 2023, at 9 am UTC use "2023-03-09T09:00:00Z".No
strategy
MachineDeploymentRolloutStrategy
strategy specifies how to roll out control plane Machines.No

MachineDeprecatedStatus

MachineDeprecatedStatus groups all the status fields that are deprecated and will be removed in a future version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.

Appears in: MachineStatus

FieldDescriptionRequired
v1beta1
MachineV1Beta1DeprecatedStatus
v1beta1 groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
No

MachineDrainRuleDrainConfig

MachineDrainRuleDrainConfig configures if and how Pods are drained.

Appears in: MachineDrainRuleSpec

FieldDescriptionRequired
behavior
MachineDrainRuleDrainBehavior
behavior defines the drain behavior. Can be either "Drain", "Skip", or "WaitCompleted". "Drain" means that the Pods to which this MachineDrainRule applies will be drained. If behavior is set to "Drain" the order in which Pods are drained can be configured with the order field. When draining Pods of a Node the Pods will be grouped by order and one group after another will be drained (by increasing order). Cluster API will wait until all Pods of a group are terminated / removed from the Node before starting with the next group. "Skip" means that the Pods to which this MachineDrainRule applies will be skipped during drain. "WaitCompleted" means that the pods to which this MachineDrainRule applies will never be evicted and we wait for them to be completed, it is enforced that pods marked with this behavior always have Order=0.No
order
int32
order defines the order in which Pods are drained. Pods with higher order are drained after Pods with lower order. order can only be set if behavior is set to "Drain". If order is not set, 0 will be used. Valid values for order are from -2147483648 to 2147483647 (inclusive).No

MachineDrainRuleMachineSelector

MachineDrainRuleMachineSelector defines to which Machines this MachineDrainRule should be applied.

Appears in: MachineDrainRuleSpec

FieldDescriptionRequired
selector
LabelSelector
selector is a label selector which selects Machines by their labels. This field follows standard label selector semantics; if not present or empty, it selects all Machines.

If clusterSelector is also set, then the selector as a whole selects Machines matching selector belonging to Clusters selected by clusterSelector. If clusterSelector is not set, it selects all Machines matching selector in all Clusters.
No
clusterSelector
LabelSelector
clusterSelector is a label selector which selects Machines by the labels of their Clusters. This field follows standard label selector semantics; if not present or empty, it selects Machines of all Clusters.

If selector is also set, then the selector as a whole selects Machines matching selector belonging to Clusters selected by clusterSelector. If selector is not set, it selects all Machines belonging to Clusters selected by clusterSelector.
No

MachineDrainRulePodSelector

MachineDrainRulePodSelector defines to which Pods this MachineDrainRule should be applied.

Appears in: MachineDrainRuleSpec

FieldDescriptionRequired
selector
LabelSelector
selector is a label selector which selects Pods by their labels. This field follows standard label selector semantics; if not present or empty, it selects all Pods.

If namespaceSelector is also set, then the selector as a whole selects Pods matching selector in Namespaces selected by namespaceSelector. If namespaceSelector is not set, it selects all Pods matching selector in all Namespaces.
No
namespaceSelector
LabelSelector
namespaceSelector is a label selector which selects Pods by the labels of their Namespaces. This field follows standard label selector semantics; if not present or empty, it selects Pods of all Namespaces.

If selector is also set, then the selector as a whole selects Pods matching selector in Namespaces selected by namespaceSelector. If selector is not set, it selects all Pods in Namespaces selected by namespaceSelector.
No

MachineHealthCheckChecks

MachineHealthCheckChecks are the checks that are used to evaluate if a Machine is healthy.

Appears in: MachineHealthCheckSpec

FieldDescriptionRequired
nodeStartupTimeoutSeconds
int32
nodeStartupTimeoutSeconds allows to set the maximum time for MachineHealthCheck to consider a Machine unhealthy if a corresponding Node isn't associated through a Spec.ProviderID field.

The duration set in this field is compared to the greatest of:
  • Cluster's infrastructure ready condition timestamp (if and when available)
  • Control Plane's initialized condition timestamp (if and when available)
  • Machine's infrastructure ready condition timestamp (if and when available)
  • Machine's metadata creation timestamp


Defaults to 10 minutes. If you wish to disable this feature, set the value explicitly to 0.

Validation: Minimum: 0

No
unhealthyNodeConditions
[]UnhealthyNodeCondition
unhealthyNodeConditions contains a list of conditions that determine whether a node is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy.

Validation: Minimum items: 1
Maximum items: 100

No
unhealthyMachineConditions
[]UnhealthyMachineCondition
unhealthyMachineConditions contains a list of the machine conditions that determine whether a machine is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the machine is unhealthy.

Validation: Minimum items: 1
Maximum items: 100

No

MachineHealthCheckDeprecatedStatus

MachineHealthCheckDeprecatedStatus groups all the status fields that are deprecated and will be removed in a future version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.

Appears in: MachineHealthCheckStatus

FieldDescriptionRequired
v1beta1
MachineHealthCheckV1Beta1DeprecatedStatus
v1beta1 groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped.No

MachineHealthCheckRemediation

MachineHealthCheckRemediation configures if and how remediations are triggered if a Machine is unhealthy.

Appears in: MachineHealthCheckSpec

FieldDescriptionRequired
triggerIf
MachineHealthCheckRemediationTriggerIf
triggerIf configures if remediations are triggered. If this field is not set, remediations are always triggered.No
templateRef
MachineHealthCheckRemediationTemplateReference
templateRef is a reference to a remediation template provided by an infrastructure provider.

This field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Cluster API.
No

MachineInitializationStatus

MachineInitializationStatus provides observations of the Machine initialization process. NOTE: Fields in this struct are part of the Cluster API contract and are used to orchestrate initial Machine provisioning.

Appears in: MachineStatus

FieldDescriptionRequired
infrastructureProvisioned
bool
infrastructureProvisioned is true when the infrastructure provider reports that Machine's infrastructure is fully provisioned. NOTE: this field is part of the Cluster API contract, and it is used to orchestrate provisioning. The value of this field is never updated after provisioning is completed.No
bootstrapDataSecretCreated
bool
bootstrapDataSecretCreated is true when the bootstrap provider reports that the Machine's boostrap secret is created. NOTE: this field is part of the Cluster API contract, and it is used to orchestrate provisioning. The value of this field is never updated after provisioning is completed.No

MachineNamingSpec

MachineNamingSpec allows changing the naming pattern used when creating Machines. Note: InfraMachines & BootstrapConfigs will use the same name as the corresponding Machines.

Appears in: MachineDeploymentSpec, MachineSetSpec

FieldDescriptionRequired
template
string
template defines the template to use for generating the names of the Machine objects. If not defined, it will fallback to {{ .machineSet.name }}-{{ .random }}. If the generated name string exceeds 63 characters, it will be trimmed to 58 characters and will get concatenated with a random suffix of length 5. Length of the template string must not exceed 256 characters. The template allows the following variables .cluster.name, .machineSet.name and .random. The variable .cluster.name retrieves the name of the cluster object that owns the Machines being created. The variable .machineSet.name retrieves the name of the MachineSet object that owns the Machines being created. The variable .random is substituted with random alphanumeric string, without vowels, of length 5. This variable is required part of the template. If not provided, validation will fail.

Validation: Maximum length: 256
Minimum length: 1

No

MachineNodeReference

MachineNodeReference is a reference to the node running on the machine.

Appears in: MachineStatus

FieldDescriptionRequired
name
string
name of the node. name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.

Validation: Maximum length: 253
Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Minimum length: 1

No

MachineReadinessGate

MachineReadinessGate contains the type of a Machine condition to be used as a readiness gate.

Appears in: ControlPlaneClass, ControlPlaneTopology, MachineDeploymentClass, MachineDeploymentTopology, MachineSpec

FieldDescriptionRequired
conditionType
string
conditionType refers to a condition with matching type in the Machine's condition list. If the conditions doesn't exist, it will be treated as unknown. Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates.

Validation: Pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
Minimum length: 1
Maximum length: 316

No
polarity
ConditionPolarity
polarity of the conditionType specified in this readinessGate. Valid values are Positive, Negative and omitted. When omitted, the default behaviour will be Positive. A positive polarity means that the condition should report a true status under normal conditions. A negative polarity means that the condition should report a false status under normal conditions.No

MachineSetDeletionSpec

MachineSetDeletionSpec contains configuration options for MachineSet deletion.

Appears in: MachineSetSpec

FieldDescriptionRequired
order
MachineSetDeletionOrder
order defines the order in which Machines are deleted when downscaling. Defaults to "Random". Valid values are "Random, "Newest", "Oldest"No

MachineSetDeprecatedStatus

MachineSetDeprecatedStatus groups all the status fields that are deprecated and will be removed in a future version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.

Appears in: MachineSetStatus

FieldDescriptionRequired
v1beta1
MachineSetV1Beta1DeprecatedStatus
v1beta1 groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped.No

MachineTaint

MachineTaint defines a taint equivalent to corev1.Taint, but additionally having a propagation field.

Appears in: ControlPlaneClass, ControlPlaneTopology, MachineDeploymentClass, MachineDeploymentTopology, MachineSpec

FieldDescriptionRequired
key
string
key is the taint key to be applied to a node. Must be a valid qualified name of maximum size 63 characters with an optional subdomain prefix of maximum size 253 characters, separated by a /.

Validation: Minimum length: 1
Maximum length: 317
Pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/)?([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]$

No
value
string
value is the taint value corresponding to the taint key. It must be a valid label value of maximum size 63 characters.

Validation: Minimum length: 1
Maximum length: 63
Pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$

No
effect
TaintEffect
effect is the effect for the taint. Valid values are NoSchedule, PreferNoSchedule and NoExecute.

Validation: Allowed values: NoSchedule, PreferNoSchedule, NoExecute

No
propagation
MachineTaintPropagation
propagation defines how this taint should be propagated to nodes. Valid values are 'Always' and 'OnInitialization'. Always: The taint will be continuously reconciled. If it is not set for a node, it will be added during reconciliation. OnInitialization: The taint will be added during node initialization. If it gets removed from the node later on it will not get added again.No

MachineTemplateSpec

MachineTemplateSpec describes the data needed to create a Machine from a template.

Appears in: MachineDeploymentSpec, MachineSetSpec

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
MachineSpec
spec is the specification of the desired behavior of the machine. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusNo

Topology

Topology encapsulates the information of the managed resources.

Appears in: ClusterSpec

FieldDescriptionRequired
classRef
ClusterClassRef
classRef is the ref to the ClusterClass that should be used for the topology.No
version
string
version is the Kubernetes version of the cluster.

Validation: Minimum length: 1
Maximum length: 256

No
controlPlane
ControlPlaneTopology
controlPlane describes the cluster control plane.No
workers
WorkersTopology
workers encapsulates the different constructs that form the worker nodes for the cluster.No
variables
[]ClusterVariable
variables can be used to customize the Cluster through patches. They must comply to the corresponding VariableClasses defined in the ClusterClass.

Validation: Maximum items: 1000
Minimum items: 1

No

WorkersClass

WorkersClass is a collection of deployment classes.

Appears in: ClusterClassSpec

FieldDescriptionRequired
machineDeployments
[]MachineDeploymentClass
machineDeployments is a list of machine deployment classes that can be used to create a set of worker nodes.

Validation: Minimum items: 1
Maximum items: 100

No
machinePools
[]MachinePoolClass
machinePools is a list of machine pool classes that can be used to create a set of worker nodes.

Validation: Minimum items: 1
Maximum items: 100

No

WorkersStatus

WorkersStatus groups all the observations about workers current state.

Appears in: ClusterStatus

FieldDescriptionRequired
desiredReplicas
int32
desiredReplicas is the total number of desired worker machines in this cluster.No
replicas
int32
replicas is the total number of worker machines in this cluster. NOTE: replicas also includes machines still being provisioned or being deleted.No
upToDateReplicas
int32
upToDateReplicas is the number of up-to-date worker machines in this cluster. A machine is considered up-to-date when Machine's UpToDate condition is true.No
readyReplicas
int32
readyReplicas is the total number of ready worker machines in this cluster. A machine is considered ready when Machine's Ready condition is true.No
availableReplicas
int32
availableReplicas is the total number of available worker machines in this cluster. A machine is considered available when Machine's Available condition is true.No

ClusterClassRef

ClusterClassRef is the ref to the ClusterClass that should be used for the topology.

Appears in: Topology

FieldDescriptionRequired
name
string
name is the name of the ClusterClass that should be used for the topology. name must be a valid ClusterClass name and because of that be at most 253 characters in length and it must consist only of lower case alphanumeric characters, hyphens (-) and periods (.), and must start and end with an alphanumeric character.

Validation: Maximum length: 253
Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Minimum length: 1

No
namespace
string
namespace is the namespace of the ClusterClass that should be used for the topology. If namespace is empty or not set, it is defaulted to the namespace of the Cluster object. namespace must be a valid namespace name and because of that be at most 63 characters in length and it must consist only of lower case alphanumeric characters or hyphens (-), and must start and end with an alphanumeric character.

Validation: Minimum length: 1
Maximum length: 63
Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$

No

ClusterClassStatusVariableDefinition

ClusterClassStatusVariableDefinition defines a variable which appears in the status of a ClusterClass.

Appears in: ClusterClassStatusVariable

FieldDescriptionRequired
from
string
from specifies the origin of the variable definition. This will be inline for variables defined in the ClusterClass or the name of a patch defined in the ClusterClass for variables discovered from a DiscoverVariables runtime extensions.

Validation: Minimum length: 1
Maximum length: 256

No
required
bool
required specifies if the variable is required. Note: this applies to the variable as a whole and thus the top-level object defined in the schema. If nested fields are required, this will be specified inside the schema.No
deprecatedV1Beta1Metadata
ClusterClassVariableMetadata
deprecatedV1Beta1Metadata is the metadata of a variable. It can be used to add additional data for higher level tools to a ClusterClassVariable.

Deprecated: This field is deprecated and will be removed when support for v1beta1 will be dropped. Please use XMetadata in JSONSchemaProps instead.
No
schema
VariableSchema
schema defines the schema of the variable.No

ClusterClassTemplateReference

ClusterClassTemplateReference is a reference to a ClusterClass template.

Appears in: ControlPlaneClass, ControlPlaneClassMachineInfrastructureTemplate, InfrastructureClass, MachineDeploymentClassBootstrapTemplate, MachineDeploymentClassInfrastructureTemplate

FieldDescriptionRequired
kind
string
kind of the template. kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character.

Validation: Minimum length: 1
Maximum length: 63
Pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$

No
name
string
name of the template. name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.

Validation: Minimum length: 1
Maximum length: 253
Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

No
apiVersion
string
apiVersion of the template. apiVersion must be fully qualified domain name followed by / and a version.

Validation: Maximum length: 317
Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[a-z]([-a-z0-9]*[a-z0-9])?$
Minimum length: 1

No

ClusterClassUpgradeExternal

ClusterClassUpgradeExternal defines external runtime extensions for upgrade operations.

Appears in: ClusterClassUpgrade

FieldDescriptionRequired
generateUpgradePlanExtension
string
generateUpgradePlanExtension references an extension which is called to generate upgrade plan.

Validation: Minimum length: 1
Maximum length: 512

No

ClusterClassV1Beta1DeprecatedStatus

ClusterClassV1Beta1DeprecatedStatus groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.

Appears in: ClusterClassDeprecatedStatus

FieldDescriptionRequired
conditions
Conditions
conditions defines current observed state of the ClusterClass.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
No

ClusterClassVariableMetadata

ClusterClassVariableMetadata is the metadata of a variable. It can be used to add additional data for higher level tools to a ClusterClassVariable.

Deprecated: This struct is deprecated and is going to be removed in the next apiVersion.

Appears in: ClusterClassStatusVariableDefinition, ClusterClassVariable

FieldDescriptionRequired
labels
map[string]string
labels is a map of string keys and values that can be used to organize and categorize (scope and select) variables.No
annotations
map[string]string
annotations is an unstructured key value map that can be used to store and retrieve arbitrary metadata. They are not queryable.No

ClusterV1Beta1DeprecatedStatus

ClusterV1Beta1DeprecatedStatus groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.

Appears in: ClusterDeprecatedStatus

FieldDescriptionRequired
conditions
Conditions
conditions defines current service state of the cluster.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
No
failureReason
ClusterStatusError
failureReason indicates that there is a fatal problem reconciling the state, and will be set to a token value suitable for programmatic interpretation.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
No
failureMessage
string
failureMessage indicates that there is a fatal problem reconciling the state, and will be set to a descriptive error message.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.

Validation: Minimum length: 1
Maximum length: 10240

No

ClusterVariable

ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a Variable definition in the ClusterClass status variables.

Appears in: ControlPlaneVariables, MachineDeploymentVariables, Topology

FieldDescriptionRequired
name
string
name of the variable.

Validation: Minimum length: 1
Maximum length: 256

No
value
JSON
value of the variable. Note: the value will be validated against the schema of the corresponding ClusterClassVariable from the ClusterClass. Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools, i.e. it is not possible to have no type field. Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111No

ConditionPolarity

ConditionPolarity defines the polarity for a metav1.Condition.

Appears in: ClusterAvailabilityGate, MachineReadinessGate

ConditionSeverity

ConditionSeverity expresses the severity of a Condition Type failing.

Deprecated: This type is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.

Appears in: Condition

ConditionType

ConditionType is a valid value for Condition.Type.

Deprecated: This type is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.

Appears in: Condition

ControlPlaneClassHealthCheck

ControlPlaneClassHealthCheck defines a MachineHealthCheck for control plane machines.

Appears in: ControlPlaneClass

FieldDescriptionRequired
checks
ControlPlaneClassHealthCheckChecks
checks are the checks that are used to evaluate if a Machine is healthy.

Independent of this configuration the MachineHealthCheck controller will always flag Machines with cluster.x-k8s.io/remediate-machine annotation and Machines with deleted Nodes as unhealthy.

Furthermore, if checks.nodeStartupTimeoutSeconds is not set it is defaulted to 10 minutes and evaluated accordingly.
No
remediation
ControlPlaneClassHealthCheckRemediation
remediation configures if and how remediations are triggered if a Machine is unhealthy.

If remediation or remediation.triggerIf is not set, remediation will always be triggered for unhealthy Machines.

If remediation or remediation.templateRef is not set, the OwnerRemediated condition will be set on unhealthy Machines to trigger remediation via the owner of the Machines, for example a MachineSet or a KubeadmControlPlane.
No

ControlPlaneClassMachineDeletionSpec

ControlPlaneClassMachineDeletionSpec contains configuration options for Machine deletion.

Appears in: ControlPlaneClass

FieldDescriptionRequired
nodeDrainTimeoutSeconds
int32
nodeDrainTimeoutSeconds is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: nodeDrainTimeoutSeconds is different from kubectl drain --timeout NOTE: This value can be overridden while defining a Cluster.Topology.

Validation: Minimum: 0

No
nodeVolumeDetachTimeoutSeconds
int32
nodeVolumeDetachTimeoutSeconds is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. NOTE: This value can be overridden while defining a Cluster.Topology.

Validation: Minimum: 0

No
nodeDeletionTimeoutSeconds
int32
nodeDeletionTimeoutSeconds defines how long the controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. Defaults to 10 seconds. NOTE: This value can be overridden while defining a Cluster.Topology.

Validation: Minimum: 0

No

ControlPlaneClassMachineInfrastructureTemplate

ControlPlaneClassMachineInfrastructureTemplate defines the template for a MachineInfrastructure of a ControlPlane.

Appears in: ControlPlaneClass

FieldDescriptionRequired
templateRef
ClusterClassTemplateReference
templateRef is a required reference to the template for a MachineInfrastructure of a ControlPlane.No

ControlPlaneClassNamingSpec

ControlPlaneClassNamingSpec defines the naming strategy for control plane objects.

Appears in: ControlPlaneClass

FieldDescriptionRequired
template
string
template defines the template to use for generating the name of the ControlPlane object. If not defined, it will fallback to {{ .cluster.name }}-{{ .random }}. If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will get concatenated with a random suffix of length 5. The templating mechanism provides the following arguments: * .cluster.name: The name of the cluster object. * .random: A random alphanumeric string, without vowels, of length 5.

Validation: Minimum length: 1
Maximum length: 1024

No

ControlPlaneTopology

ControlPlaneTopology specifies the parameters for the control plane nodes in the cluster.

Appears in: Topology

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane if the ControlPlaneTemplate referenced by the ClusterClass is machine based. If not, it is applied only to the ControlPlane. At runtime this metadata is merged with the corresponding metadata from the ClusterClass.No
replicas
int32
replicas is the number of control plane nodes. If the value is not set, the ControlPlane object is created without the number of Replicas and it's assumed that the control plane controller does not implement support for this field. When specified against a control plane provider that lacks support for this field, this value will be ignored.No
rollout
ControlPlaneTopologyRolloutSpec
rollout allows you to configure the behavior of rolling updates to the control plane.No
healthCheck
ControlPlaneTopologyHealthCheck
healthCheck allows to enable, disable and override control plane health check configuration from the ClusterClass for this control plane.No
deletion
ControlPlaneTopologyMachineDeletionSpec
deletion contains configuration options for Machine deletion.No
taints
[]MachineTaint
taints are the node taints that Cluster API will manage. This list is not necessarily complete: other Kubernetes components may add or remove other taints from nodes, e.g. the node controller might add the node.kubernetes.io/not-ready taint. Only those taints defined in this list will be added or removed by core Cluster API controllers.

There can be at most 64 taints. A pod would have to tolerate all existing taints to run on the corresponding node.

NOTE: This list is implemented as a "map" type, meaning that individual elements can be managed by different owners.

Validation: Maximum items: 64
Minimum items: 1

No
readinessGates
[]MachineReadinessGate
readinessGates specifies additional conditions to include when evaluating Machine Ready condition.

This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine.

If this field is not defined, readinessGates from the corresponding ControlPlaneClass will be used, if any.

NOTE: Specific control plane provider implementations might automatically extend the list of readinessGates; e.g. the kubeadm control provider adds ReadinessGates for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc.

Validation: Minimum items: 1
Maximum items: 32

No
variables
ControlPlaneVariables
variables can be used to customize the ControlPlane through patches.No

ExternalPatchDefinition

ExternalPatchDefinition defines an external patch. Note: At least one of GeneratePatchesExtension or ValidateTopologyExtension must be set.

Appears in: ClusterClassPatch

FieldDescriptionRequired
generatePatchesExtension
string
generatePatchesExtension references an extension which is called to generate patches.

Validation: Minimum length: 1
Maximum length: 512

No
validateTopologyExtension
string
validateTopologyExtension references an extension which is called to validate the topology.

Validation: Minimum length: 1
Maximum length: 512

No
discoverVariablesExtension
string
discoverVariablesExtension references an extension which is called to discover variables.

Validation: Minimum length: 1
Maximum length: 512

No
settings
map[string]string
settings defines key value pairs to be passed to the extensions. Values defined here take precedence over the values defined in the corresponding ExtensionConfig.No

InfrastructureClassNamingSpec

InfrastructureClassNamingSpec defines the naming strategy for infrastructure objects.

Appears in: InfrastructureClass

FieldDescriptionRequired
template
string
template defines the template to use for generating the name of the Infrastructure object. If not defined, it will fallback to {{ .cluster.name }}-{{ .random }}. If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will get concatenated with a random suffix of length 5. The templating mechanism provides the following arguments: * .cluster.name: The name of the cluster object. * .random: A random alphanumeric string, without vowels, of length 5.

Validation: Minimum length: 1
Maximum length: 1024

No

MachineDeploymentClass

MachineDeploymentClass serves as a template to define a set of worker nodes of the cluster provisioned using the ClusterClass.

Appears in: WorkersClass

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment. At runtime this metadata is merged with the corresponding metadata from the topology.No
class
string
class denotes a type of worker node present in the cluster, this name MUST be unique within a ClusterClass and can be referenced in the Cluster to create a managed MachineDeployment.

Validation: Minimum length: 1
Maximum length: 256

No
bootstrap
MachineDeploymentClassBootstrapTemplate
bootstrap contains the bootstrap template reference to be used for the creation of worker Machines.No
infrastructure
MachineDeploymentClassInfrastructureTemplate
infrastructure contains the infrastructure template reference to be used for the creation of worker Machines.No
healthCheck
MachineDeploymentClassHealthCheck
healthCheck defines a MachineHealthCheck for this MachineDeploymentClass.No
failureDomain
string
failureDomain is the failure domain the machines will be created in. Must match the name of a FailureDomain from the Cluster status. NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.

Validation: Minimum length: 1
Maximum length: 256

No
naming
MachineDeploymentClassNamingSpec
naming allows changing the naming pattern used when creating the MachineDeployment.No
deletion
MachineDeploymentClassMachineDeletionSpec
deletion contains configuration options for Machine deletion.No
taints
[]MachineTaint
taints are the node taints that Cluster API will manage. This list is not necessarily complete: other Kubernetes components may add or remove other taints from nodes, e.g. the node controller might add the node.kubernetes.io/not-ready taint. Only those taints defined in this list will be added or removed by core Cluster API controllers.

There can be at most 64 taints. A pod would have to tolerate all existing taints to run on the corresponding node.

NOTE: This list is implemented as a "map" type, meaning that individual elements can be managed by different owners.

Validation: Minimum items: 1
Maximum items: 64

No
minReadySeconds
int32
minReadySeconds is the minimum number of seconds for which a newly created machine should be ready. Defaults to 0 (machine will be considered available as soon as it is ready) NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.

Validation: Minimum: 0

No
readinessGates
[]MachineReadinessGate
readinessGates specifies additional conditions to include when evaluating Machine Ready condition.

This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine.

NOTE: If a Cluster defines a custom list of readinessGates for a MachineDeployment using this MachineDeploymentClass, such list overrides readinessGates defined in this field.

Validation: Minimum items: 1
Maximum items: 32

No
rollout
MachineDeploymentClassRolloutSpec
rollout allows you to configure the behaviour of rolling updates to the MachineDeployment Machines. It allows you to define the strategy used during rolling replacements.No

MachineDeploymentRolloutStrategy

MachineDeploymentRolloutStrategy describes how to replace existing machines with new ones.

Appears in: MachineDeploymentRolloutSpec

FieldDescriptionRequired
type
MachineDeploymentRolloutStrategyType
type of rollout. Allowed values are RollingUpdate and OnDelete. Default is RollingUpdate.No
rollingUpdate
MachineDeploymentRolloutStrategyRollingUpdate
rollingUpdate is the rolling update config params. Present only if type = RollingUpdate.No

MachineDeploymentV1Beta1DeprecatedStatus

MachineDeploymentV1Beta1DeprecatedStatus groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.

Appears in: MachineDeploymentDeprecatedStatus

FieldDescriptionRequired
conditions
Conditions
conditions defines current service state of the MachineDeployment.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
No
updatedReplicas
int32
updatedReplicas is the total number of non-terminated machines targeted by this deployment that have the desired template spec.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
No
readyReplicas
int32
readyReplicas is the total number of ready machines targeted by this deployment.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
No
availableReplicas
int32
availableReplicas is the total number of available machines (ready for at least minReadySeconds) targeted by this deployment.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
No
unavailableReplicas
int32
unavailableReplicas is the total number of unavailable machines targeted by this deployment. This is the total number of machines that are still required for the deployment to have 100% available capacity. They may either be machines that are running but not yet available or machines that still have not been created.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
No

MachineDrainRuleDrainBehavior

MachineDrainRuleDrainBehavior defines the drain behavior. Can be either "Drain", "Skip", or "WaitCompleted".

Appears in: MachineDrainRuleDrainConfig

MachineHealthCheckRemediationTemplateReference

MachineHealthCheckRemediationTemplateReference is a reference to a remediation template.

Appears in: ControlPlaneClassHealthCheckRemediation, ControlPlaneTopologyHealthCheckRemediation, MachineDeploymentClassHealthCheckRemediation, MachineDeploymentTopologyHealthCheckRemediation, MachineHealthCheckRemediation

FieldDescriptionRequired
kind
string
kind of the remediation template. kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character.

Validation: Minimum length: 1
Maximum length: 63
Pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$

No
name
string
name of the remediation template. name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.

Validation: Minimum length: 1
Maximum length: 253
Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

No
apiVersion
string
apiVersion of the remediation template. apiVersion must be fully qualified domain name followed by / and a version. NOTE: This field must be kept in sync with the APIVersion of the remediation template.

Validation: Minimum length: 1
Maximum length: 317
Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[a-z]([-a-z0-9]*[a-z0-9])?$

No

MachineHealthCheckRemediationTriggerIf

MachineHealthCheckRemediationTriggerIf configures if remediations are triggered.

Appears in: MachineHealthCheckRemediation

FieldDescriptionRequired
unhealthyLessThanOrEqualTo
IntOrString
unhealthyLessThanOrEqualTo specifies that remediations are only triggered if the number of unhealthy Machines is less than or equal to the configured value. unhealthyInRange takes precedence if set.No
unhealthyInRange
string
unhealthyInRange specifies that remediations are only triggered if the number of unhealthy Machines is in the configured range. Takes precedence over unhealthyLessThanOrEqualTo. Eg. "[3-5]" - This means that remediation will be allowed only when: (a) there are at least 3 unhealthy Machines (and) (b) there are at most 5 unhealthy Machines

Validation: Maximum length: 32
Pattern: ^\[[0-9]+-[0-9]+\]$
Minimum length: 1

No

MachineHealthCheckV1Beta1DeprecatedStatus

MachineHealthCheckV1Beta1DeprecatedStatus groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.

Appears in: MachineHealthCheckDeprecatedStatus

FieldDescriptionRequired
conditions
Conditions
conditions defines current service state of the MachineHealthCheck.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
No

MachineSetDeletionOrder

MachineSetDeletionOrder defines how priority is assigned to nodes to delete when downscaling a MachineSet. Defaults to "Random".

Appears in: MachineDeploymentClassMachineDeletionSpec, MachineDeploymentDeletionSpec, MachineDeploymentTopologyMachineDeletionSpec, MachineSetDeletionSpec

MachineSetV1Beta1DeprecatedStatus

MachineSetV1Beta1DeprecatedStatus groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.

Appears in: MachineSetDeprecatedStatus

FieldDescriptionRequired
conditions
Conditions
conditions defines current service state of the MachineSet.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
No
failureReason
MachineSetStatusError
failureReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation.

In the event that there is a terminal problem reconciling the replicas, both FailureReason and FailureMessage will be set. FailureReason will be populated with a succinct value suitable for machine interpretation, while FailureMessage will contain a more verbose string suitable for logging and human consumption.

These fields should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the MachineTemplate's spec or the configuration of the machine controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the machine controller, or the responsible machine controller itself being critically misconfigured.

Any transient errors that occur during the reconciliation of Machines can be added as events to the MachineSet object and/or logged in the controller's output.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
No
failureMessage
string
failureMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.

Validation: Minimum length: 1
Maximum length: 10240

No
fullyLabeledReplicas
int32
fullyLabeledReplicas is the number of replicas that have labels matching the labels of the machine template of the MachineSet.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
No
readyReplicas
int32
readyReplicas is the number of ready replicas for this MachineSet. A machine is considered ready when the node has been created and is "Ready".

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
No
availableReplicas
int32
availableReplicas is the number of available replicas (ready for at least minReadySeconds) for this MachineSet.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
No

MachineTaintPropagation

MachineTaintPropagation defines when a taint should be propagated to nodes.

Appears in: MachineTaint

MachineV1Beta1DeprecatedStatus

MachineV1Beta1DeprecatedStatus groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.

Appears in: MachineDeprecatedStatus

FieldDescriptionRequired
conditions
Conditions
conditions defines current service state of the Machine.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
No
failureReason
MachineStatusError
failureReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation.

This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured.

Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
No
failureMessage
string
failureMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption.

This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured.

Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.

Validation: Maximum length: 10240
Minimum length: 1

No

NetworkRanges

NetworkRanges represents ranges of network addresses.

Appears in: ClusterNetwork

FieldDescriptionRequired
cidrBlocks
[]string
cidrBlocks is a list of CIDR blocks.

Validation: Minimum items: 1
Maximum items: 100
items:MinLength: 1
items:MaxLength: 43

No

PatchDefinition

PatchDefinition defines a patch which is applied to customize the referenced templates.

Appears in: ClusterClassPatch

FieldDescriptionRequired
selector
PatchSelector
selector defines on which templates the patch should be applied.No
jsonPatches
[]JSONPatch
jsonPatches defines the patches which should be applied on the templates matching the selector. Note: Patches will be applied in the order of the array.

Validation: Maximum items: 100
Minimum items: 1

No

UnhealthyMachineCondition

UnhealthyMachineCondition represents a Machine condition type and value with a timeout specified as a duration. When the named condition has been in the given status for at least the timeout value, a machine is considered unhealthy.

Appears in: ControlPlaneClassHealthCheckChecks, ControlPlaneTopologyHealthCheckChecks, MachineDeploymentClassHealthCheckChecks, MachineDeploymentTopologyHealthCheckChecks, MachineHealthCheckChecks

FieldDescriptionRequired
type
string
type of Machine condition

Validation: Pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
Minimum length: 1
Maximum length: 316
type must not be one of: Ready, Available, HealthCheckSucceeded, OwnerRemediated, ExternallyRemediated

No
status
ConditionStatus
status of the condition, one of True, False, Unknown.

Validation: Allowed values: True, False, Unknown

No
timeoutSeconds
int32
timeoutSeconds is the duration that a machine must be in a given status for, after which the machine is considered unhealthy. For example, with a value of "3600", the machine must match the status for at least 1 hour before being considered unhealthy.

Validation: Minimum: 0

No

UnhealthyNodeCondition

UnhealthyNodeCondition represents a Node condition type and value with a timeout specified as a duration. When the named condition has been in the given status for at least the timeout value, a node is considered unhealthy.

Appears in: ControlPlaneClassHealthCheckChecks, ControlPlaneTopologyHealthCheckChecks, MachineDeploymentClassHealthCheckChecks, MachineDeploymentTopologyHealthCheckChecks, MachineHealthCheckChecks

FieldDescriptionRequired
type
NodeConditionType
type of Node condition

Validation: Type: string
Minimum length: 1

No
status
ConditionStatus
status of the condition, one of True, False, Unknown.

Validation: Type: string
Minimum length: 1

No
timeoutSeconds
int32
timeoutSeconds is the duration that a node must be in a given status for, after which the node is considered unhealthy. For example, with a value of "3600", the node must match the status for at least 1 hour before being considered unhealthy.

Validation: Minimum: 0

No

VariableSchema

VariableSchema defines the schema of a variable.

Appears in: ClusterClassStatusVariableDefinition, ClusterClassVariable

FieldDescriptionRequired
openAPIV3Schema
JSONSchemaProps
openAPIV3Schema defines the schema of a variable via OpenAPI v3 schema. The schema is a subset of the schema used in Kubernetes CRDs.No

WorkersTopology

WorkersTopology represents the different sets of worker nodes in the cluster.

Appears in: Topology

FieldDescriptionRequired
machineDeployments
[]MachineDeploymentTopology
machineDeployments is a list of machine deployments in the cluster.

Validation: Minimum items: 1
Maximum items: 2000

No
machinePools
[]MachinePoolTopology
machinePools is a list of machine pools in the cluster.

Validation: Minimum items: 1
Maximum items: 2000

No

Conditions

Conditions provide observations of the operational state of a Cluster API resource.

Deprecated: This type is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.

Appears in: ClusterClassV1Beta1DeprecatedStatus, ClusterV1Beta1DeprecatedStatus, MachineDeploymentV1Beta1DeprecatedStatus, MachineHealthCheckV1Beta1DeprecatedStatus, MachineSetV1Beta1DeprecatedStatus, MachineV1Beta1DeprecatedStatus

ControlPlaneClassHealthCheckChecks

ControlPlaneClassHealthCheckChecks are the checks that are used to evaluate if a control plane Machine is healthy.

Appears in: ControlPlaneClassHealthCheck

FieldDescriptionRequired
nodeStartupTimeoutSeconds
int32
nodeStartupTimeoutSeconds allows to set the maximum time for MachineHealthCheck to consider a Machine unhealthy if a corresponding Node isn't associated through a Spec.ProviderID field.

The duration set in this field is compared to the greatest of:
  • Cluster's infrastructure ready condition timestamp (if and when available)
  • Control Plane's initialized condition timestamp (if and when available)
  • Machine's infrastructure ready condition timestamp (if and when available)
  • Machine's metadata creation timestamp


Defaults to 10 minutes. If you wish to disable this feature, set the value explicitly to 0.

Validation: Minimum: 0

No
unhealthyNodeConditions
[]UnhealthyNodeCondition
unhealthyNodeConditions contains a list of conditions that determine whether a node is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy.

Validation: Minimum items: 1
Maximum items: 100

No
unhealthyMachineConditions
[]UnhealthyMachineCondition
unhealthyMachineConditions contains a list of the machine conditions that determine whether a machine is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the machine is unhealthy.

Validation: Minimum items: 1
Maximum items: 100

No

ControlPlaneClassHealthCheckRemediation

ControlPlaneClassHealthCheckRemediation configures if and how remediations are triggered if a control plane Machine is unhealthy.

Appears in: ControlPlaneClassHealthCheck

FieldDescriptionRequired
triggerIf
ControlPlaneClassHealthCheckRemediationTriggerIf
triggerIf configures if remediations are triggered. If this field is not set, remediations are always triggered.No
templateRef
MachineHealthCheckRemediationTemplateReference
templateRef is a reference to a remediation template provided by an infrastructure provider.

This field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Cluster API.
No

ControlPlaneTopologyHealthCheck

ControlPlaneTopologyHealthCheck defines a MachineHealthCheck for control plane machines.

Appears in: ControlPlaneTopology

FieldDescriptionRequired
enabled
bool
enabled controls if a MachineHealthCheck should be created for the target machines.

If false: No MachineHealthCheck will be created.

If not set(default): A MachineHealthCheck will be created if it is defined here or in the associated ClusterClass. If no MachineHealthCheck is defined then none will be created.

If true: A MachineHealthCheck is guaranteed to be created. Cluster validation will block if enable is true and no MachineHealthCheck definition is available.
No
checks
ControlPlaneTopologyHealthCheckChecks
checks are the checks that are used to evaluate if a Machine is healthy.

If one of checks and remediation fields are set, the system assumes that an healthCheck override is defined, and as a consequence the checks and remediation fields from Cluster will be used instead of the corresponding fields in ClusterClass.

Independent of this configuration the MachineHealthCheck controller will always flag Machines with cluster.x-k8s.io/remediate-machine annotation and Machines with deleted Nodes as unhealthy.

Furthermore, if checks.nodeStartupTimeoutSeconds is not set it is defaulted to 10 minutes and evaluated accordingly.
No
remediation
ControlPlaneTopologyHealthCheckRemediation
remediation configures if and how remediations are triggered if a Machine is unhealthy.

If one of checks and remediation fields are set, the system assumes that an healthCheck override is defined, and as a consequence the checks and remediation fields from cluster will be used instead of the corresponding fields in ClusterClass.

If an health check override is defined and remediation or remediation.triggerIf is not set, remediation will always be triggered for unhealthy Machines.

If an health check override is defined and remediation or remediation.templateRef is not set, the OwnerRemediated condition will be set on unhealthy Machines to trigger remediation via the owner of the Machines, for example a MachineSet or a KubeadmControlPlane.
No

ControlPlaneTopologyMachineDeletionSpec

ControlPlaneTopologyMachineDeletionSpec contains configuration options for Machine deletion.

Appears in: ControlPlaneTopology

FieldDescriptionRequired
nodeDrainTimeoutSeconds
int32
nodeDrainTimeoutSeconds is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: nodeDrainTimeoutSeconds is different from kubectl drain --timeout

Validation: Minimum: 0

No
nodeVolumeDetachTimeoutSeconds
int32
nodeVolumeDetachTimeoutSeconds is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.

Validation: Minimum: 0

No
nodeDeletionTimeoutSeconds
int32
nodeDeletionTimeoutSeconds defines how long the controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. Defaults to 10 seconds.

Validation: Minimum: 0

No

ControlPlaneTopologyRolloutSpec

ControlPlaneTopologyRolloutSpec defines the rollout behavior.

Appears in: ControlPlaneTopology

FieldDescriptionRequired
after
Time
after is a field to indicate a rollout should be performed after the specified time even if no changes have been made to the ControlPlane. Example: In the YAML the time can be specified in the RFC3339 format. To specify the rolloutAfter target as March 9, 2023, at 9 am UTC use "2023-03-09T09:00:00Z".No

ControlPlaneVariables

ControlPlaneVariables can be used to provide variables for the ControlPlane.

Appears in: ControlPlaneTopology

FieldDescriptionRequired
overrides
[]ClusterVariable
overrides can be used to override Cluster level variables.

Validation: Minimum items: 1
Maximum items: 1000

No

JSONPatch

JSONPatch defines a JSON patch.

Appears in: PatchDefinition

FieldDescriptionRequired
op
string
op defines the operation of the patch. Note: Only add, replace and remove are supported.

Validation: Allowed values: add, replace, remove

No
path
string
path defines the path of the patch. Note: Only the spec of a template can be patched, thus the path has to start with /spec/. Note: For now the only allowed array modifications are append and prepend, i.e.: * for op: add: only index 0 (prepend) and - (append) are allowed * for op: replace or remove: no indexes are allowed

Validation: Minimum length: 1
Maximum length: 512

No
value
JSON
value defines the value of the patch. Note: Either Value or ValueFrom is required for add and replace operations. Only one of them is allowed to be set at the same time. Note: We have to use apiextensionsv1.JSON instead of our JSON type, because controller-tools has a hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type (unset type field). Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111No
valueFrom
JSONPatchValue
valueFrom defines the value of the patch. Note: Either Value or ValueFrom is required for add and replace operations. Only one of them is allowed to be set at the same time.No

JSONSchemaProps

JSONSchemaProps is a JSON-Schema following Specification Draft 4 (http://json-schema.org/). This struct has been initially copied from apiextensionsv1.JSONSchemaProps, but all fields which are not supported in CAPI have been removed.

Appears in: JSONSchemaProps, VariableSchema

FieldDescriptionRequired
description
string
description is a human-readable description of this variable.

Validation: Minimum length: 1
Maximum length: 4096

No
example
JSON
example is an example for this variable.No
type
string
type is the type of the variable. Valid values are: object, array, string, integer, number or boolean.

Validation: Allowed values: object, array, string, integer, number, boolean

No
properties
map[string]JSONSchemaProps
properties specifies fields of an object. NOTE: Can only be set if type is object. NOTE: Properties is mutually exclusive with AdditionalProperties. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible.

Validation: Schemaless: {}

No
additionalProperties
JSONSchemaProps
additionalProperties specifies the schema of values in a map (keys are always strings). NOTE: Can only be set if type is object. NOTE: AdditionalProperties is mutually exclusive with Properties. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible.

Validation: Schemaless: {}

No
maxProperties
int64
maxProperties is the maximum amount of entries in a map or properties in an object. NOTE: Can only be set if type is object.No
minProperties
int64
minProperties is the minimum amount of entries in a map or properties in an object. NOTE: Can only be set if type is object.No
required
[]string
required specifies which fields of an object are required. NOTE: Can only be set if type is object.

Validation: Minimum items: 1
Maximum items: 1000
items:MinLength: 1
items:MaxLength: 256

No
items
JSONSchemaProps
items specifies fields of an array. NOTE: Can only be set if type is array. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible.

Validation: Schemaless: {}

No
maxItems
int64
maxItems is the max length of an array variable. NOTE: Can only be set if type is array.No
minItems
int64
minItems is the min length of an array variable. NOTE: Can only be set if type is array.No
uniqueItems
bool
uniqueItems specifies if items in an array must be unique. NOTE: Can only be set if type is array.No
format
string
format is an OpenAPI v3 format string. Unknown formats are ignored. For a list of supported formats please see: (of the k8s.io/apiextensions-apiserver version we're currently using) https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go NOTE: Can only be set if type is string.

Validation: Minimum length: 1
Maximum length: 32

No
maxLength
int64
maxLength is the max length of a string variable. NOTE: Can only be set if type is string.No
minLength
int64
minLength is the min length of a string variable. NOTE: Can only be set if type is string.No
pattern
string
pattern is the regex which a string variable must match. NOTE: Can only be set if type is string.

Validation: Minimum length: 1
Maximum length: 512

No
maximum
int64
maximum is the maximum of an integer or number variable. If ExclusiveMaximum is false, the variable is valid if it is lower than, or equal to, the value of Maximum. If ExclusiveMaximum is true, the variable is valid if it is strictly lower than the value of Maximum. NOTE: Can only be set if type is integer or number.No
exclusiveMaximum
bool
exclusiveMaximum specifies if the Maximum is exclusive. NOTE: Can only be set if type is integer or number.No
minimum
int64
minimum is the minimum of an integer or number variable. If ExclusiveMinimum is false, the variable is valid if it is greater than, or equal to, the value of Minimum. If ExclusiveMinimum is true, the variable is valid if it is strictly greater than the value of Minimum. NOTE: Can only be set if type is integer or number.No
exclusiveMinimum
bool
exclusiveMinimum specifies if the Minimum is exclusive. NOTE: Can only be set if type is integer or number.No
x-kubernetes-preserve-unknown-fields
bool
x-kubernetes-preserve-unknown-fields allows setting fields in a variable object which are not defined in the variable schema. This affects fields recursively, except if nested properties or additionalProperties are specified in the schema.No
enum
[]JSON
enum is the list of valid values of the variable. NOTE: Can be set for all types.

Validation: Maximum items: 100

No
default
JSON
default is the default value of the variable. NOTE: Can be set for all types.No
x-kubernetes-validations
[]ValidationRule
x-kubernetes-validations describes a list of validation rules written in the CEL expression language.

Validation: Minimum items: 1
Maximum items: 100

No
x-metadata
VariableSchemaMetadata
x-metadata is the metadata of a variable or a nested field within a variable. It can be used to add additional data for higher level tools.No
x-kubernetes-int-or-string
bool
x-kubernetes-int-or-string specifies that this value is either an integer or a string. If this is true, an empty type is allowed and type as child of anyOf is permitted if following one of the following patterns:

1) anyOf:
  • type: integer
  • type: string
2) allOf:
  • anyOf:
  • type: integer
  • type: string
  • ... zero or more
No
allOf
[]JSONSchemaProps
allOf specifies that the variable must validate against all of the subschemas in the array. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible.

Validation: Schemaless: {}

No
oneOf
[]JSONSchemaProps
oneOf specifies that the variable must validate against exactly one of the subschemas in the array. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible.

Validation: Schemaless: {}

No
anyOf
[]JSONSchemaProps
anyOf specifies that the variable must validate against one or more of the subschemas in the array. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible.

Validation: Schemaless: {}

No
not
JSONSchemaProps
not specifies that the variable must not validate against the subschema. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible.

Validation: Schemaless: {}

No

MachineDeploymentClassBootstrapTemplate

MachineDeploymentClassBootstrapTemplate defines the BootstrapTemplate for a MachineDeployment.

Appears in: MachineDeploymentClass

FieldDescriptionRequired
templateRef
ClusterClassTemplateReference
templateRef is a required reference to the BootstrapTemplate for a MachineDeployment.No

MachineDeploymentClassHealthCheck

MachineDeploymentClassHealthCheck defines a MachineHealthCheck for MachineDeployment machines.

Appears in: MachineDeploymentClass

FieldDescriptionRequired
checks
MachineDeploymentClassHealthCheckChecks
checks are the checks that are used to evaluate if a Machine is healthy.

Independent of this configuration the MachineHealthCheck controller will always flag Machines with cluster.x-k8s.io/remediate-machine annotation and Machines with deleted Nodes as unhealthy.

Furthermore, if checks.nodeStartupTimeoutSeconds is not set it is defaulted to 10 minutes and evaluated accordingly.
No
remediation
MachineDeploymentClassHealthCheckRemediation
remediation configures if and how remediations are triggered if a Machine is unhealthy.

If remediation or remediation.triggerIf is not set, remediation will always be triggered for unhealthy Machines.

If remediation or remediation.templateRef is not set, the OwnerRemediated condition will be set on unhealthy Machines to trigger remediation via the owner of the Machines, for example a MachineSet or a KubeadmControlPlane.
No

MachineDeploymentClassInfrastructureTemplate

MachineDeploymentClassInfrastructureTemplate defines the InfrastructureTemplate for a MachineDeployment.

Appears in: MachineDeploymentClass

FieldDescriptionRequired
templateRef
ClusterClassTemplateReference
templateRef is a required reference to the InfrastructureTemplate for a MachineDeployment.No

MachineDeploymentClassMachineDeletionSpec

MachineDeploymentClassMachineDeletionSpec contains configuration options for Machine deletion.

Appears in: MachineDeploymentClass

FieldDescriptionRequired
order
MachineSetDeletionOrder
order defines the order in which Machines are deleted when downscaling. Defaults to "Random". Valid values are "Random, "Newest", "Oldest"No
nodeDrainTimeoutSeconds
int32
nodeDrainTimeoutSeconds is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: nodeDrainTimeoutSeconds is different from kubectl drain --timeout NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.

Validation: Minimum: 0

No
nodeVolumeDetachTimeoutSeconds
int32
nodeVolumeDetachTimeoutSeconds is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.

Validation: Minimum: 0

No
nodeDeletionTimeoutSeconds
int32
nodeDeletionTimeoutSeconds defines how long the controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. Defaults to 10 seconds. NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.

Validation: Minimum: 0

No

MachineDeploymentClassNamingSpec

MachineDeploymentClassNamingSpec defines the naming strategy for machine deployment objects.

Appears in: MachineDeploymentClass

FieldDescriptionRequired
template
string
template defines the template to use for generating the name of the MachineDeployment object. If not defined, it will fallback to {{ .cluster.name }}-{{ .machineDeployment.topologyName }}-{{ .random }}. If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will get concatenated with a random suffix of length 5. The templating mechanism provides the following arguments: * .cluster.name: The name of the cluster object. * .random: A random alphanumeric string, without vowels, of length 5. * .machineDeployment.topologyName: The name of the MachineDeployment topology (Cluster.spec.topology.workers.machineDeployments[].name).

Validation: Minimum length: 1
Maximum length: 1024

No

MachineDeploymentClassRolloutSpec

MachineDeploymentClassRolloutSpec defines the rollout behavior.

Appears in: MachineDeploymentClass

FieldDescriptionRequired
strategy
MachineDeploymentClassRolloutStrategy
strategy specifies how to roll out control plane Machines.No

MachineDeploymentRolloutStrategyRollingUpdate

MachineDeploymentRolloutStrategyRollingUpdate is used to control the desired behavior of rolling update.

Appears in: MachineDeploymentRolloutStrategy

FieldDescriptionRequired
maxUnavailable
IntOrString
maxUnavailable is the maximum number of machines that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 0. Example: when this is set to 30%, the old MachineSet can be scaled down to 70% of desired machines immediately when the rolling update starts. Once new machines are ready, old MachineSet can be scaled down further, followed by scaling up the new MachineSet, ensuring that the total number of machines available at all times during the update is at least 70% of desired machines.No
maxSurge
IntOrString
maxSurge is the maximum number of machines that can be scheduled above the desired number of machines. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 1. Example: when this is set to 30%, the new MachineSet can be scaled up immediately when the rolling update starts, such that the total number of old and new machines do not exceed 130% of desired machines. Once old machines have been killed, new MachineSet can be scaled up further, ensuring that total number of machines running at any time during the update is at most 130% of desired machines.No

MachineDeploymentRolloutStrategyType

MachineDeploymentRolloutStrategyType defines the type of MachineDeployment rollout strategies.

Appears in: MachineDeploymentClassRolloutStrategy, MachineDeploymentRolloutStrategy, MachineDeploymentTopologyRolloutStrategy

MachineDeploymentTopology

MachineDeploymentTopology specifies the different parameters for a set of worker nodes in the topology. This set of nodes is managed by a MachineDeployment object whose lifecycle is managed by the Cluster controller.

Appears in: WorkersTopology

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment. At runtime this metadata is merged with the corresponding metadata from the ClusterClass.No
class
string
class is the name of the MachineDeploymentClass used to create the set of worker nodes. This should match one of the deployment classes defined in the ClusterClass object mentioned in the Cluster.Spec.Class field.

Validation: Minimum length: 1
Maximum length: 256

No
name
string
name is the unique identifier for this MachineDeploymentTopology. The value is used with other unique identifiers to create a MachineDeployment's Name (e.g. cluster's name, etc). In case the name is greater than the allowed maximum length, the values are hashed together.

Validation: Minimum length: 1
Maximum length: 63
Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

No
failureDomain
string
failureDomain is the failure domain the machines will be created in. Must match a key in the FailureDomains map stored on the cluster object.

Validation: Minimum length: 1
Maximum length: 256

No
replicas
int32
replicas is the number of worker nodes belonging to this set. If the value is nil, the MachineDeployment is created without the number of Replicas (defaulting to 1) and it's assumed that an external entity (like cluster autoscaler) is responsible for the management of this value.No
healthCheck
MachineDeploymentTopologyHealthCheck
healthCheck allows to enable, disable and override MachineDeployment health check configuration from the ClusterClass for this MachineDeployment.No
deletion
MachineDeploymentTopologyMachineDeletionSpec
deletion contains configuration options for Machine deletion.No
taints
[]MachineTaint
taints are the node taints that Cluster API will manage. This list is not necessarily complete: other Kubernetes components may add or remove other taints from nodes, e.g. the node controller might add the node.kubernetes.io/not-ready taint. Only those taints defined in this list will be added or removed by core Cluster API controllers.

There can be at most 64 taints. A pod would have to tolerate all existing taints to run on the corresponding node.

NOTE: This list is implemented as a "map" type, meaning that individual elements can be managed by different owners.

Validation: Minimum items: 1
Maximum items: 64

No
minReadySeconds
int32
minReadySeconds is the minimum number of seconds for which a newly created machine should be ready. Defaults to 0 (machine will be considered available as soon as it is ready)

Validation: Minimum: 0

No
readinessGates
[]MachineReadinessGate
readinessGates specifies additional conditions to include when evaluating Machine Ready condition.

This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine.

If this field is not defined, readinessGates from the corresponding MachineDeploymentClass will be used, if any.

Validation: Minimum items: 1
Maximum items: 32

No
rollout
MachineDeploymentTopologyRolloutSpec
rollout allows you to configure the behaviour of rolling updates to the MachineDeployment Machines. It allows you to define the strategy used during rolling replacements.No
variables
MachineDeploymentVariables
variables can be used to customize the MachineDeployment through patches.No

PatchSelector

PatchSelector defines on which templates the patch should be applied. Note: Matching on APIVersion and Kind is mandatory, to enforce that the patches are written for the correct version. The version of the references in the ClusterClass may be automatically updated during reconciliation if there is a newer version for the same contract. Note: The results of selection based on the individual fields are ANDed.

Appears in: PatchDefinition

FieldDescriptionRequired
apiVersion
string
apiVersion filters templates by apiVersion. apiVersion must be fully qualified domain name followed by / and a version.

Validation: Maximum length: 317
Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[a-z]([-a-z0-9]*[a-z0-9])?$
Minimum length: 1

No
kind
string
kind filters templates by kind. kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character.

Validation: Minimum length: 1
Maximum length: 63
Pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$

No
matchResources
PatchSelectorMatch
matchResources selects templates based on where they are referenced.No

ControlPlaneClassHealthCheckRemediationTriggerIf

ControlPlaneClassHealthCheckRemediationTriggerIf configures if remediations are triggered.

Appears in: ControlPlaneClassHealthCheckRemediation

FieldDescriptionRequired
unhealthyLessThanOrEqualTo
IntOrString
unhealthyLessThanOrEqualTo specifies that remediations are only triggered if the number of unhealthy Machines is less than or equal to the configured value. unhealthyInRange takes precedence if set.No
unhealthyInRange
string
unhealthyInRange specifies that remediations are only triggered if the number of unhealthy Machines is in the configured range. Takes precedence over unhealthyLessThanOrEqualTo. Eg. "[3-5]" - This means that remediation will be allowed only when: (a) there are at least 3 unhealthy Machines (and) (b) there are at most 5 unhealthy Machines

Validation: Pattern: ^\[[0-9]+-[0-9]+\]$
Minimum length: 1
Maximum length: 32

No

ControlPlaneTopologyHealthCheckChecks

ControlPlaneTopologyHealthCheckChecks are the checks that are used to evaluate if a control plane Machine is healthy.

Appears in: ControlPlaneTopologyHealthCheck

FieldDescriptionRequired
nodeStartupTimeoutSeconds
int32
nodeStartupTimeoutSeconds allows to set the maximum time for MachineHealthCheck to consider a Machine unhealthy if a corresponding Node isn't associated through a Spec.ProviderID field.

The duration set in this field is compared to the greatest of:
  • Cluster's infrastructure ready condition timestamp (if and when available)
  • Control Plane's initialized condition timestamp (if and when available)
  • Machine's infrastructure ready condition timestamp (if and when available)
  • Machine's metadata creation timestamp


Defaults to 10 minutes. If you wish to disable this feature, set the value explicitly to 0.

Validation: Minimum: 0

No
unhealthyNodeConditions
[]UnhealthyNodeCondition
unhealthyNodeConditions contains a list of conditions that determine whether a node is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy.

Validation: Minimum items: 1
Maximum items: 100

No
unhealthyMachineConditions
[]UnhealthyMachineCondition
unhealthyMachineConditions contains a list of the machine conditions that determine whether a machine is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the machine is unhealthy.

Validation: Minimum items: 1
Maximum items: 100

No

ControlPlaneTopologyHealthCheckRemediation

ControlPlaneTopologyHealthCheckRemediation configures if and how remediations are triggered if a control plane Machine is unhealthy.

Appears in: ControlPlaneTopologyHealthCheck

FieldDescriptionRequired
triggerIf
ControlPlaneTopologyHealthCheckRemediationTriggerIf
triggerIf configures if remediations are triggered. If this field is not set, remediations are always triggered.No
templateRef
MachineHealthCheckRemediationTemplateReference
templateRef is a reference to a remediation template provided by an infrastructure provider.

This field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Cluster API.
No

JSONPatchValue

JSONPatchValue defines the value of a patch. Note: Only one of the fields is allowed to be set at the same time.

Appears in: JSONPatch

FieldDescriptionRequired
variable
string
variable is the variable to be used as value. Variable can be one of the variables defined in .spec.variables or a builtin variable.

Validation: Minimum length: 1
Maximum length: 256

No
template
string
template is the Go template to be used to calculate the value. A template can reference variables defined in .spec.variables and builtin variables. Note: The template must evaluate to a valid YAML or JSON value.

Validation: Minimum length: 1
Maximum length: 10240

No

MachineDeploymentClassHealthCheckChecks

MachineDeploymentClassHealthCheckChecks are the checks that are used to evaluate if a MachineDeployment Machine is healthy.

Appears in: MachineDeploymentClassHealthCheck

FieldDescriptionRequired
nodeStartupTimeoutSeconds
int32
nodeStartupTimeoutSeconds allows to set the maximum time for MachineHealthCheck to consider a Machine unhealthy if a corresponding Node isn't associated through a Spec.ProviderID field.

The duration set in this field is compared to the greatest of:
  • Cluster's infrastructure ready condition timestamp (if and when available)
  • Control Plane's initialized condition timestamp (if and when available)
  • Machine's infrastructure ready condition timestamp (if and when available)
  • Machine's metadata creation timestamp


Defaults to 10 minutes. If you wish to disable this feature, set the value explicitly to 0.

Validation: Minimum: 0

No
unhealthyNodeConditions
[]UnhealthyNodeCondition
unhealthyNodeConditions contains a list of conditions that determine whether a node is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy.

Validation: Minimum items: 1
Maximum items: 100

No
unhealthyMachineConditions
[]UnhealthyMachineCondition
unhealthyMachineConditions contains a list of the machine conditions that determine whether a machine is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the machine is unhealthy.

Validation: Minimum items: 1
Maximum items: 100

No

MachineDeploymentClassHealthCheckRemediation

MachineDeploymentClassHealthCheckRemediation configures if and how remediations are triggered if a MachineDeployment Machine is unhealthy.

Appears in: MachineDeploymentClassHealthCheck

FieldDescriptionRequired
maxInFlight
IntOrString
maxInFlight determines how many in flight remediations should happen at the same time.

Remediation only happens on the MachineSet with the most current revision, while older MachineSets (usually present during rollout operations) aren't allowed to remediate.

Note: In general (independent of remediations), unhealthy machines are always prioritized during scale down operations over healthy ones.

MaxInFlight can be set to a fixed number or a percentage. Example: when this is set to 20%, the MachineSet controller deletes at most 20% of the desired replicas.

If not set, remediation is limited to all machines (bounded by replicas) under the active MachineSet's management.
No
triggerIf
MachineDeploymentClassHealthCheckRemediationTriggerIf
triggerIf configures if remediations are triggered. If this field is not set, remediations are always triggered.No
templateRef
MachineHealthCheckRemediationTemplateReference
templateRef is a reference to a remediation template provided by an infrastructure provider.

This field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Cluster API.
No

MachineDeploymentClassRolloutStrategy

MachineDeploymentClassRolloutStrategy describes how to replace existing machines with new ones.

Appears in: MachineDeploymentClassRolloutSpec

FieldDescriptionRequired
type
MachineDeploymentRolloutStrategyType
type of rollout. Allowed values are RollingUpdate and OnDelete. Default is RollingUpdate.No
rollingUpdate
MachineDeploymentClassRolloutStrategyRollingUpdate
rollingUpdate is the rolling update config params. Present only if type = RollingUpdate.No

MachineDeploymentTopologyHealthCheck

MachineDeploymentTopologyHealthCheck defines a MachineHealthCheck for MachineDeployment machines.

Appears in: MachineDeploymentTopology

FieldDescriptionRequired
enabled
bool
enabled controls if a MachineHealthCheck should be created for the target machines.

If false: No MachineHealthCheck will be created.

If not set(default): A MachineHealthCheck will be created if it is defined here or in the associated ClusterClass. If no MachineHealthCheck is defined then none will be created.

If true: A MachineHealthCheck is guaranteed to be created. Cluster validation will block if enable is true and no MachineHealthCheck definition is available.
No
checks
MachineDeploymentTopologyHealthCheckChecks
checks are the checks that are used to evaluate if a Machine is healthy.

If one of checks and remediation fields are set, the system assumes that an healthCheck override is defined, and as a consequence the checks and remediation fields from Cluster will be used instead of the corresponding fields in ClusterClass.

Independent of this configuration the MachineHealthCheck controller will always flag Machines with cluster.x-k8s.io/remediate-machine annotation and Machines with deleted Nodes as unhealthy.

Furthermore, if checks.nodeStartupTimeoutSeconds is not set it is defaulted to 10 minutes and evaluated accordingly.
No
remediation
MachineDeploymentTopologyHealthCheckRemediation
remediation configures if and how remediations are triggered if a Machine is unhealthy.

If one of checks and remediation fields are set, the system assumes that an healthCheck override is defined, and as a consequence the checks and remediation fields from cluster will be used instead of the corresponding fields in ClusterClass.

If an health check override is defined and remediation or remediation.triggerIf is not set, remediation will always be triggered for unhealthy Machines.

If an health check override is defined and remediation or remediation.templateRef is not set, the OwnerRemediated condition will be set on unhealthy Machines to trigger remediation via the owner of the Machines, for example a MachineSet or a KubeadmControlPlane.
No

MachineDeploymentTopologyMachineDeletionSpec

MachineDeploymentTopologyMachineDeletionSpec contains configuration options for Machine deletion.

Appears in: MachineDeploymentTopology

FieldDescriptionRequired
order
MachineSetDeletionOrder
order defines the order in which Machines are deleted when downscaling. Defaults to "Random". Valid values are "Random, "Newest", "Oldest"No
nodeDrainTimeoutSeconds
int32
nodeDrainTimeoutSeconds is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: nodeDrainTimeoutSeconds is different from kubectl drain --timeout

Validation: Minimum: 0

No
nodeVolumeDetachTimeoutSeconds
int32
nodeVolumeDetachTimeoutSeconds is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.

Validation: Minimum: 0

No
nodeDeletionTimeoutSeconds
int32
nodeDeletionTimeoutSeconds defines how long the controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. Defaults to 10 seconds.

Validation: Minimum: 0

No

MachineDeploymentTopologyRolloutSpec

MachineDeploymentTopologyRolloutSpec defines the rollout behavior.

Appears in: MachineDeploymentTopology

FieldDescriptionRequired
after
Time
after is a field to indicate a rollout should be performed after the specified time even if no changes have been made to the MachineDeployment. Example: In the YAML the time can be specified in the RFC3339 format. To specify the rolloutAfter target as March 9, 2023, at 9 am UTC use "2023-03-09T09:00:00Z".No
strategy
MachineDeploymentTopologyRolloutStrategy
strategy specifies how to roll out control plane Machines.No

MachineDeploymentVariables

MachineDeploymentVariables can be used to provide variables for a specific MachineDeployment.

Appears in: MachineDeploymentTopology

FieldDescriptionRequired
overrides
[]ClusterVariable
overrides can be used to override Cluster level variables.

Validation: Minimum items: 1
Maximum items: 1000

No

PatchSelectorMatch

PatchSelectorMatch selects templates based on where they are referenced. Note: The selector must match at least one template. Note: The results of selection based on the individual fields are ORed.

Appears in: PatchSelector

FieldDescriptionRequired
controlPlane
bool
controlPlane selects templates referenced in .spec.ControlPlane. Note: this will match the controlPlane and also the controlPlane machineInfrastructure (depending on the kind and apiVersion).No
infrastructureCluster
bool
infrastructureCluster selects templates referenced in .spec.infrastructure.No
machineDeploymentClass
PatchSelectorMatchMachineDeploymentClass
machineDeploymentClass selects templates referenced in specific MachineDeploymentClasses in .spec.workers.machineDeployments.No
machinePoolClass
PatchSelectorMatchMachinePoolClass
machinePoolClass selects templates referenced in specific MachinePoolClasses in .spec.workers.machinePools.No

ValidationRule

ValidationRule describes a validation rule written in the CEL expression language.

Appears in: JSONSchemaProps

FieldDescriptionDefaultRequired
rule
string
rule represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec The Rule is scoped to the location of the x-kubernetes-validations extension in the schema. The self variable in the CEL expression is bound to the scoped value. If the Rule is scoped to an object with properties, the accessible properties of the object are field selectable via self.field and field presence can be checked via has(self.field). If the Rule is scoped to an object with additionalProperties (i.e. a map) the value of the map are accessible via self[mapKey], map containment can be checked via mapKey in self and all entries of the map are accessible via CEL macros and functions such as self.all(...). If the Rule is scoped to an array, the elements of the array are accessible via self[i] and also by macros and functions. If the Rule is scoped to a scalar, self is bound to the scalar value. Examples:
  • Rule scoped to a map of objects: {"rule": "self.components['Widget'].priority < 10"}
  • Rule scoped to a list of integers: {"rule": "self.values.all(value, value ≥ 0 && value < 100)"}
  • Rule scoped to a string value: {"rule": "self.startsWith('kube')"}


Unknown data preserved in custom resources via x-kubernetes-preserve-unknown-fields is not accessible in CEL expressions. This includes:
  • Unknown field values that are preserved by object schemas with x-kubernetes-preserve-unknown-fields.
  • Object properties where the property schema is of an "unknown type". An "unknown type" is recursively defined as:
  • A schema with no type and x-kubernetes-preserve-unknown-fields set to true
  • An array where the items schema is of an "unknown type"
  • An object where the additionalProperties schema is of an "unknown type"


Only property names of the form [a-zA-Z_.-/][a-zA-Z0-9_.-/]* are accessible. Accessible property names are escaped according to the following rules when accessed in the expression:
  • '__' escapes to '__underscores__'
  • '.' escapes to '__dot__'
  • '-' escapes to '__dash__'
  • '/' escapes to '__slash__'
  • Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:
"true", "false", "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if", "import", "let", "loop", "package", "namespace", "return". Examples:
  • Rule accessing a property named "namespace": {"rule": "self.__namespace__ > 0"}
  • Rule accessing a property named "x-prop": {"rule": "self.x__dash__prop > 0"}
  • Rule accessing a property named "redact__d": {"rule": "self.redact__underscores__d > 0"}


If rule makes use of the oldSelf variable it is implicitly a transition rule.

By default, the oldSelf variable is the same type as self.

Transition rules by default are applied only on UPDATE requests and are skipped if an old value could not be found.

Validation: Minimum length: 1
Maximum length: 4096

No
message
string
message represents the message displayed when validation fails. The message is required if the Rule contains line breaks. The message must not contain line breaks. If unset, the message is "failed rule: {Rule}". e.g. "must be a URL with the host matching spec.host"

Validation: Minimum length: 1
Maximum length: 512

No
messageExpression
string
messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. Since messageExpression is used as a failure message, it must evaluate to a string. If both message and messageExpression are present on a rule, then messageExpression will be used if validation fails. If messageExpression results in a runtime error, the validation failure message is produced as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset. messageExpression has access to all the same variables as the rule; the only difference is the return type. Example: "x must be less than max ("+string(self.max)+")"

Validation: Minimum length: 1
Maximum length: 1024

No
reason
FieldValueErrorReason
reason provides a machine-readable validation failure reason that is returned to the caller when a request fails this validation rule. The currently supported reasons are: "FieldValueInvalid", "FieldValueForbidden", "FieldValueRequired", "FieldValueDuplicate". If not set, default to use "FieldValueInvalid". All future added reasons must be accepted by clients when reading this value and unknown reasons should be treated as FieldValueInvalid.

Validation: Allowed values: FieldValueInvalid, FieldValueForbidden, FieldValueRequired, FieldValueDuplicate

FieldValueInvalidNo
fieldPath
string
fieldPath represents the field path returned when the validation fails. It must be a relative JSON path (i.e. with array notation) scoped to the location of this x-kubernetes-validations extension in the schema and refer to an existing field. e.g. when validation checks if a specific attribute foo under a map testMap, the fieldPath could be set to .testMap.foo If the validation checks two lists must have unique attributes, the fieldPath could be set to either of the list: e.g. .testList It does not support list numeric index. It supports child operation to refer to an existing field currently. Refer to JSONPath support in Kubernetes for more info. Numeric index of array is not supported. For field name which contains special characters, use ['specialName'] to refer the field name. e.g. for attribute foo.34$ appears in a list testList, the fieldPath could be set to .testList['foo.34$']

Validation: Minimum length: 1
Maximum length: 512

No

VariableSchemaMetadata

VariableSchemaMetadata is the metadata of a variable or a nested field within a variable. It can be used to add additional data for higher level tools.

Appears in: JSONSchemaProps

FieldDescriptionRequired
labels
map[string]string
labels is a map of string keys and values that can be used to organize and categorize (scope and select) variables.No
annotations
map[string]string
annotations is an unstructured key value map that can be used to store and retrieve arbitrary metadata. They are not queryable.No

ControlPlaneTopologyHealthCheckRemediationTriggerIf

ControlPlaneTopologyHealthCheckRemediationTriggerIf configures if remediations are triggered.

Appears in: ControlPlaneTopologyHealthCheckRemediation

FieldDescriptionRequired
unhealthyLessThanOrEqualTo
IntOrString
unhealthyLessThanOrEqualTo specifies that remediations are only triggered if the number of unhealthy Machines is less than or equal to the configured value. unhealthyInRange takes precedence if set.No
unhealthyInRange
string
unhealthyInRange specifies that remediations are only triggered if the number of unhealthy Machines is in the configured range. Takes precedence over unhealthyLessThanOrEqualTo. Eg. "[3-5]" - This means that remediation will be allowed only when: (a) there are at least 3 unhealthy Machines (and) (b) there are at most 5 unhealthy Machines

Validation: Pattern: ^\[[0-9]+-[0-9]+\]$
Minimum length: 1
Maximum length: 32

No

FieldValueErrorReason

FieldValueErrorReason is a machine-readable value providing more detail about why a field failed the validation.

Appears in: ValidationRule

MachineDeploymentClassHealthCheckRemediationTriggerIf

MachineDeploymentClassHealthCheckRemediationTriggerIf configures if remediations are triggered.

Appears in: MachineDeploymentClassHealthCheckRemediation

FieldDescriptionRequired
unhealthyLessThanOrEqualTo
IntOrString
unhealthyLessThanOrEqualTo specifies that remediations are only triggered if the number of unhealthy Machines is less than or equal to the configured value. unhealthyInRange takes precedence if set.No
unhealthyInRange
string
unhealthyInRange specifies that remediations are only triggered if the number of unhealthy Machines is in the configured range. Takes precedence over unhealthyLessThanOrEqualTo. Eg. "[3-5]" - This means that remediation will be allowed only when: (a) there are at least 3 unhealthy Machines (and) (b) there are at most 5 unhealthy Machines

Validation: Pattern: ^\[[0-9]+-[0-9]+\]$
Minimum length: 1
Maximum length: 32

No

MachineDeploymentClassRolloutStrategyRollingUpdate

MachineDeploymentClassRolloutStrategyRollingUpdate is used to control the desired behavior of rolling update.

Appears in: MachineDeploymentClassRolloutStrategy

FieldDescriptionRequired
maxUnavailable
IntOrString
maxUnavailable is the maximum number of machines that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 0. Example: when this is set to 30%, the old MachineSet can be scaled down to 70% of desired machines immediately when the rolling update starts. Once new machines are ready, old MachineSet can be scaled down further, followed by scaling up the new MachineSet, ensuring that the total number of machines available at all times during the update is at least 70% of desired machines.No
maxSurge
IntOrString
maxSurge is the maximum number of machines that can be scheduled above the desired number of machines. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 1. Example: when this is set to 30%, the new MachineSet can be scaled up immediately when the rolling update starts, such that the total number of old and new machines do not exceed 130% of desired machines. Once old machines have been killed, new MachineSet can be scaled up further, ensuring that total number of machines running at any time during the update is at most 130% of desired machines.No

MachineDeploymentTopologyHealthCheckChecks

MachineDeploymentTopologyHealthCheckChecks are the checks that are used to evaluate if a MachineDeployment Machine is healthy.

Appears in: MachineDeploymentTopologyHealthCheck

FieldDescriptionRequired
nodeStartupTimeoutSeconds
int32
nodeStartupTimeoutSeconds allows to set the maximum time for MachineHealthCheck to consider a Machine unhealthy if a corresponding Node isn't associated through a Spec.ProviderID field.

The duration set in this field is compared to the greatest of:
  • Cluster's infrastructure ready condition timestamp (if and when available)
  • Control Plane's initialized condition timestamp (if and when available)
  • Machine's infrastructure ready condition timestamp (if and when available)
  • Machine's metadata creation timestamp


Defaults to 10 minutes. If you wish to disable this feature, set the value explicitly to 0.

Validation: Minimum: 0

No
unhealthyNodeConditions
[]UnhealthyNodeCondition
unhealthyNodeConditions contains a list of conditions that determine whether a node is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy.

Validation: Maximum items: 100
Minimum items: 1

No
unhealthyMachineConditions
[]UnhealthyMachineCondition
unhealthyMachineConditions contains a list of the machine conditions that determine whether a machine is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the machine is unhealthy.

Validation: Minimum items: 1
Maximum items: 100

No

MachineDeploymentTopologyHealthCheckRemediation

MachineDeploymentTopologyHealthCheckRemediation configures if and how remediations are triggered if a MachineDeployment Machine is unhealthy.

Appears in: MachineDeploymentTopologyHealthCheck

FieldDescriptionRequired
maxInFlight
IntOrString
maxInFlight determines how many in flight remediations should happen at the same time.

Remediation only happens on the MachineSet with the most current revision, while older MachineSets (usually present during rollout operations) aren't allowed to remediate.

Note: In general (independent of remediations), unhealthy machines are always prioritized during scale down operations over healthy ones.

MaxInFlight can be set to a fixed number or a percentage. Example: when this is set to 20%, the MachineSet controller deletes at most 20% of the desired replicas.

If not set, remediation is limited to all machines (bounded by replicas) under the active MachineSet's management.
No
triggerIf
MachineDeploymentTopologyHealthCheckRemediationTriggerIf
triggerIf configures if remediations are triggered. If this field is not set, remediations are always triggered.No
templateRef
MachineHealthCheckRemediationTemplateReference
templateRef is a reference to a remediation template provided by an infrastructure provider.

This field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Cluster API.
No

MachineDeploymentTopologyRolloutStrategy

MachineDeploymentTopologyRolloutStrategy describes how to replace existing machines with new ones.

Appears in: MachineDeploymentTopologyRolloutSpec

FieldDescriptionRequired
type
MachineDeploymentRolloutStrategyType
type of rollout. Allowed values are RollingUpdate and OnDelete. Default is RollingUpdate.No
rollingUpdate
MachineDeploymentTopologyRolloutStrategyRollingUpdate
rollingUpdate is the rolling update config params. Present only if type = RollingUpdate.No

PatchSelectorMatchMachineDeploymentClass

PatchSelectorMatchMachineDeploymentClass selects templates referenced in specific MachineDeploymentClasses in .spec.workers.machineDeployments.

Appears in: PatchSelectorMatch

FieldDescriptionRequired
names
[]string
names selects templates by class names.

Validation: Maximum items: 100
items:MinLength: 1
items:MaxLength: 256

No

MachineDeploymentTopologyHealthCheckRemediationTriggerIf

MachineDeploymentTopologyHealthCheckRemediationTriggerIf configures if remediations are triggered.

Appears in: MachineDeploymentTopologyHealthCheckRemediation

FieldDescriptionRequired
unhealthyLessThanOrEqualTo
IntOrString
unhealthyLessThanOrEqualTo specifies that remediations are only triggered if the number of unhealthy Machines is less than or equal to the configured value. unhealthyInRange takes precedence if set.No
unhealthyInRange
string
unhealthyInRange specifies that remediations are only triggered if the number of unhealthy Machines is in the configured range. Takes precedence over unhealthyLessThanOrEqualTo. Eg. "[3-5]" - This means that remediation will be allowed only when: (a) there are at least 3 unhealthy Machines (and) (b) there are at most 5 unhealthy Machines

Validation: Minimum length: 1
Maximum length: 32
Pattern: ^\[[0-9]+-[0-9]+\]$

No

MachineDeploymentTopologyRolloutStrategyRollingUpdate

MachineDeploymentTopologyRolloutStrategyRollingUpdate is used to control the desired behavior of rolling update.

Appears in: MachineDeploymentTopologyRolloutStrategy

FieldDescriptionRequired
maxUnavailable
IntOrString
maxUnavailable is the maximum number of machines that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 0. Example: when this is set to 30%, the old MachineSet can be scaled down to 70% of desired machines immediately when the rolling update starts. Once new machines are ready, old MachineSet can be scaled down further, followed by scaling up the new MachineSet, ensuring that the total number of machines available at all times during the update is at least 70% of desired machines.No
maxSurge
IntOrString
maxSurge is the maximum number of machines that can be scheduled above the desired number of machines. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 1. Example: when this is set to 30%, the new MachineSet can be scaled up immediately when the rolling update starts, such that the total number of old and new machines do not exceed 130% of desired machines. Once old machines have been killed, new MachineSet can be scaled up further, ensuring that total number of machines running at any time during the update is at most 130% of desired machines.No

MachineAddressType

MachineAddressType describes a valid MachineAddress type.

Appears in: MachineAddress

cni.tanzu.vmware.com/v1alpha1

Resource Types:

AntreaConfig

AntreaConfig is the Schema for the antreaconfigs API.

Deprecated: use AddonConfig (addons.kubernetes.vmware.com) to configure Antrea on Kubernetes 1.35+ clusters.

FieldDescriptionRequired
metadata
ObjectMeta
No
spec
AntreaConfigSpec
Yes
status
AntreaConfigStatus
No

CalicoConfig

CalicoConfig is the Schema for the calicoconfigs API.

Deprecated: use AddonConfig (addons.kubernetes.vmware.com) to configure Calico on Kubernetes 1.35+ clusters.

FieldDescriptionRequired
metadata
ObjectMeta
No
spec
CalicoConfigSpec
Yes
status
CalicoConfigStatus
No

AntreaConfigSpec

AntreaConfigSpec defines the desired state of AntreaConfig

Appears in: AntreaConfig

FieldDescriptionDefaultRequired
antrea
Antrea
: {}No
antreaNSX
AntreaNSX
AntreaNSX defines nsxt adapter related configurations: {}No
antreaIPFIX
AntreaIPFIX
: {}No

AntreaConfigStatus

AntreaConfigStatus defines the observed state of AntreaConfig

Appears in: AntreaConfig

FieldDescriptionRequired
message
string
Message to indicate failure reasonNo
secretRef
string
Reference to the data value secret created by controllerNo

CalicoConfigSpec

CalicoConfigSpec defines the desired state of CalicoConfig.

Appears in: CalicoConfig

FieldDescriptionRequired
calico
Calico
No

CalicoConfigStatus

CalicoConfigStatus defines the observed state of CalicoConfig.

Appears in: CalicoConfig

FieldDescriptionRequired
secretRef
string
SecretRef is the name of the data value secret created by calico controller.No

Antrea

Appears in: AntreaConfigSpec

FieldDescriptionDefaultRequired
config
AntreaConfigDataValue
: {}No
windows
AntreaWindowsConfigDataValue
: {}No

AntreaIPFIX

Appears in: AntreaConfigSpec

FieldDescriptionRequired
enable
bool
Enable indicates AntreaIPFIX shall be enabled in the clusterNo

AntreaNSX

Appears in: AntreaConfigSpec

FieldDescriptionDefaultRequired
enable
bool
Enable indicates whether nsxt adapter shall be enabled in the cluster.No
config
AntreaNSXConfig
Config is configuration for nsxt adapter.: {}No

Calico

Calico stores the configurations for Calico.

Appears in: CalicoConfigSpec

FieldDescriptionRequired
config
CalicoConfigDataValue
No

AntreaConfigDataValue

Appears in: Antrea

FieldDescriptionDefaultRequired
egress
AntreaEgress
Specifies Egress related configuration.No
nodePortLocal
AntreaNodePortLocal
Specifies NodePortLocal related configuration.No
antreaProxy
AntreaProxy
Specifies AntreaProxy related configuration.No
flowExporter
AntreaFlowExporter
Specifies FlowExporter related configuration.No
kubeAPIServerOverride
string
Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig.No
multicast
AntreaMulticast
Multicast related configuration.No
multicluster
AntreaMultiCluster
MultiCluster realted configuration.No
cloudProvider
AntreaCloudProvider
CloudProvider realted configuration.No
transportInterface
string
The name of the interface on Node which is used for tunneling or routing.No
transportInterfaceCIDRs
[]string
The network CIDRs of the interface on Node which is used for tunneling or routing.No
multicastInterfaces
[]string
The names of the interfaces on Nodes that are used to forward multicast traffic.No
tunnelType
string
Tunnel protocols used for encapsulating traffic across Nodes. One of the following options =:> geneve, vxlan, gre, sttNo
tunnelPort
int
TunnelPort is the destination port for UDP and TCP based tunnel protocols (Geneve, VXLAN, and STT).If zero, it will use the assigned IANA port for the protocol.0No
tunnelCsum
bool
TunnelCsum determines whether to compute UDP encapsulation header (Geneve or VXLAN) checksums on outgoing packetsfalseNo
trafficEncryptionMode
string
Determines how tunnel traffic is encrypted. One of the following options =:> none, ipsec, wireguardNo
enableUsageReporting
bool
Enable usage reporting (telemetry) to VMware.falseNo
wireGuard
AntreaWireGuard
Specifies WireGuard related configuration.No
serviceCIDR
string
ClusterIP CIDR range for Services.No
trafficEncapMode
string
The traffic encapsulation mode. One of the following options → encap, noEncap, hybrid, networkPolicyOnly

Validation: Allowed values: encap, noEncap, hybrid, networkPolicyOnly

encapNo
noSNAT
bool
Flag to enable/disable SNAT for the egress traffic from a Pod to the external networkfalseNo
disableUdpTunnelOffload
bool
Disable UDP tunnel offload feature on default NICfalseNo
defaultMTU
string
Default MTU to use for the host gateway interface and the network interface of each Pod. If omitted, antrea-agent will discover the MTU of the Node's primary interfaceNo
tlsCipherSuites
string
List of allowed cipher suites. If omitted, the default Go Cipher Suites will be usedTLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
No
enableBridgingMode
bool
Enable bridging mode of Pod network on NodesfalseNo
disableTXChecksumOffload
bool
Disable TX checksum offloading for container network interfacesfalseNo
dnsServerOverride
string
Provide the address of DNS server, to override the kube-dns serviceNo
fqdnCacheMinTTL
int
fqdnCacheMinTTL helps address the issue of applications caching DNS response IPs beyond the TTL value for the DNS record. It is used to enforce FQDN policy rules, ensuring that resolved IPs are included in datapath rules for as long as the application caches them. Ideally, this value should be set to the maximum caching duration across all applications.No
snatFullyRandomPorts
bool
Fully randomize source port mapping in SNAT rules used for egress traffic from Pods to the external network.No
featureGates
AntreaFeatureGates
FeatureGates is a map of feature names to flags that enable or disable experimental features: {}No
packetInRate
int
PacketInRate defines the OVS controller packet rate limits for different features. The number stands for the rate as packets per second(pps) and the burst size will be automatically set to twice the rate.No
auditLogging
AuditLogging
Log rotation configuration for audit logs.No
secondaryNetwork
AntreaSecondaryNetwork
Configuration of OVS bridges for secondary network. At the moment, at most one OVS bridge can be specified. If the specified bridge does not exist on the Node, antrea-agent will create it based on the configuration.No

AntreaNSXConfig

Appears in: AntreaNSX

FieldDescriptionDefaultRequired
bootstrapFrom
string
BootstrapFrom is used to specify the bootstrap method: either Inline or SupervisorCluster.No
nsxCert
string
One line base64 encoded data. Can be generated by command: cat tls.crt | base64 -w 0No
nsxKey
string
NSXKey is base64 encoded NSX client key data.One line base64 encoded data. Can be generated by command: cat tls.key | base64 -w 0No
clusterName
string
ClusterName is the name of the cluster.No
nsxManagers
[]string
NSXManagers is a string slice that contains the IP address or domain name of the NSX Managers.No
vpcPath
[]string
VPCPath is the VPC configuration path.No
proxyEndpoints
ProxyEndpoints
ProxyEndpoints is a struct for proxy endpoints containing the information needed to access the API server.No
mpAdapterConf
MPAdapterConf
: {}No
ccpAdapterConf
CCPAdapterConf
: {}No

AntreaWindowsConfigDataValue

Appears in: Antrea

FieldDescriptionDefaultRequired
config
AntreaWindowsConfig
: {}No
enable
bool
Enable windows configNo

CalicoConfigDataValue

CalicoConfigDataValue contains the specific configurations for the Calico package.

Appears in: Calico

FieldDescriptionDefaultRequired
vethMTU
int64
VethMTU defines maximum transmission unit. "0" as default means MTU will be auto detected.

Validation: Minimum: 0

0No
skipCNIBinaries
bool
SkipCNIBinaries allows to skip the cni plugin binaries installation. Default to false. Set to true for providers who already installed cni plugin binaries in their OVAs and do not want Calico to overwrite them.falseNo
ipv4AutodetectionMethod
string
The method to use to autodetect the IPv4 address for this host. If it is empty then the first-found method is used.No
ipv6AutodetectionMethod
string
The method to use to autodetect the IPv6 address for this host. If it is empty then the first-found method is used.No

AntreaCloudProvider

Appears in: AntreaConfigDataValue

FieldDescriptionRequired
name
string
Name is the cloud provider name. Disable the cloud controller if it is empty. At the moment, the only supported value is "aws".No

AntreaEgress

Appears in: AntreaConfigDataValue

FieldDescriptionRequired
exceptCIDRs
[]string
EgressExceptCIDRs is a list of CIDR ranges to which outbound Pod traffic will not be SNAT'd by Egresses, e.g. ["192.168.0.0/16", "172.16.0.0/12"].No
maxEgressIPsPerNode
int
MaxEgressIPsPerNode is the maximum number of Egress IPs that can be assigned to a Node. It's useful when the Node network restricts the number of secondary IPs a Node can have. It must not be greater than 255.No
snatFullyRandomPorts
bool
SnatFullyRandomPorts fully randomizes source port mapping in Egress SNAT rules. This has no impact on the default SNAT rules enforced by each Node for local Pod traffic. By default, we use the same value as for the top-level snatFullyRandomPorts configuration, but this field can be used as an override.No

AntreaFeatureGates

Appears in: AntreaConfigDataValue

FieldDescriptionDefaultRequired
AntreaProxy
bool
Enable AntreaProxy which provides ServiceLB for in-cluster Services in antrea-agent. Note that this feature gate is deprecated since this feature was promoted to GA in v1.14.trueNo
EndpointSlice
bool
Flag to enable/disable EndpointSlice support in AntreaProxy. If AntreaProxy is not enabled, this flag will not take effectfalseNo
AntreaPolicy
bool
Flag to enable/disable antrea policytrueNo
FlowExporter
bool
Flag to enable/disable flow exporterfalseNo
Egress
bool
Flag to enable/disable SNAT IPs of Pod egress traffictrueNo
NodePortLocal
bool
Flag to enable/disable NodePortLocal feature to make the pods reachable externally through NodePorttrueNo
AntreaTraceflow
bool
Flag to enable/disable antrea traceflowtrueNo
NetworkPolicyStats
bool
Flag to enable/disable network policy statsfalseNo
AntreaIPAM
bool
Flag to enable/disable antrea IPAMfalseNo
ServiceExternalIP
bool
Flag to enable/disable service external IPfalseNo
Multicast
bool
Flag to enable/disable multicastfalseNo
Multicluster
bool
Enable Antrea Multi-cluster Gateway to support cross-cluster traffic.falseNo
SecondaryNetwork
bool
Enable support for provisioning secondary network interfaces for Pods (using Pod annotations).falseNo
TrafficControl
bool
Enable mirroring or redirecting the traffic Pods send or receive.falseNo
TopologyAwareHints
bool
Enable TopologyAwareHints in AntreaProxy. This requires AntreaProxy and EndpointSlice to be enabled, otherwise this flag will not take effect.falseNo
SupportBundleCollection
bool
Enable collecting support bundle files with SupportBundleCollection CRD.No
L7NetworkPolicy
bool
Enable users to protect their applications by specifying how they are allowed to communicate with others.No
AdminNetworkPolicy
bool
Enable the use of Network Policy APIs which helps administrators set security postures for their clusters.No
CleanupStaleUDPSvcConntrack
bool
Enable support for cleaning up stale UDP Service conntrack connections in AntreaProxyNo
NodeLatencyMonitor
bool
Enable NodeLatencyMonitor to monitor the latency between Nodes.No
EgressTrafficShaping
bool
Enable Egress traffic shaping.No
EgressSeparateSubnet
bool
Allow users to allocate Egress IPs from a different subnet from the default Node subnet.No
NodeNetworkPolicy
bool
Allow users to apply ClusterNetworkPolicy to Kubernetes Nodes.No
L7FlowExporter
bool
Enable L7FlowExporter on Pods and Namespaces to export the application layer flows such as HTTP flows.No
PacketCapture
bool
Enable PacketCapture feature which supports capturing packets to diagnose network issues.No
ServiceTrafficDistribution
bool
Enable ServiceTrafficDistribution in AntreaProxy. This requires AntreaProxy and EndpointSlice to be enabled, otherwise this flag will not take effect.No

AntreaFlowExporter

Appears in: AntreaConfigDataValue, AntreaWindowsConfig

FieldDescriptionRequired
enable
bool
Enable FlowExporter, a feature used to export polled conntrack connections as IPFIX flow records from each agent to a configured collector. To enable this feature, you need to set "enable" to true, and ensure that the FlowExporter feature gate is also enabled.No
collectorAddress
string
CollectorAddress provides the IPFIX collector address as a string with format <HOST>:[<PORT>][:<PROTO>]. HOST can either be the DNS name, IP, or Service name of the Flow Collector. If using an IP, it can be either IPv4 or IPv6. However, IPv6 address should be wrapped with []. When the collector is running in-cluster as a Service, set <HOST> to <Service namespace>/<Service name>. For example, "flow-aggregator/flow-aggregator" can be provided to connect to the Antrea Flow Aggregator Service. If PORT is empty, we default to 14739. If no PROTO is given, we consider "grpc" as default. We support "grpc", "tls", "tcp" and "udp" protocols. "grpc", "tls" are used for securing communication between flow exporter and flow aggregator.No
pollInterval
string
PollInterval provides flow poll interval as a duration string. This determines how often the flow exporter dumps connections from the conntrack module. Flow poll interval should be greater than or equal to 1s (one second). Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".No
activeFlowTimeout
string
ActiveFlowTimeout provides the active flow export timeout, which is the timeout after which a flow record is sent to the collector for active flows. Thus, for flows with a continuous stream of packets, a flow record will be exported to the collector once the elapsed time since the last export event is equal to the value of this timeout. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".No
idleFlowTimeout
string
IdleFlowTimeout provides the idle flow export timeout, which is the timeout after which a flow record is sent to the collector for idle flows. A flow is considered idle if no packet matching this flow has been observed since the last export event. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".No

AntreaMultiCluster

Appears in: AntreaConfigDataValue

FieldDescriptionRequired
enable
bool
Enable indicates whether to enable Antrea Multi-cluster Gateway to support cross-cluster traffic. This feature is supported only with encap mode.No
namespace
string
Namespace is the Namespace where Antrea Multi-cluster Controller is running. The default is antrea-agent's Namespace.No
enableStretchedNetworkPolicy
bool
EnableStretchedNetworkPolicy enables Multi-cluster NetworkPolicy (ingress rules). Multi-cluster Gateway must be enabled to enable StretchedNetworkPolicy.No
enablePodToPodConnectivity
bool
EnablePodToPodConnectivity enables Pod to Pod connectivity.No

AntreaMulticast

Appears in: AntreaConfigDataValue

FieldDescriptionRequired
enable
bool
Enable is used to enable Multicast. You need to set "enable" to true, and ensure that the Multicast feature gate is also enabled (which is the default).No
igmpQueryInterval
string
IGMPQueryInterval is the interval at which the antrea-agent sends IGMP queries to Pods. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".No
igmpQueryVersions
[]int
IGMPQueryVersions specifies the versions of IGMP queries antrea-agent sends to Pods. Valid versions are 1, 2 and 3.No

AntreaNodePortLocal

Appears in: AntreaConfigDataValue, AntreaWindowsConfig

FieldDescriptionRequired
enabled
bool
Enabled enables NodePortLocal, a feature used to make Pods reachable using port forwarding on the host.No
portRange
string
PortRange provides the port range used by NodePortLocal. When the NodePortLocal feature is enabled, a port from that range will be assigned whenever a Pod's container defines a specific port to be exposed (each container can define a list of ports as pod.spec.containers[].ports), and all Node traffic directed to that port will be forwarded to the Pod. Format: "61000-62000".No

AntreaProxy

Appears in: AntreaConfigDataValue

FieldDescriptionRequired
proxyAll
bool
ProxyAll tells antrea-agent to proxy all Service traffic, including NodePort, LoadBalancer, and ClusterIP traffic, regardless of where they come from. Therefore, running kube-proxy is no longer required. Note that this option is experimental. If kube-proxy is removed, option kubeAPIServerOverride must be used to access apiserver directly.No
nodePortAddresses
[]string
NodePortAddresses is a string array of values which specifies the host IPv4/IPv6 addresses for NodePort. Values can be valid IP blocks. (e.g. 1.2.3.0/24, 1.2.3.4/32). An empty string slice is meant to select all host IPv4/IPv6 addresses. Note that the option is only valid when proxyAll is true.No
skipServices
[]string
SkipServices is an array of string values to specify a list of Services which should be ignored by AntreaProxy (traffic to these Services will not be load-balanced). Values can be a valid ClusterIP (e.g. 10.11.1.2) or a Service name with Namespace (e.g. kube-system/kube-dns)No
proxyLoadBalancerIPs
bool
ProxyLoadBalancerIPs when set to false, AntreaProxy no longer load-balances traffic destined to the External IPs of LoadBalancer Services. This is useful when the external LoadBalancer provides additional capabilities (e.g. TLS termination) and it is desirable for Pod-to-ExternalIP traffic to be sent to the external LoadBalancer instead of being load-balanced to an Endpoint directly by AntreaProxy. Note that setting ProxyLoadBalancerIPs to false usually only makes sense when proxyAll is set to true and kube-proxy is removed from the cluster, otherwise kube-proxy will still load-balance this traffic.No
serviceProxyName
string
ServiceProxyName is the value of the "service.kubernetes.io/service-proxy-name" label for AntreaProxy to match. If it is set, then AntreaProxy will only handle Services with the label that equals the provided value. If it is not set, then AntreaProxy will only handle Services without the "service.kubernetes.io/service-proxy-name" label, ignoring Services with the label regardless of the value.No
enable
bool
Enable controls whether to disable AntreaProxy. Set this to false to disable AntreaProxy.No
disableServiceHealthCheckServer
bool
DisableServiceHealthCheckServer disables the health check server run by Antrea Proxy, which provides health information about Services of type LoadBalancer with externalTrafficPolicy set to Local, when proxyAll is enabled. This avoids race conditions between kube-proxy and Antrea proxy, with both trying to bind to the same addresses, when proxyAll is enabled while kube-proxy has not been removed.No

AntreaSecondaryNetwork

Appears in: AntreaConfigDataValue

FieldDescriptionRequired
ovsBridges
[]OVSBridge
OVSBridges is the configuration of OVS bridges for secondary network. At the moment, at most one OVS bridge can be specified. If the specified bridge does not exist on the Node, antrea-agent will create it based on the configuration.No

AntreaWindowsConfig

Appears in: AntreaWindowsConfigDataValue

FieldDescriptionDefaultRequired
antreaProxy
AntreaWindowsProxy
Specifies AntreaProxy related configuration.No
nodePortLocal
AntreaNodePortLocal
Specifies NodePortLocal related configuration.No
flowExporter
AntreaFlowExporter
Specifies FlowExporter related configuration.No
kubeAPIServerOverride
string
Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig.No
transportInterface
string
The name of the interface on Node which is used for tunneling or routing.No
transportInterfaceCIDRs
[]string
The network CIDRs of the interface on Node which is used for tunneling or routing.No
tlsCipherSuites
string
List of allowed cipher suites. If omitted, the default Go Cipher Suites will be usedTLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
No
featureGates
AntreaWindowsFeatureGates
FeatureGates is a map of feature names to flags that enable or disable experimental featuresNo

AntreaWireGuard

Appears in: AntreaConfigDataValue

FieldDescriptionRequired
port
int
Port is the port for WireGuard to receive traffic.No

AuditLogging

Appears in: AntreaConfigDataValue

FieldDescriptionRequired
maxSize
int
MaxSize is the maximum size in MB of a log file before it gets rotated.No
maxBackups
int
MaxBackups is the maximum number of old log files to retain. If set to 0, all log files will be retained (unless MaxAge causes them to be deleted).No
maxAge
int
MaxAge is the maximum number of days to retain old log files based on the timestamp encoded in their filename. If set to 0, old log files are not removed based on age.No
compress
bool
Compress enables gzip compression on rotated files.No

CCPAdapterConf

Appears in: AntreaNSXConfig

FieldDescriptionRequired
enableDebugServer
bool
EnableDebugServer indicates whether to enable the debug server.No
apiServerPort
int
Port on which the API server listens.No
debugServerPort
int
DebugServerPort is the port for the APIServer to serve on. Defaults to 16667.No
nsxRPCDebug
bool
NSXRPCDebug indicates whether to enable NSX RPC debug mode.No
realizeTimeoutSeconds
int
Time to wait for realization.No
realizeErrorSyncIntervalSeconds
int
An interval for regularly report latest realization error in background.No
reconcilerWorkerCount
int
Number of workers for reconciler.No
reconcilerQPS
int
Average QPS = ReconcilerWorkerCount * ReconcilerQPSNo
reconcilerBurst
int
Peak QPS = ReconcilerWorkerCount * ReconcilerBurstNo
reconcilerResyncSeconds
int
Period for Reconciler to rsync downstream events.No

MPAdapterConf

Appears in: AntreaNSXConfig

FieldDescriptionRequired
nsxClientAuthCertFile
string
Path to the client authentication certificate file.No
nsxClientAuthKeyFile
string
Path to the client authentication key file.No
nsxRemoteAuth
bool
NSXRemoteAuth indicates whether to use remote authentication.No
nsxCAFile
string
Path to the CA file.No
nsxInsecure
bool
NSXInsecure indicates whether to enable insecure connections.No
nsxRPCConnType
string
NsxRpcConnType is the NSX connection type: either mock or tnproxy.No
clusterType
string
ClusterType represents the type of the cluster.No
nsxClientTimeout
int
Timeout for NSX client.No
inventoryBatchSize
int
InventoryBatchSize is the max objects in one inventory update request.No
inventoryBatchPeriod
int
InventoryBatchPeriod is the time in seconds to send out request even if the max batch size is not reached.No
enableDebugServer
bool
EnableDebugServer indicates whether to enable the debug server.No
apiServerPort
int
Port on which the API server listens.No
debugServerPort
int
DebugServerPort is the port for the APIServer to serve on. Defaults to 16666.No
nsxRPCDebug
bool
NSXRPCDebug indicates whether to enable NSX RPC debug mode.No
conditionTimeout
int
Monitor for determine the timeout.No
nsxVerifyServerName
bool
NSXVerifyServerName indicates whether to validate NSX server name when NSXInsecure is false.No

ProxyEndpoints

ProxyEndpoints is a struct for proxy endpoints containing the information needed to access the API server.

Appears in: AntreaNSXConfig

FieldDescriptionRequired
restApi
[]string
RestAPI is a string slice that contains the IP address or domain name of the REST API endpoint.No
nsxRpcFwdProxy
[]string
NSXRPCFwdProxy is a string slice that contains the IP address or domain name of the NSX RPC forward proxy.No

AntreaWindowsFeatureGates

Appears in: AntreaWindowsConfig

FieldDescriptionRequired
AntreaProxy
bool
Enable antrea proxy which provides ServiceLB for in-cluster services in antrea agent. It should be enabled on Windows, otherwise NetworkPolicy will not take effect on Service traffic. Note that this feature gate is deprecated since this feature was promoted to GA in v1.14.No
NodePortLocal
bool
Enable NodePortLocal feature to make the Pods reachable externally through NodePortNo
FlowExporter
bool
Enable flowexporter which exports polled conntrack connections as IPFIX flow records from each agent to a configured collector.No

AntreaWindowsProxy

Appears in: AntreaWindowsConfig

FieldDescriptionRequired
enable
bool
Enable controls whether to enable AntreaProxy on Windows nodes. Set this to true to enable AntreaProxy. To disable AntreaProxy, set this to false. It should be enabled on Windows, otherwise NetworkPolicy will not take effect on Service traffic.No
proxyAll
bool
ProxyAll tells antrea-agent to proxy ClusterIP Service traffic, regardless of where they come from. Therefore, running kube-proxy is no longer required. This requires the AntreaProxy feature to be enabled. Note that this option is experimental. If kube-proxy is removed, option kubeAPIServerOverride must be used to access apiserver directly.No
serviceProxyName
string
The value of the "service.kubernetes.io/service-proxy-name" label for AntreaProxy to match. If it is set, then AntreaProxy will only handle Services with the label that equals the provided value. If it is not set, then AntreaProxy will only handle Services without the "service.kubernetes.io/service-proxy-name" label, but ignore Services with the label no matter what is the value.No

OVSBridge

Appears in: AntreaSecondaryNetwork

FieldDescriptionRequired
bridgeName
string
BridgeName is the name of the OVS bridge for secondary network. At the moment, at most one OVS bridge can be specified. If the specified bridge does not exist on the Node, antrea-agent will create it based on the configuration.No
physicalInterfaces
[]string
PhysicalInterfaces is a list of physical interfaces to be connected to the OVS bridge. These interfaces will serve as uplinks for the bridge. For now, at most one interface should be specified on VKS clusterNo
enableMulticastSnooping
bool
EnableMulticastSnooping enables multicast snooping on the OVS bridge, allowing the bridge to learn about multicast group memberships and forward multicast traffic only to ports that have interested receivers. When disabled, multicast traffic is flooded to all ports in the bridge. The default value is falseNo

controlplane.cluster.x-k8s.io/v1beta1

Resource Types:

KubeadmControlPlane

KubeadmControlPlane is the Schema for the KubeadmControlPlane API.

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
KubeadmControlPlaneSpec
spec is the desired state of KubeadmControlPlane.No
status
KubeadmControlPlaneStatus
status is the observed state of KubeadmControlPlane.No

KubeadmControlPlaneTemplate

KubeadmControlPlaneTemplate is the Schema for the kubeadmcontrolplanetemplates API.

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
KubeadmControlPlaneTemplateSpec
spec is the desired state of KubeadmControlPlaneTemplate.No

KubeadmControlPlaneSpec

KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane.

Appears in: KubeadmControlPlane

FieldDescriptionDefaultRequired
replicas
int32
replicas is the number of desired machines. Defaults to 1. When stacked etcd is used only odd numbers are permitted, as per etcd best practice. This is a pointer to distinguish between explicit zero and not specified.No
version
string
version defines the desired Kubernetes version. Please note that if kubeadmConfigSpec.ClusterConfiguration.imageRepository is not set we don't allow upgrades to versions ≥ v1.22.0 for which kubeadm uses the old registry (k8s.gcr.io). Please use a newer patch version with the new registry instead. The default registries of kubeadm are: * registry.k8s.io (new registry): ≥ v1.22.17, ≥ v1.23.15, ≥ v1.24.9, ≥ v1.25.0 * k8s.gcr.io (old registry): all older versions

Validation: Maximum length: 256
Minimum length: 1

Yes
machineTemplate
KubeadmControlPlaneMachineTemplate
machineTemplate contains information about how machines should be shaped when creating or updating a control plane.Yes
kubeadmConfigSpec
KubeadmConfigSpec
kubeadmConfigSpec is a KubeadmConfigSpec to use for initializing and joining machines to the control plane.Yes
rolloutBefore
RolloutBefore
rolloutBefore is a field to indicate a rollout should be performed if the specified criteria is met.No
rolloutAfter
Time
rolloutAfter is a field to indicate a rollout should be performed after the specified time even if no changes have been made to the KubeadmControlPlane. Example: In the YAML the time can be specified in the RFC3339 format. To specify the rolloutAfter target as March 9, 2023, at 9 am UTC use "2023-03-09T09:00:00Z".No
rolloutStrategy
RolloutStrategy
rolloutStrategy is the RolloutStrategy to use to replace control plane machines with new ones.rollingUpdate.maxSurge: 1
type: RollingUpdate
No
remediationStrategy
RemediationStrategy
remediationStrategy is the RemediationStrategy that controls how control plane machine remediation happens.No
machineNamingStrategy
MachineNamingStrategy
machineNamingStrategy allows changing the naming pattern used when creating Machines. InfraMachines & KubeadmConfigs will use the same name as the corresponding Machines.No

KubeadmControlPlaneStatus

KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane.

Appears in: KubeadmControlPlane

FieldDescriptionRequired
selector
string
selector is the label selector in string format to avoid introspection by clients, and is used to provide the CRD-based integration for the scale subresource and additional integrations for things like kubectl describe.. The string will be in the same format as the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors

Validation: Minimum length: 1
Maximum length: 4096

No
replicas
int32
replicas is the total number of non-terminated machines targeted by this control plane (their labels match the selector).No
version
string
version represents the minimum Kubernetes version for the control plane machines in the cluster.

Validation: Minimum length: 1
Maximum length: 256

No
updatedReplicas
int32
updatedReplicas is the total number of non-terminated machines targeted by this control plane that have the desired template spec.No
readyReplicas
int32
readyReplicas is the total number of fully running and ready control plane machines.No
unavailableReplicas
int32
unavailableReplicas is the total number of unavailable machines targeted by this control plane. This is the total number of machines that are still required for the deployment to have 100% available capacity. They may either be machines that are running but not yet ready or machines that still have not been created.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
No
initialized
bool
initialized denotes that the KubeadmControlPlane API Server is initialized and thus it can accept requests. NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning. The value of this field is never updated after provisioning is completed. Please use conditions to check the operational state of the control plane.No
ready
bool
ready denotes that the KubeadmControlPlane API Server became ready during initial provisioning to receive requests. NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning. The value of this field is never updated after provisioning is completed. Please use conditions to check the operational state of the control plane.No
failureReason
KubeadmControlPlaneStatusError
failureReason indicates that there is a terminal problem reconciling the state, and will be set to a token value suitable for programmatic interpretation.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
No
failureMessage
string
failureMessage indicates that there is a terminal problem reconciling the state, and will be set to a descriptive error message.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.

Validation: Minimum length: 1
Maximum length: 10240

No
observedGeneration
int64
observedGeneration is the latest generation observed by the controller.No
conditions
Conditions
conditions defines current service state of the KubeadmControlPlane.No
lastRemediation
LastRemediationStatus
lastRemediation stores info about last remediation performed.No
v1beta2
KubeadmControlPlaneV1Beta2Status
v1beta2 groups all the fields that will be added or modified in KubeadmControlPlane's status with the V1Beta2 version.No

KubeadmControlPlaneTemplateSpec

KubeadmControlPlaneTemplateSpec defines the desired state of KubeadmControlPlaneTemplate.

Appears in: KubeadmControlPlaneTemplate

FieldDescriptionRequired
template
KubeadmControlPlaneTemplateResource
template defines the desired state of KubeadmControlPlaneTemplate.Yes

KubeadmControlPlaneMachineTemplate

KubeadmControlPlaneMachineTemplate defines the template for Machines in a KubeadmControlPlane object.

Appears in: KubeadmControlPlaneSpec

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
infrastructureRef
ObjectReference
infrastructureRef is a required reference to a custom resource offered by an infrastructure provider.Yes
readinessGates
[]MachineReadinessGate
readinessGates specifies additional conditions to include when evaluating Machine Ready condition; KubeadmControlPlane will always add readinessGates for the condition it is setting on the Machine: APIServerPodHealthy, SchedulerPodHealthy, ControllerManagerPodHealthy, and if etcd is managed by CKP also EtcdPodHealthy, EtcdMemberHealthy.

This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine.

NOTE: This field is considered only for computing v1beta2 conditions.

Validation: Maximum items: 32

No
nodeDrainTimeout
Duration
nodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from kubectl drain --timeoutNo
nodeVolumeDetachTimeout
Duration
nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.No
nodeDeletionTimeout
Duration
nodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. If no value is provided, the default value for this property of the Machine resource will be used.No
taints
[]MachineTaint
taints are the node taints that Cluster API will manage. This list is not necessarily complete: other Kubernetes components may add or remove other taints from nodes, e.g. the node controller might add the node.kubernetes.io/not-ready taint. Only those taints defined in this list will be added or removed by core Cluster API controllers.

There can be at most 64 taints. A pod would have to tolerate all existing taints to run on the corresponding node.

NOTE: This list is implemented as a "map" type, meaning that individual elements can be managed by different owners.

Validation: Minimum items: 1
Maximum items: 64

No

KubeadmControlPlaneTemplateResource

KubeadmControlPlaneTemplateResource describes the data needed to create a KubeadmControlPlane from a template.

Appears in: KubeadmControlPlaneTemplateSpec

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
KubeadmControlPlaneTemplateResourceSpec
spec is the desired state of KubeadmControlPlaneTemplateResource.Yes

KubeadmControlPlaneV1Beta2Status

KubeadmControlPlaneV1Beta2Status Groups all the fields that will be added or modified in KubeadmControlPlane with the V1Beta2 version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.

Appears in: KubeadmControlPlaneStatus

FieldDescriptionRequired
conditions
[]Condition
conditions represents the observations of a KubeadmControlPlane's current state. Known condition types are Available, CertificatesAvailable, EtcdClusterAvailable, MachinesReady, MachinesUpToDate, ScalingUp, ScalingDown, Remediating, Deleting, Paused.

Validation: Maximum items: 32

No
readyReplicas
int32
readyReplicas is the number of ready replicas for this KubeadmControlPlane. A machine is considered ready when Machine's Ready condition is true.No
availableReplicas
int32
availableReplicas is the number of available replicas targeted by this KubeadmControlPlane. A machine is considered available when Machine's Available condition is true.No
upToDateReplicas
int32
upToDateReplicas is the number of up-to-date replicas targeted by this KubeadmControlPlane. A machine is considered up-to-date when Machine's UpToDate condition is true.No

LastRemediationStatus

LastRemediationStatus stores info about last remediation performed. NOTE: if for any reason information about last remediation are lost, RetryCount is going to restart from 0 and thus more remediations than expected might happen.

Appears in: KubeadmControlPlaneStatus

FieldDescriptionRequired
machine
string
machine is the machine name of the latest machine being remediated.

Validation: Minimum length: 1
Maximum length: 253

Yes
timestamp
Time
timestamp is when last remediation happened. It is represented in RFC3339 form and is in UTC.Yes
retryCount
int32
retryCount used to keep track of remediation retry for the last remediated machine. A retry happens when a machine that was created as a replacement for an unhealthy machine also fails.Yes

MachineNamingStrategy

MachineNamingStrategy allows changing the naming pattern used when creating Machines. InfraMachines & KubeadmConfigs will use the same name as the corresponding Machines.

Appears in: KubeadmControlPlaneSpec, KubeadmControlPlaneTemplateResourceSpec

FieldDescriptionRequired
template
string
template defines the template to use for generating the names of the Machine objects. If not defined, it will fallback to {{ .kubeadmControlPlane.name }}-{{ .random }}. If the generated name string exceeds 63 characters, it will be trimmed to 58 characters and will get concatenated with a random suffix of length 5. Length of the template string must not exceed 256 characters. The template allows the following variables .cluster.name, .kubeadmControlPlane.name and .random. The variable .cluster.name retrieves the name of the cluster object that owns the Machines being created. The variable .kubeadmControlPlane.name retrieves the name of the KubeadmControlPlane object that owns the Machines being created. The variable .random is substituted with random alphanumeric string, without vowels, of length 5. This variable is required part of the template. If not provided, validation will fail.

Validation: Minimum length: 1
Maximum length: 256

No

RemediationStrategy

RemediationStrategy allows to define how control plane machine remediation happens.

Appears in: KubeadmControlPlaneSpec, KubeadmControlPlaneTemplateResourceSpec

FieldDescriptionRequired
maxRetry
int32
maxRetry is the Max number of retries while attempting to remediate an unhealthy machine. A retry happens when a machine that was created as a replacement for an unhealthy machine also fails. For example, given a control plane with three machines M1, M2, M3:

M1 become unhealthy; remediation happens, and M1-1 is created as a replacement. If M1-1 (replacement of M1) has problems while bootstrapping it will become unhealthy, and then be remediated; such operation is considered a retry, remediation-retry #1. If M1-2 (replacement of M1-1) becomes unhealthy, remediation-retry #2 will happen, etc.

A retry could happen only after RetryPeriod from the previous retry. If a machine is marked as unhealthy after MinHealthyPeriod from the previous remediation expired, this is not considered a retry anymore because the new issue is assumed unrelated from the previous one.

If not set, the remedation will be retried infinitely.
No
retryPeriod
Duration
retryPeriod is the duration that KCP should wait before remediating a machine being created as a replacement for an unhealthy machine (a retry).

If not set, a retry will happen immediately.
No
minHealthyPeriod
Duration
minHealthyPeriod defines the duration after which KCP will consider any failure to a machine unrelated from the previous one. In this case the remediation is not considered a retry anymore, and thus the retry counter restarts from 0. For example, assuming MinHealthyPeriod is set to 1h (default)

M1 become unhealthy; remediation happens, and M1-1 is created as a replacement. If M1-1 (replacement of M1) has problems within the 1hr after the creation, also this machine will be remediated and this operation is considered a retry - a problem related to the original issue happened to M1 -.

If instead the problem on M1-1 is happening after MinHealthyPeriod expired, e.g. four days after m1-1 has been created as a remediation of M1, the problem on M1-1 is considered unrelated to the original issue happened to M1.

If not set, this value is defaulted to 1h.
No

RolloutBefore

RolloutBefore describes when a rollout should be performed on the KCP machines.

Appears in: KubeadmControlPlaneSpec, KubeadmControlPlaneTemplateResourceSpec

FieldDescriptionRequired
certificatesExpiryDays
int32
certificatesExpiryDays indicates a rollout needs to be performed if the certificates of the machine will expire within the specified days.No

RolloutStrategy

RolloutStrategy describes how to replace existing machines with new ones.

Appears in: KubeadmControlPlaneSpec, KubeadmControlPlaneTemplateResourceSpec

FieldDescriptionRequired
type
RolloutStrategyType
type of rollout. Currently the only supported strategy is "RollingUpdate". Default is RollingUpdate.No
rollingUpdate
RollingUpdate
rollingUpdate is the rolling update config params. Present only if RolloutStrategyType = RollingUpdate.No

KubeadmControlPlaneTemplateResourceSpec

KubeadmControlPlaneTemplateResourceSpec defines the desired state of KubeadmControlPlane. NOTE: KubeadmControlPlaneTemplateResourceSpec is similar to KubeadmControlPlaneSpec but omits Replicas and Version fields. These fields do not make sense on the KubeadmControlPlaneTemplate, because they are calculated by the Cluster topology reconciler during reconciliation and thus cannot be configured on the KubeadmControlPlaneTemplate.

Appears in: KubeadmControlPlaneTemplateResource

FieldDescriptionDefaultRequired
machineTemplate
KubeadmControlPlaneTemplateMachineTemplate
machineTemplate contains information about how machines should be shaped when creating or updating a control plane.No
kubeadmConfigSpec
KubeadmConfigSpec
kubeadmConfigSpec is a KubeadmConfigSpec to use for initializing and joining machines to the control plane.Yes
rolloutBefore
RolloutBefore
rolloutBefore is a field to indicate a rollout should be performed if the specified criteria is met.No
rolloutAfter
Time
rolloutAfter is a field to indicate a rollout should be performed after the specified time even if no changes have been made to the KubeadmControlPlane.No
rolloutStrategy
RolloutStrategy
rolloutStrategy is the RolloutStrategy to use to replace control plane machines with new ones.rollingUpdate.maxSurge: 1
type: RollingUpdate
No
remediationStrategy
RemediationStrategy
remediationStrategy is the RemediationStrategy that controls how control plane machine remediation happens.No
machineNamingStrategy
MachineNamingStrategy
machineNamingStrategy allows changing the naming pattern used when creating Machines. InfraMachines & KubeadmConfigs will use the same name as the corresponding Machines.No

RollingUpdate

RollingUpdate is used to control the desired behavior of rolling update.

Appears in: RolloutStrategy

FieldDescriptionRequired
maxSurge
IntOrString
maxSurge is the maximum number of control planes that can be scheduled above or under the desired number of control planes. Value can be an absolute number 1 or 0. Defaults to 1. Example: when this is set to 1, the control plane can be scaled up immediately when the rolling update starts.No

RolloutStrategyType

RolloutStrategyType defines the rollout strategies for a KubeadmControlPlane.

Appears in: RolloutStrategy

KubeadmControlPlaneTemplateMachineTemplate

KubeadmControlPlaneTemplateMachineTemplate defines the template for Machines in a KubeadmControlPlaneTemplate object. NOTE: KubeadmControlPlaneTemplateMachineTemplate is similar to KubeadmControlPlaneMachineTemplate but omits ObjectMeta and InfrastructureRef fields. These fields do not make sense on the KubeadmControlPlaneTemplate, because they are calculated by the Cluster topology reconciler during reconciliation and thus cannot be configured on the KubeadmControlPlaneTemplate.

Appears in: KubeadmControlPlaneTemplateResourceSpec

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
nodeDrainTimeout
Duration
nodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from kubectl drain --timeoutNo
nodeVolumeDetachTimeout
Duration
nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.No
nodeDeletionTimeout
Duration
nodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. If no value is provided, the default value for this property of the Machine resource will be used.No
taints
[]MachineTaint
taints are the node taints that Cluster API will manage. This list is not necessarily complete: other Kubernetes components may add or remove other taints from nodes, e.g. the node controller might add the node.kubernetes.io/not-ready taint. Only those taints defined in this list will be added or removed by core Cluster API controllers.

There can be at most 64 taints. A pod would have to tolerate all existing taints to run on the corresponding node.

NOTE: This list is implemented as a "map" type, meaning that individual elements can be managed by different owners.

Validation: Minimum items: 1
Maximum items: 64

No

controlplane.cluster.x-k8s.io/v1beta2

Resource Types:

KubeadmControlPlane

KubeadmControlPlane is the Schema for the KubeadmControlPlane API.

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
KubeadmControlPlaneSpec
spec is the desired state of KubeadmControlPlane.No
status
KubeadmControlPlaneStatus
status is the observed state of KubeadmControlPlane.No

KubeadmControlPlaneTemplate

KubeadmControlPlaneTemplate is the Schema for the kubeadmcontrolplanetemplates API. NOTE: This CRD can only be used if the ClusterTopology feature gate is enabled.

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
KubeadmControlPlaneTemplateSpec
spec is the desired state of KubeadmControlPlaneTemplate.No

KubeadmControlPlaneSpec

KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane.

Appears in: KubeadmControlPlane

FieldDescriptionRequired
replicas
int32
replicas is the number of desired machines. Defaults to 1. When stacked etcd is used only odd numbers are permitted, as per etcd best practice. This is a pointer to distinguish between explicit zero and not specified.No
version
string
version defines the desired Kubernetes version.

Validation: Minimum length: 1
Maximum length: 256

No
machineTemplate
KubeadmControlPlaneMachineTemplate
machineTemplate contains information about how machines should be shaped when creating or updating a control plane.No
kubeadmConfigSpec
KubeadmConfigSpec
kubeadmConfigSpec is a KubeadmConfigSpec to use for initializing and joining machines to the control plane.No
rollout
KubeadmControlPlaneRolloutSpec
rollout allows you to configure the behaviour of rolling updates to the control plane Machines. It allows you to require that all Machines are replaced before or after a certain time, and allows you to define the strategy used during rolling replacements.No
remediation
KubeadmControlPlaneRemediationSpec
remediation controls how unhealthy Machines are remediated.No
machineNaming
MachineNamingSpec
machineNaming allows changing the naming pattern used when creating Machines. InfraMachines & KubeadmConfigs will use the same name as the corresponding Machines.No

KubeadmControlPlaneStatus

KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane.

Appears in: KubeadmControlPlane

FieldDescriptionRequired
conditions
[]Condition
conditions represents the observations of a KubeadmControlPlane's current state. Known condition types are Available, CertificatesAvailable, EtcdClusterAvailable, MachinesReady, MachinesUpToDate, ScalingUp, ScalingDown, Remediating, Deleting, Paused.

Validation: Maximum items: 32

No
initialization
KubeadmControlPlaneInitializationStatus
initialization provides observations of the KubeadmControlPlane initialization process. NOTE: Fields in this struct are part of the Cluster API contract and are used to orchestrate initial Machine provisioning.No
selector
string
selector is the label selector in string format to avoid introspection by clients, and is used to provide the CRD-based integration for the scale subresource and additional integrations for things like kubectl describe.. The string will be in the same format as the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors

Validation: Minimum length: 1
Maximum length: 4096

No
replicas
int32
replicas is the total number of non-terminated machines targeted by this control plane (their labels match the selector).No
readyReplicas
int32
readyReplicas is the number of ready replicas for this KubeadmControlPlane. A machine is considered ready when Machine's Ready condition is true.No
availableReplicas
int32
availableReplicas is the number of available replicas targeted by this KubeadmControlPlane. A machine is considered available when Machine's Available condition is true.No
upToDateReplicas
int32
upToDateReplicas is the number of up-to-date replicas targeted by this KubeadmControlPlane. A machine is considered up-to-date when Machine's UpToDate condition is true.No
version
string
version represents the minimum Kubernetes version for the control plane machines in the cluster.

Validation: Minimum length: 1
Maximum length: 256

No
observedGeneration
int64
observedGeneration is the latest generation observed by the controller.

Validation: Minimum: 1

No
lastRemediation
LastRemediationStatus
lastRemediation stores info about last remediation performed.No
deprecated
KubeadmControlPlaneDeprecatedStatus
deprecated groups all the status fields that are deprecated and will be removed when all the nested field are removed.No

KubeadmControlPlaneTemplateSpec

KubeadmControlPlaneTemplateSpec defines the desired state of KubeadmControlPlaneTemplate.

Appears in: KubeadmControlPlaneTemplate

FieldDescriptionRequired
template
KubeadmControlPlaneTemplateResource
template defines the desired state of KubeadmControlPlaneTemplate.No

KubeadmControlPlaneDeprecatedStatus

KubeadmControlPlaneDeprecatedStatus groups all the status fields that are deprecated and will be removed in a future version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.

Appears in: KubeadmControlPlaneStatus

FieldDescriptionRequired
v1beta1
KubeadmControlPlaneV1Beta1DeprecatedStatus
v1beta1 groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped.No

KubeadmControlPlaneInitializationStatus

KubeadmControlPlaneInitializationStatus provides observations of the KubeadmControlPlane initialization process.

Appears in: KubeadmControlPlaneStatus

FieldDescriptionRequired
controlPlaneInitialized
bool
controlPlaneInitialized is true when the KubeadmControlPlane provider reports that the Kubernetes control plane is initialized; A control plane is considered initialized when it can accept requests, no matter if this happens before the control plane is fully provisioned or not. NOTE: this field is part of the Cluster API contract, and it is used to orchestrate initial Machine provisioning.No

KubeadmControlPlaneMachineTemplate

KubeadmControlPlaneMachineTemplate defines the template for Machines in a KubeadmControlPlane object.

Appears in: KubeadmControlPlaneSpec

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
KubeadmControlPlaneMachineTemplateSpec
spec defines the spec for Machines in a KubeadmControlPlane object.No

KubeadmControlPlaneRemediationSpec

KubeadmControlPlaneRemediationSpec controls how unhealthy control plane Machines are remediated.

Appears in: KubeadmControlPlaneSpec, KubeadmControlPlaneTemplateResourceSpec

FieldDescriptionRequired
maxRetry
int32
maxRetry is the Max number of retries while attempting to remediate an unhealthy machine. A retry happens when a machine that was created as a replacement for an unhealthy machine also fails. For example, given a control plane with three machines M1, M2, M3:

M1 become unhealthy; remediation happens, and M1-1 is created as a replacement. If M1-1 (replacement of M1) has problems while bootstrapping it will become unhealthy, and then be remediated; such operation is considered a retry, remediation-retry #1. If M1-2 (replacement of M1-1) becomes unhealthy, remediation-retry #2 will happen, etc.

A retry could happen only after retryPeriodSeconds from the previous retry. If a machine is marked as unhealthy after minHealthyPeriodSeconds from the previous remediation expired, this is not considered a retry anymore because the new issue is assumed unrelated from the previous one.

If not set, the remedation will be retried infinitely.
No
retryPeriodSeconds
int32
retryPeriodSeconds is the duration that KCP should wait before remediating a machine being created as a replacement for an unhealthy machine (a retry).

If not set, a retry will happen immediately.

Validation: Minimum: 0

No
minHealthyPeriodSeconds
int32
minHealthyPeriodSeconds defines the duration after which KCP will consider any failure to a machine unrelated from the previous one. In this case the remediation is not considered a retry anymore, and thus the retry counter restarts from 0. For example, assuming minHealthyPeriodSeconds is set to 1h (default)

M1 become unhealthy; remediation happens, and M1-1 is created as a replacement. If M1-1 (replacement of M1) has problems within the 1hr after the creation, also this machine will be remediated and this operation is considered a retry - a problem related to the original issue happened to M1 -.

If instead the problem on M1-1 is happening after minHealthyPeriodSeconds expired, e.g. four days after m1-1 has been created as a remediation of M1, the problem on M1-1 is considered unrelated to the original issue happened to M1.

If not set, this value is defaulted to 1h.

Validation: Minimum: 0

No

KubeadmControlPlaneRolloutSpec

KubeadmControlPlaneRolloutSpec allows you to configure the behaviour of rolling updates to the control plane Machines. It allows you to require that all Machines are replaced before or after a certain time, and allows you to define the strategy used during rolling replacements.

Appears in: KubeadmControlPlaneSpec, KubeadmControlPlaneTemplateResourceSpec

FieldDescriptionRequired
before
KubeadmControlPlaneRolloutBeforeSpec
before is a field to indicate a rollout should be performed if the specified criteria is met.No
after
Time
after is a field to indicate a rollout should be performed after the specified time even if no changes have been made to the KubeadmControlPlane. Example: In the YAML the time can be specified in the RFC3339 format. To specify the rolloutAfter target as March 9, 2023, at 9 am UTC use "2023-03-09T09:00:00Z".No
strategy
KubeadmControlPlaneRolloutStrategy
strategy specifies how to roll out control plane Machines.No

KubeadmControlPlaneTemplateResource

KubeadmControlPlaneTemplateResource describes the data needed to create a KubeadmControlPlane from a template.

Appears in: KubeadmControlPlaneTemplateSpec

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
KubeadmControlPlaneTemplateResourceSpec
spec is the desired state of KubeadmControlPlaneTemplateResource.No

LastRemediationStatus

LastRemediationStatus stores info about last remediation performed. NOTE: if for any reason information about last remediation are lost, RetryCount is going to restart from 0 and thus more remediations than expected might happen.

Appears in: KubeadmControlPlaneStatus

FieldDescriptionRequired
machine
string
machine is the machine name of the latest machine being remediated.

Validation: Minimum length: 1
Maximum length: 253

No
time
Time
time is when last remediation happened. It is represented in RFC3339 form and is in UTC.No
retryCount
int32
retryCount used to keep track of remediation retry for the last remediated machine. A retry happens when a machine that was created as a replacement for an unhealthy machine also fails.

Validation: Minimum: 0

No

MachineNamingSpec

MachineNamingSpec allows changing the naming pattern used when creating Machines. InfraMachines & KubeadmConfigs will use the same name as the corresponding Machines.

Appears in: KubeadmControlPlaneSpec, KubeadmControlPlaneTemplateResourceSpec

FieldDescriptionRequired
template
string
template defines the template to use for generating the names of the Machine objects. If not defined, it will fallback to {{ .kubeadmControlPlane.name }}-{{ .random }}. If the generated name string exceeds 63 characters, it will be trimmed to 58 characters and will get concatenated with a random suffix of length 5. Length of the template string must not exceed 256 characters. The template allows the following variables .cluster.name, .kubeadmControlPlane.name and .random. The variable .cluster.name retrieves the name of the cluster object that owns the Machines being created. The variable .kubeadmControlPlane.name retrieves the name of the KubeadmControlPlane object that owns the Machines being created. The variable .random is substituted with random alphanumeric string, without vowels, of length 5. This variable is required part of the template. If not provided, validation will fail.

Validation: Minimum length: 1
Maximum length: 256

No

KubeadmControlPlaneMachineTemplateSpec

KubeadmControlPlaneMachineTemplateSpec defines the spec for Machines in a KubeadmControlPlane object.

Appears in: KubeadmControlPlaneMachineTemplate

FieldDescriptionRequired
infrastructureRef
ContractVersionedObjectReference
infrastructureRef is a required reference to a custom resource offered by an infrastructure provider.No
readinessGates
[]MachineReadinessGate
readinessGates specifies additional conditions to include when evaluating Machine Ready condition; KubeadmControlPlane will always add readinessGates for the condition it is setting on the Machine: NodeKubeadmLabelsAndTaintsSet, APIServerPodHealthy, SchedulerPodHealthy, ControllerManagerPodHealthy, and if etcd is managed by CKP also EtcdPodHealthy, EtcdMemberHealthy.

This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine.

Validation: Minimum items: 1
Maximum items: 32

No
deletion
KubeadmControlPlaneMachineTemplateDeletionSpec
deletion contains configuration options for Machine deletion.No
taints
[]MachineTaint
taints are the node taints that Cluster API will manage. This list is not necessarily complete: other Kubernetes components may add or remove other taints from nodes, e.g. the node controller might add the node.kubernetes.io/not-ready taint. Only those taints defined in this list will be added or removed by core Cluster API controllers.

There can be at most 64 taints. A pod would have to tolerate all existing taints to run on the corresponding node.

NOTE: This list is implemented as a "map" type, meaning that individual elements can be managed by different owners.

Validation: Minimum items: 1
Maximum items: 64

No

KubeadmControlPlaneRolloutBeforeSpec

KubeadmControlPlaneRolloutBeforeSpec describes when a rollout should be performed on the KCP machines.

Appears in: KubeadmControlPlaneRolloutSpec

FieldDescriptionRequired
certificatesExpiryDays
int32
certificatesExpiryDays indicates a rollout needs to be performed if the certificates of the machine will expire within the specified days. The minimum for this field is 7.

Validation: Minimum: 7

No

KubeadmControlPlaneRolloutStrategy

KubeadmControlPlaneRolloutStrategy describes how to replace existing machines with new ones.

Appears in: KubeadmControlPlaneRolloutSpec

FieldDescriptionRequired
type
KubeadmControlPlaneRolloutStrategyType
type of rollout. Currently the only supported strategy is "RollingUpdate". Default is RollingUpdate.No
rollingUpdate
KubeadmControlPlaneRolloutStrategyRollingUpdate
rollingUpdate is the rolling update config params. Present only if type = RollingUpdate.No

KubeadmControlPlaneTemplateResourceSpec

KubeadmControlPlaneTemplateResourceSpec defines the desired state of KubeadmControlPlane. NOTE: KubeadmControlPlaneTemplateResourceSpec is similar to KubeadmControlPlaneSpec but omits Replicas and Version fields. These fields do not make sense on the KubeadmControlPlaneTemplate, because they are calculated by the Cluster topology reconciler during reconciliation and thus cannot be configured on the KubeadmControlPlaneTemplate.

Appears in: KubeadmControlPlaneTemplateResource

FieldDescriptionRequired
machineTemplate
KubeadmControlPlaneTemplateMachineTemplate
machineTemplate contains information about how machines should be shaped when creating or updating a control plane.No
kubeadmConfigSpec
KubeadmConfigSpec
kubeadmConfigSpec is a KubeadmConfigSpec to use for initializing and joining machines to the control plane.No
rollout
KubeadmControlPlaneRolloutSpec
rollout allows you to configure the behaviour of rolling updates to the control plane Machines. It allows you to require that all Machines are replaced before or after a certain time, and allows you to define the strategy used during rolling replacements.No
remediation
KubeadmControlPlaneRemediationSpec
remediation controls how unhealthy Machines are remediated.No
machineNaming
MachineNamingSpec
machineNaming allows changing the naming pattern used when creating Machines. InfraMachines & KubeadmConfigs will use the same name as the corresponding Machines.No

KubeadmControlPlaneV1Beta1DeprecatedStatus

KubeadmControlPlaneV1Beta1DeprecatedStatus groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.

Appears in: KubeadmControlPlaneDeprecatedStatus

FieldDescriptionRequired
conditions
Conditions
conditions defines current service state of the KubeadmControlPlane.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
No
failureReason
KubeadmControlPlaneStatusError
failureReason indicates that there is a terminal problem reconciling the state, and will be set to a token value suitable for programmatic interpretation.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
No
failureMessage
string
failureMessage indicates that there is a terminal problem reconciling the state, and will be set to a descriptive error message.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.

Validation: Minimum length: 1
Maximum length: 10240

No
updatedReplicas
int32
updatedReplicas is the total number of non-terminated machines targeted by this control plane that have the desired template spec.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
No
readyReplicas
int32
readyReplicas is the total number of fully running and ready control plane machines.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
No
unavailableReplicas
int32
unavailableReplicas is the total number of unavailable machines targeted by this control plane. This is the total number of machines that are still required for the deployment to have 100% available capacity. They may either be machines that are running but not yet ready or machines that still have not been created.

Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
No

KubeadmControlPlaneMachineTemplateDeletionSpec

KubeadmControlPlaneMachineTemplateDeletionSpec contains configuration options for Machine deletion.

Appears in: KubeadmControlPlaneMachineTemplateSpec

FieldDescriptionRequired
nodeDrainTimeoutSeconds
int32
nodeDrainTimeoutSeconds is the total amount of time that the controller will spend on draining a controlplane node The default value is 0, meaning that the node can be drained without any time limitations. NOTE: nodeDrainTimeoutSeconds is different from kubectl drain --timeout

Validation: Minimum: 0

No
nodeVolumeDetachTimeoutSeconds
int32
nodeVolumeDetachTimeoutSeconds is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.

Validation: Minimum: 0

No
nodeDeletionTimeoutSeconds
int32
nodeDeletionTimeoutSeconds defines how long the machine controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. If no value is provided, the default value for this property of the Machine resource will be used.

Validation: Minimum: 0

No

KubeadmControlPlaneRolloutStrategyRollingUpdate

KubeadmControlPlaneRolloutStrategyRollingUpdate is used to control the desired behavior of rolling update.

Appears in: KubeadmControlPlaneRolloutStrategy

FieldDescriptionRequired
maxSurge
IntOrString
maxSurge is the maximum number of control planes that can be scheduled above or under the desired number of control planes. Value can be an absolute number 1 or 0. Defaults to 1. Example: when this is set to 1, the control plane can be scaled up immediately when the rolling update starts.No

KubeadmControlPlaneRolloutStrategyType

KubeadmControlPlaneRolloutStrategyType defines the rollout strategies for a KubeadmControlPlane.

Appears in: KubeadmControlPlaneRolloutStrategy

KubeadmControlPlaneTemplateMachineTemplate

KubeadmControlPlaneTemplateMachineTemplate defines the template for Machines in a KubeadmControlPlaneTemplate object. NOTE: KubeadmControlPlaneTemplateMachineTemplate is similar to KubeadmControlPlaneMachineTemplate but omits ObjectMeta and InfrastructureRef fields. These fields do not make sense on the KubeadmControlPlaneTemplate, because they are calculated by the Cluster topology reconciler during reconciliation and thus cannot be configured on the KubeadmControlPlaneTemplate.

Appears in: KubeadmControlPlaneTemplateResourceSpec

FieldDescriptionRequired
metadata
ObjectMeta
metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataNo
spec
KubeadmControlPlaneTemplateMachineTemplateSpec
spec defines the spec for Machines in a KubeadmControlPlane object.No

KubeadmControlPlaneTemplateMachineTemplateSpec

KubeadmControlPlaneTemplateMachineTemplateSpec defines the spec for Machines in a KubeadmControlPlane object.

Appears in: KubeadmControlPlaneTemplateMachineTemplate

FieldDescriptionRequired
deletion
KubeadmControlPlaneTemplateMachineTemplateDeletionSpec
deletion contains configuration options for Machine deletion.No
taints
[]MachineTaint
taints are the node taints that Cluster API will manage. This list is not necessarily complete: other Kubernetes components may add or remove other taints from nodes, e.g. the node controller might add the node.kubernetes.io/not-ready taint. Only those taints defined in this list will be added or removed by core Cluster API controllers.

There can be at most 64 taints. A pod would have to tolerate all existing taints to run on the corresponding node.

NOTE: This list is implemented as a "map" type, meaning that individual elements can be managed by different owners.

Validation: Maximum items: 64
Minimum items: 1

No

KubeadmControlPlaneTemplateMachineTemplateDeletionSpec

KubeadmControlPlaneTemplateMachineTemplateDeletionSpec contains configuration options for Machine deletion.

Appears in: KubeadmControlPlaneTemplateMachineTemplateSpec

FieldDescriptionRequired
nodeDrainTimeoutSeconds
int32
nodeDrainTimeoutSeconds is the total amount of time that the controller will spend on draining a controlplane node The default value is 0, meaning that the node can be drained without any time limitations. NOTE: nodeDrainTimeoutSeconds is different from kubectl drain --timeout

Validation: Minimum: 0

No
nodeVolumeDetachTimeoutSeconds
int32
nodeVolumeDetachTimeoutSeconds is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.

Validation: Minimum: 0

No
nodeDeletionTimeoutSeconds
int32
nodeDeletionTimeoutSeconds defines how long the machine controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. If no value is provided, the default value for this property of the Machine resource will be used.

Validation: Minimum: 0

No

cpi.tanzu.vmware.com/v1alpha1

Resource Types:

KubevipCPIConfig

KubevipCPIConfig is the Schema for the kubevipcpiconfigs API

FieldDescriptionRequired
metadata
ObjectMeta
No
spec
KubevipCPIConfigSpec
No
status
KubevipCPIConfigStatus
No

VSphereCPIConfig

VSphereCPIConfig is the Schema for the VSphereCPIConfig API

FieldDescriptionRequired
metadata
ObjectMeta
No
spec
VSphereCPIConfigSpec
No
status
VSphereCPIConfigStatus
No

KubevipCPIConfigSpec

KubevipCPIConfigSpec defines the desired state of KubevipCPIConfig

Appears in: KubevipCPIConfig

FieldDescriptionRequired
loadbalancerCIDRs
string
loadbalancerCIDRs is a list of comma separated cidrs will be used to allocate IP for external load balancer. For example 192.168.0.200/29,192.168.1.200/29No
loadbalancerIPRanges
string
loadbalancerIPRanges is a list of comma separated IP ranges will be used to allocate IP for external load balancer. For example 192.168.0.10-192.168.0.11,192.168.0.10-192.168.0.13No

KubevipCPIConfigStatus

KubevipCPIConfigStatus defines the observed state of KubevipCPIConfig

Appears in: KubevipCPIConfig

FieldDescriptionRequired
secretRef
string
Name of the secret created by kubevip cloudprovider config controllerNo

VSphereCPIConfigSpec

VSphereCPIConfigSpec defines the desired state of VSphereCPIConfig

Appears in: VSphereCPIConfig

FieldDescriptionRequired
vsphereCPI
VSphereCPI
Yes

VSphereCPIConfigStatus

VSphereCPIConfigStatus defines the observed state of VSphereCPIConfig

Appears in: VSphereCPIConfig

FieldDescriptionRequired
message
string
Message to indicate failure reasonNo
secretRef
string
Name of the data value secret created by vSphere CPI controllerNo

VSphereCPI

Appears in: VSphereCPIConfigSpec

FieldDescriptionRequired
mode
string
The vSphere mode. Either vsphereCPI or vsphereParavirtualCPI.

Validation: Allowed values: vsphereCPI, vsphereParavirtualCPI

No
NonParavirtualConfig
NonParavirtualConfig
No
ParavirtualConfig
ParavirtualConfig
No

ParavirtualConfig

ParavirtualConfig represents the configuration in the paravirtual mode

Appears in: VSphereCPI

FieldDescriptionDefaultRequired
antreaNSXPodRoutingEnabled
bool
A flag that enables pod routing by Antrea NSX for paravirtual modefalseNo
nsxVPC
NSXVPC
No

NSXVPC

NSXVPC represents the configuration in the VPC network

Appears in: ParavirtualConfig

FieldDescriptionRequired
podIPPoolType
string
The type of IP pool for routable Pods: Public, Private

Validation: Allowed values: Public, Private
podIPPoolType is immutable

No

NSXTRouteConfig

Appears in: NSXT

FieldDescriptionRequired
routerPath
string
NSX-T T0/T1 logical router pathNo

csi.tanzu.vmware.com/v1alpha1

Resource Types:

VSphereCSIConfig

VSphereCSIConfig is the Schema for the vspherecsiconfigs API

FieldDescriptionRequired
metadata
ObjectMeta
No
spec
VSphereCSIConfigSpec
No
status
VSphereCSIConfigStatus
No

VSphereCSIConfigSpec

VSphereCSIConfigSpec defines the desired state of VSphereCSIConfig

Appears in: VSphereCSIConfig

FieldDescriptionRequired
vsphereCSI
VSphereCSI
Yes

VSphereCSIConfigStatus

VSphereCSIConfigStatus defines the observed state of VSphereCSIConfig

Appears in: VSphereCSIConfig

FieldDescriptionRequired
secretRef
string
Name of the secret created by csi controllerNo

VSphereCSI

Appears in: VSphereCSIConfigSpec

FieldDescriptionRequired
mode
string
The vSphere mode. Either vsphereCSI or vsphereParavirtualCSI.

Validation: Allowed values: vsphereCSI, vsphereParavirtualCSI

Yes
config
NonParavirtualConfig
No

kubernetes.vmware.com/v1alpha1

Resource Types:

KubernetesRelease

KubernetesRelease is the schema for the kubernetesreleases API. KubernetesRelease objects represent Kubernetes releases available via Kubernetes Service, which can be used to create KubernetesCluster instances. KRs are immutable to end-users. They are created and managed by Kubernetes Service to provide discovery of Kubernetes releases to Kubernetes Service users.

FieldDescriptionRequired
metadata
ObjectMeta
No
spec
KubernetesReleaseSpec
No
status
KubernetesReleaseStatus
No

KubernetesReleaseSpec

KubernetesReleaseSpec defines the desired state of KubernetesRelease

Appears in: KubernetesRelease

FieldDescriptionRequired
version
string
Version is the fully qualified Semantic Versioning conformant version of the KubernetesRelease. Version MUST be unique across all KubernetesRelease objects.Yes
kubernetes
KubernetesSpec
Kubernetes is KubernetesYes
osImages
[]LocalObjectReference
OSImages lists references to all OSImage objects shipped with this KubernetesRelease.No
bootstrapPackages
[]LocalObjectReference
BootstrapPackages lists references to all bootstrap packages shipped with this KubernetesRelease.No

KubernetesReleaseStatus

KubernetesReleaseStatus defines the observed state of KubernetesRelease

Appears in: KubernetesRelease

FieldDescriptionRequired
conditions
[]Condition
No

KubernetesSpec

KubernetesSpec specifies the details about the Kubernetes distribution shipped by this KubernetesRelease.

Appears in: KubernetesReleaseSpec

FieldDescriptionRequired
version
string
Version is Semantic Versioning conformant version of the Kubernetes build shipped by this KubernetesRelease. The same Kubernetes build MAY be shipped by multiple KubernetesReleases.Yes
imageRepository
string
ImageRepository specifies container image registry to pull images from.No
etcd
ContainerImageInfo
Etcd specifies the container image repository and tag for etcd.No
pause
ContainerImageInfo
Pause specifies the container image repository and tag for pause.No
coredns
ContainerImageInfo
CoreDNS specifies the container image repository and tag for coredns.No
kube-vip
ContainerImageInfo
KubeVIP specifies the container image repository and tag for kube-vip.No

ContainerImageInfo

ContainerImageInfo allows to customize the image used for components that are not originated from the Kubernetes/Kubernetes release process (such as etcd and coredns).

Appears in: KubernetesSpec

FieldDescriptionRequired
imageRepository
string
ImageRepository sets the container registry to pull images from. if not set, defaults to the ImageRepository defined in KubernetesSpec.No
imageTag
string
ImageTag specifies a tag for the image.No

run.tanzu.vmware.com/v1alpha3

Resource Types:

ClusterBootstrap

ClusterBootstrap is the Schema for the ClusterBootstraps API

FieldDescriptionRequired
metadata
ObjectMeta
No
spec
ClusterBootstrapTemplateSpec
Yes
status
ClusterBootstrapStatus
No

ClusterBootstrapTemplate

ClusterBootstrapTemplate is the Schema for the ClusterBootstraptemplates API

FieldDescriptionRequired
metadata
ObjectMeta
No
spec
ClusterBootstrapTemplateSpec
Yes

KappControllerConfig

KappControllerConfig is the Schema for the kappcontrollerconfigs API

FieldDescriptionRequired
metadata
ObjectMeta
No
spec
KappControllerConfigSpec
Yes
status
KappControllerConfigStatus
No

OSImage

OSImage is the schema for the OSImages API. OSImage objects represent OSImages shipped as parts of TKRs. OSImages are immutable to end-users. They are created and managed by TKG to provide discovery of Kubernetes releases to TKG users and OS image details for infrastructure Machines.

FieldDescriptionRequired
metadata
ObjectMeta
No
spec
OSImageSpec
No
status
OSImageStatus
No

TanzuKubernetesAddon

TanzuKubernetesAddon is the schema for the tanzukubernetesaddons API. TanzuKubernetesAddon objects represent Kubernetes addons available via TKG Service, which can be used to create TanzuKubernetesCluster instances. TKAs are immutable to end-users. They are created and managed by TKG Service to provide discovery of Kubernetes addons to TKG Service users.

FieldDescriptionRequired
metadata
ObjectMeta
No
spec
TanzuKubernetesAddonSpec
No
status
TanzuKubernetesAddonStatus
No

TanzuKubernetesCluster

TanzuKubernetesCluster is the schema for the Tanzu Kubernetes Grid service for vSphere API.

FieldDescriptionRequired
metadata
ObjectMeta
No
spec
TanzuKubernetesClusterSpec
No
status
TanzuKubernetesClusterStatus
No

TanzuKubernetesRelease

TanzuKubernetesRelease is the schema for the tanzukubernetesreleases API. TanzuKubernetesRelease objects represent Kubernetes releases available via TKG, which can be used to create TanzuKubernetesCluster instances. TKRs are immutable to end-users. They are created and managed by TKG to provide discovery of Kubernetes releases to TKG users.

FieldDescriptionRequired
metadata
ObjectMeta
No
spec
TanzuKubernetesReleaseSpec
No
status
TanzuKubernetesReleaseStatus
No

TkgServiceConfiguration

TkgServiceConfiguration is the Schema for the tkgserviceconfigurations API

FieldDescriptionRequired
metadata
ObjectMeta
No
spec
TkgServiceConfigurationSpec
No
status
TkgServiceConfigurationStatus
No

ClusterBootstrapStatus

ClusterBootstrapStatus defines the observed state of ClusterBootstrap

Appears in: ClusterBootstrap

FieldDescriptionRequired
resolvedTKR
string
No
conditions
Conditions
No

ClusterBootstrapTemplateSpec

ClusterBootstrapTemplateSpec defines the desired state of ClusterBootstrapTemplate

Appears in: ClusterBootstrap, ClusterBootstrapTemplate

FieldDescriptionDefaultRequired
paused
bool
Paused can be used to prevent controllers from processing the ClusterBootstrap and all its associated objects.falseNo
cni
ClusterBootstrapPackage
No
csi
ClusterBootstrapPackage
No
cpi
ClusterBootstrapPackage
No
kapp
ClusterBootstrapPackage
No
additionalPackages
[]ClusterBootstrapPackage
No

KappControllerConfigSpec

KappControllerConfigSpec defines the desired state of KappControllerConfig

Appears in: KappControllerConfig

FieldDescriptionDefaultRequired
namespace
string
The namespace in which kapp-controller is deployedtkg-systemNo
deployment
Deployment
No
kappController
KappController
deployment.hostNetwork: trueNo

KappControllerConfigStatus

KappControllerConfigStatus defines the observed state of KappControllerConfig

Appears in: KappControllerConfig

FieldDescriptionRequired
secretRef
string
Name of the data value secret created by controllerNo

OSImageSpec

OSImageSpec defines the desired state of OSImage

Appears in: OSImage

FieldDescriptionRequired
kubernetesVersion
string
KubernetesVersion specifies the build version of the Kubernetes shipped with this OSImage.Yes
os
OSInfo
OS specifies the "OS" part of the OSImage.Yes
image
MachineImageInfo
Image specifies the "Image" part of the OSImage.Yes

OSImageStatus

OSImageStatus defines the observed state of OSImage

Appears in: OSImage

FieldDescriptionRequired
conditions
[]Condition
No

TanzuKubernetesAddonSpec

TanzuKubernetesAddonSpec defines the desired state of TanzuKubernetesAddon

Appears in: TanzuKubernetesAddon

FieldDescriptionRequired
addonName
string
AddonName is the generic name of this addon, e.g. "antrea", "calico", "pvcsi", etc.Yes
version
string
Version is the fully qualified Semantic Versioning conformant version of the TanzuKubernetesAddon. If set, Version MUST be unique across all TanzuKubernetesAddon objects with the same addonName.No
repository
string
Repository is the default container image repository used by Images. It MUST be a DNS-compatible name.No
images
[]ContainerImage
Images is the list of container images shipped by this addon (e.g. coredns, etcd).No
resource
ManifestResource
Resource contains the YAML manifest for installing the addon.No

TanzuKubernetesAddonStatus

TanzuKubernetesAddonStatus defines the observed state of TanzuKubernetesAddon

Appears in: TanzuKubernetesAddon

TanzuKubernetesClusterSpec

TanzuKubernetesClusterSpec defines the desired state of TanzuKubernetesCluster: its nodes, the software installed on those nodes and the way that software should be configured.

Appears in: TanzuKubernetesCluster

FieldDescriptionRequired
topology
Topology
Topology specifies the topology for the Tanzu Kubernetes cluster: the number, purpose, and organization of the nodes which form the cluster and the resources allocated for each.Yes
distribution
Distribution
Distribution specifies the distribution for the Tanzu Kubernetes cluster: the software installed on the control plane and worker nodes, including Kubernetes itself. Deprecated: use topology.controlPlane.tkr and topology.nodePools[*].tkr instead.No
settings
Settings
Settings specifies settings for the Tanzu Kubernetes cluster: the way an instance of a distribution is configured, including information about pod networking and storage.No

TanzuKubernetesClusterStatus

TanzuKubernetesClusterStatus defines the observed state of TanzuKubernetesCluster.

Appears in: TanzuKubernetesCluster

FieldDescriptionRequired
apiEndpoints
[]APIEndpoint
APIEndpoints represents the endpoints to communicate with the control plane.No
version
string
Version holds the observed version of the Tanzu Kubernetes cluster. While an upgrade is in progress this value will be the version of the cluster when the upgrade began.No
addons
[]AddonStatus
Addons groups the statuses of a Tanzu Kubernetes cluster's add-ons.No
phase
TanzuKubernetesClusterPhase
Phase of this TanzuKubernetesCluster. Deprecated: will be removed in v1alpha3No
conditions
Conditions
Conditions defines current service state of the TanzuKubernetestCluster.No
totalWorkerReplicas
int32
Total number of replicas in worker node pools.No

TanzuKubernetesReleaseSpec

TanzuKubernetesReleaseSpec defines the desired state of TanzuKubernetesRelease

Appears in: TanzuKubernetesRelease

FieldDescriptionRequired
version
string
Version is the fully qualified Semantic Versioning conformant version of the TanzuKubernetesRelease. Version MUST be unique across all TanzuKubernetesRelease objects.Yes
kubernetes
KubernetesSpec
Kubernetes is KubernetesYes
osImages
[]LocalObjectReference
OSImages lists references to all OSImage objects shipped with this TKR.No
bootstrapPackages
[]LocalObjectReference
BootstrapPackages lists references to all bootstrap packages shipped with this TKR.No

TanzuKubernetesReleaseStatus

TanzuKubernetesReleaseStatus defines the observed state of TanzuKubernetesRelease

Appears in: TanzuKubernetesRelease

FieldDescriptionRequired
conditions
[]Condition
No

TkgServiceConfigurationSpec

TkgServiceConfigurationSpec defines the desired state of TkgServiceConfiguration

Appears in: TkgServiceConfiguration

FieldDescriptionRequired
defaultCNI
string
Default CNI for TanzuKubernetesClusterNo
proxy
ProxyConfiguration
Proxy specifies default global HTTP(s) Proxy Configuration for all new TanzuKubernetesClusters in this Supervisor cluster

If omitted, no proxy will be configured for new TanzuKubernetesClusters
No
trust
TrustConfiguration
Trust specifies default global Trust settings for all new TanzuKubernetesClusters in the Supervisor Cluster.

If omitted, no additional Trust settings will be configured for the new TanzuKubernetesCluster.
No
defaultNodeDrainTimeout
Duration
DefaultNodeDrainTimeout specifies the total amount of time that the controller will spend on draining a node by default. Undefined, the value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from kubectl drain --timeoutNo

TkgServiceConfigurationStatus

TkgServiceConfigurationStatus defines the observed state of TkgServiceConfiguration

Appears in: TkgServiceConfiguration

APIEndpoint

APIEndpoint represents a reachable Kubernetes API endpoint.

Appears in: TanzuKubernetesClusterStatus

FieldDescriptionRequired
host
string
The hostname on which the API server is serving.Yes
port
int
The port on which the API server is serving.Yes

AddonStatus

AddonStatus represents the status of an addon.

Appears in: TanzuKubernetesClusterStatus

FieldDescriptionRequired
name
string
Name of the add-on used.Yes
type
AddonType
Type of the add-on usedYes
version
string
Version of the distribution appliedNo
conditions
Conditions
Conditions defines the current conditions of the add-on.No

ClusterBootstrapPackage

Appears in: ClusterBootstrapTemplateSpec

FieldDescriptionRequired
refName
string
Yes
valuesFrom
ValuesFrom
No

ContainerImage

ContainerImage is a struct representing a single fully qualified container image name, constructed as {Repository}/{Name}:{Tag}.

Appears in: TanzuKubernetesAddonSpec

FieldDescriptionRequired
repository
string
Repository is the container image repository used by this image. It MUST be a DNS-compatible name.No
name
string
Name is the container image name without the repository prefix. It MUST be a valid URI path, MAY contain zero or more '/', and SHOULD NOT start or end with '/'.Yes
tag
string
Tag is the container image version tag. It is the suffix coming after ':' in a fully qualified image name.No

Deployment

Appears in: KappControllerConfigSpec

FieldDescriptionDefaultRequired
updateStrategy
string
Deployment update strategy

Validation: Allowed values: RollingUpdate, Recreate

RollingUpdateNo
rollingUpdate
RollingUpdateInfo
Deployment rolling update infoNo

Distribution

Distribution specifies the version of software which should be installed on the control plane and worker nodes. This version information encompasses Kubernetes and its dependencies, the base OS of the node, and add-ons.

Appears in: TanzuKubernetesClusterSpec

FieldDescriptionRequired
fullVersion
string
Version specifies the fully-qualified desired Kubernetes distribution version of the Tanzu Kubernetes cluster. If the cluster exists and is not of the specified version, it will be upgraded.

Version is a semantic version string. The version may not be decreased. The major version may not be changed. If the minor version is changed, it may only be incremented; skipping minor versions is not supported.

The current observed version of the cluster is held by status.version. Deprecated: use topology.controlPlane.tkr and topology.nodePools[*].tkr instead.
No
version
string
VersionHint provides the version webhook with guidance about the desired Kubernetes distribution version of the Tanzu Kubernetes cluster. If a hint is provided without a full version, the most recent distribution matching the hint will be selected.

The version selected based on the hint will be stored in the spec as the full version. This ensures that the same version is used if the cluster is scaled out in the future.

VersionHint is a semantic prefix of a full version number. (E.g., v1.15.1 matches any distribution of v1.15.1, including v1.15.1+vmware.1-tkg.1 or v1.15.1+vmware.2-tkg.1, but not v1.15.10+vmware.1-tkg.1.)

A hint that does not match the full version is invalid and will be rejected.

To upgrade a cluster to the most recent version that still matches the hint, leave the hint alone and remove the fullVersion from the spec. This will cause the hint to be re-resolved. Deprecated: use topology.controlPlane.tkr and topology.nodePools[*].tkr instead.
No

KappController

Appears in: KappControllerConfigSpec

FieldDescriptionDefaultRequired
createNamespace
bool
Whether to create namespace specified for kapp-controllerfalseNo
globalNamespace
string
The namespace value used for global packaging resources. Any Package and PackageMetadata CRs within that namespace will be included in all other namespaces on the cluster, without duplicating themtkg-systemNo
deployment
KappDeployment
hostNetwork: trueNo
config
KappConfig
No

KubernetesSpec

KubernetesSpec specifies the details about the Kubernetes distribution shipped by this TKR.

Appears in: TanzuKubernetesReleaseSpec

FieldDescriptionRequired
version
string
Version is Semantic Versioning conformant version of the Kubernetes build shipped by this TKR. The same Kubernetes build MAY be shipped by multiple TKRs.Yes
imageRepository
string
ImageRepository specifies container image registry to pull images from.No
etcd
ContainerImageInfo
Etcd specifies the container image repository and tag for etcd.No
pause
ContainerImageInfo
Pause specifies the container image repository and tag for pause.No
coredns
ContainerImageInfo
CoreDNS specifies the container image repository and tag for coredns.No
kube-vip
ContainerImageInfo
KubeVIP specifies the container image repository and tag for kube-vip.No

MachineImageInfo

MachineImageInfo describes the "Image" part of the OSImage, defined by the image type.

Appears in: OSImageSpec

FieldDescriptionRequired
type
string
Type of the OSImage, roughly corresponding to the infrastructure provider (vSphere can serve both ova and vmop). Some of currently known types are: "ami", "azure", "docker", "ova", "vmop".Yes
ref
map[string]interface{}
Ref is a key-value map identifying the image within the infrastructure provider. This is the data to be injected into the infra-Machine objects (like AWSMachine) on creation.

Validation: Type: object
Schemaless: {}

Yes

ManifestResource

ManifestResource represents a YAML manifest for installing an addon.

Appears in: TanzuKubernetesAddonSpec

FieldDescriptionRequired
version
string
Version is the addon version.No
type
string
Type is the type of the manifest resource. In VirtualMachineImage based addons its value is 'inline'.Yes
value
string
Value is the text of the YAML manifest.Yes

OSInfo

OSInfo describes the "OS" part of the OSImage, defined by the Operating System's name, version and CPU architecture.

Appears in: OSImageSpec

FieldDescriptionRequired
type
string
Yes
name
string
Yes
version
string
Yes
arch
string
Yes

ProxyConfiguration

ProxyConfiguration configures the HTTP(s) proxy to be used inside the Tanzu Kubernetes cluster.

Appears in: Network, TkgServiceConfigurationSpec

FieldDescriptionRequired
httpProxy
string
HttpProxy specifies a proxy URL to use for creating HTTP connections outside the cluster. Example: http://<user>:<pwd>@<ip>:<port>No
httpsProxy
string
HttpsProxy specifies a proxy URL to use for creating HTTPS connections outside the cluster. Example: http://<user>:<pwd>@<ip>:<port>No
noProxy
[]string
NoProxy specifies a list of destination domain names, domains, IP addresses or other network CIDRs to exclude proxying. Example: [localhost, 127.0.0.1, 10.10.10.0/24]No

Settings

Settings specifies configuration information for a cluster.

Appears in: TanzuKubernetesClusterSpec

FieldDescriptionRequired
network
Network
Network specifies network-related settings for the cluster.No
storage
Storage
Storage specifies storage-related settings for the cluster.

The storage used for node's disks is controlled by TopologySettings.
No

TanzuKubernetesClusterPhase

TanzuKubernetesClusterPhase is a type for the Tanzu Kubernetes cluster's phase constants.

Appears in: TanzuKubernetesClusterStatus

Topology

Topology describes the number, purpose, and organization of nodes and the resources allocated for each. Nodes are grouped into pools based on their intended purpose. Each pool is homogeneous, having the same resource allocation and using the same storage.

Appears in: TanzuKubernetesClusterSpec

FieldDescriptionRequired
controlPlane
TopologySettings
ControlPlane specifies the topology of the cluster's control plane, including the number of control plane nodes and resources allocated for each. The control plane must have an odd number of nodes.Yes
nodePools
[]NodePool
NodePools specifies the topology of cluster's worker node pools, including the number of nodes and resources allocated for each node.Yes

TrustConfiguration

TrustConfiguration configures additional trust parameters to the cluster configuration

Appears in: Network, TkgServiceConfigurationSpec

FieldDescriptionRequired
additionalTrustedCAs
[]TLSCertificate
AdditionalTrustedCAs specifies the additional trusted certificates (which can be additional CAs or end certificates) to add to the clusterNo

AddonType

Appears in: AddonStatus

ContainerImageInfo

ContainerImageInfo allows to customize the image used for components that are not originated from the Kubernetes/Kubernetes release process (such as etcd and coredns).

Appears in: KubernetesSpec

FieldDescriptionRequired
imageRepository
string
ImageRepository sets the container registry to pull images from. if not set, defaults to the ImageRepository defined in KubernetesSpec.No
imageTag
string
ImageTag specifies a tag for the image.No

KappConfig

Appears in: KappController

FieldDescriptionRequired
caCerts
string
A cert chain of trusted CA certs. These will be added to the system-wide cert pool of trusted CA's. Cluster-wide CA Certificate setting will be used if this is not provided.No
httpProxy
string
The url/ip of a proxy for kapp controller to use when making network requests. Cluster-wide HTTP proxy setting will be used if this is not provided.No
httpsProxy
string
The url/ip of a TLS capable proxy for kapp-controller to use when making network requests. Cluster-wide HTTPS proxy setting will be used if this is not provided.No
noProxy
string
A comma delimited list of domain names which kapp-controller should bypass the proxy for when making requests. Cluster-wide no-proxy setting will be used if this is not provided.No
dangerousSkipTLSVerify
string
A comma delimited list of hostnames for which kapp-controller should skip TLS verificationNo

KappDeployment

Appears in: KappController

FieldDescriptionDefaultRequired
hostNetwork
bool
Whether to enable host networking for kapp-controller deploymenttrueNo
priorityClassName
string
The priority value that various system components use to find the priority of the kapp-controller podsystem-cluster-criticalNo
concurrency
int
Concurrency of kapp-controller deployment4No
tolerations
[]map[string]string
kapp-controller deployment tolerations- key: CriticalAddonsOnly
operator: Exists
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
- effect: NoSchedule
key: node-role.kubernetes.io/master
- effect: NoSchedule
key: node.kubernetes.io/not-ready
- effect: NoSchedule
key: node.cloudprovider.kubernetes.io/uninitialized
value: true
No
apiPort
int
Bind port for kapp-controller API10100No
metricsBindAddress
string
Address for metrics server0No

Network

Network specifies network-related settings for a cluster.

Appears in: Settings

FieldDescriptionRequired
services
NetworkRanges
Services specify network settings for services.

Defaults to 10.96.0.0/12.
No
pods
NetworkRanges
Pods specify network settings for pods.

When CNI is antrea, set Defaults to 192.168.0.0/16. When CNI is antrea-nsx-routed, set Defaults to empty
No
serviceDomain
string
ServiceDomain specifies service domain for Tanzu Kubernetes cluster.

Defaults to a cluster.local.
No
cni
CNIConfiguration
CNI is the Container Networking Interface plugin for the Tanzu Kubernetes cluster.

Defaults to Calico.
No
proxy
ProxyConfiguration
Proxy specifies HTTP(s) proxy configuration for Tanzu Kubernetes cluster.

If omitted, no proxy will be configured in the system.
No
trust
TrustConfiguration
Trust specifies certificate configuration for the Tanzu Kubernetes Cluster.

If omitted, no certificate will be configured in the system.
No

NodePool

NodePool describes a group of nodes within a cluster that have the same configuration

Appears in: Topology

FieldDescriptionRequired
name
string
Name is the name of the NodePool.Yes
labels
map[string]string
Labels are map of string keys and values that can be used to organize and categorize objects. User-defined labels will be propagated to the created nodes.No
taints
[]Taint
Taints specifies the taints the Node API object should be registered with. User-defined taints will be propagated to the created nodes.No
failureDomain
string
FailureDomain is the failure domain the machines will be created in. Must match a key in the FailureDomains map stored on the cluster object.No

RollingUpdateInfo

RollingUpdateInfo contains the rolling update settings

Appears in: Deployment

FieldDescriptionDefaultRequired
maxUnavailable
int
0No
maxSurge
int
1No

Storage

Storage configures persistent storage for a cluster.

Appears in: Settings

FieldDescriptionRequired
classes
[]string
Classes is a list of storage classes from the supervisor namespace to expose within a cluster.

If omitted, all storage classes from the supervisor namespace will be exposed within the cluster.
No
defaultClass
string
DefaultClass is the valid storage class name which is treated as the default storage class within a cluster. If omitted, no default storage class is setNo

TLSCertificate

TLSCertificate specifies a single additional certificate name and contents

Appears in: TrustConfiguration

FieldDescriptionRequired
name
string
Name specifies the name of the additional certificate, used in the filename Example: CompanyInternalCAYes
data
string
Data specifies the contents of the additional certificate, encoded as a base64 string. Specifically, this is the PEM Public Certificate data as a base64 string.. Example: LS0tLS1C...LS0tCg== (where "..." is the middle section of the long base64 string)Yes

TopologySettings

TopologySettings describes a homogeneous pool of nodes: the number of nodes in the pool and the properties of each of those nodes, including resource allocation and storage.

Appears in: NodePool, Topology

FieldDescriptionRequired
replicas
int32
Replicas is the number of nodes. This is a pointer to distinguish between explicit zero and not specified, nil. For control plane, defaults to 1 if nil. For node pools, a value of nil indicates that the field will not be reconciled, allowing external services like autoscalers to choose the number of nodes. By default, CAPI's MachineDeployment will pick 1.No
vmClass
string
VMClass is the name of the VirtualMachineClass, which describes the virtual hardware settings, to be used each node in the pool. This controls the hardware available to the node (CPU and memory) as well as the requests and limits on those resources. Run kubectl describe virtualmachineclasses to see which VM classes are available to use.Yes
storageClass
string
StorageClass is the storage class to be used for storage of the disks which store the root filesystems of the nodes. Run kubectl describe ns on your namespace to see which storage classes are available to use.Yes
volumes
[]Volume
Volumes is the set of PVCs to be created and attached to each node.No
tkr
TKRReference
TKR points to KubernetesRelease intended to be used by the node pool (the control plane being special kind of a node pool).No
nodeDrainTimeout
Duration
NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node will be drained without any time limitations. NOTE: NodeDrainTimeout is different from kubectl drain --timeoutNo

ValuesFrom

ValuesFrom specifies how values for package install are retrieved from

Appears in: ClusterBootstrapPackage

FieldDescriptionRequired
inline
map[string]interface{}

Validation: Schemaless: {}
Type: object

No
secretRef
string
No
providerRef
TypedLocalObjectReference
No

CNIConfiguration

CNIConfiguration indicates which CNI should be used.

Appears in: Network

FieldDescriptionRequired
name
string
Name is the name of the CNI plugin to use.

Supported values: "calico", "antrea".
Yes

NetworkRanges

NetworkRanges describes a collection of IP addresses as a list of ranges.

Appears in: Network

FieldDescriptionRequired
cidrBlocks
[]string
CIDRBlocks specifies one or more ranges of IP addresses.

Note: supplying multiple ranges many not be supported by all CNI plugins.
No

TKRReference

TKRReference is an extensible way to link a KubernetesRelease.

Appears in: TopologySettings

FieldDescriptionRequired
reference
ObjectReference
Reference is a way to set the fixed link to the target object.No

Volume

Volume defines a PVC attachment. These volumes are tied to the node lifecycle, created and deleted when the node is. The volumes are mounted in the node during the bootstrap process, prior to services being started (e.g. etcd, containerd).

Appears in: TopologySettings

FieldDescriptionRequired
name
string
Name is suffix used to name this PVC as: node.Name + "-" + NameYes
mountPath
string
MountPath is the directory where the volume device is to be mountedYes
capacity
ResourceList
Capacity is the PVC capacityYes
storageClass
string
StorageClass is the storage class to be used for the disks. Defaults to TopologySettings.StorageClassNo