API Reference
addons.kubernetes.vmware.com/v1alpha1
Resource Types:
- Addon
- AddonConfig
- AddonConfigDefinition
- AddonInstall
- AddonRelease
- AddonRepository
- AddonRepositoryInstall
- ClusterAddon
- ServiceAccountExport
Addon
Addon represents a named add-on that can be installed on Kubernetes workload clusters. It provides catalog-level metadata (description, display name, icon). AddonInstall resources reference an Addon to control which clusters the add-on is deployed to.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specAddonSpec | spec is the desired state of Addon. | No |
AddonConfig
AddonConfig provides a way to configure addon components with validation against predefined schemas. It supports multi-cluster deployment scenarios and provides comprehensive status reporting.
Example usage:
apiVersion: config.example.com/v1 kind: AddonConfig metadata: name: my-addon-config namespace: default spec: definitionRef: name: my-addon-definition namespace: my-acd-namespace clusterName: production-cluster values: replicas: 3 image: my-addon:v1.0.0
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specAddonConfigSpec | spec defines the desired state of AddonConfig. This includes the reference to the validation schema, target cluster, and configuration values. | Yes |
statusAddonConfigStatus | status defines the observed state of AddonConfig. This includes validation results, processing state, and references to generated resources. | No |
AddonConfigDefinition
AddonConfigDefinition is the Schema for the addonconfigdefinitions API. It defines how addon configurations should be processed, including input resource discovery, template processing, output resource creation, and required permissions.
This resource is used by addon management systems to define reusable configuration templates that can be applied across multiple clusters or namespaces.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specAddonConfigDefinitionSpec | spec defines the desired state of AddonConfigDefinition. | Yes |
AddonInstall
AddonInstall is the Schema for the AddonInstalls API, used to deploy an addon across Kubernetes clusters.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specAddonInstallSpec | spec is the desired state of AddonInstall. | No |
statusAddonInstallStatus | status is the observed state of AddonInstall. | No |
AddonRelease
AddonRelease is the Schema for the AddonRelease API.
Upgrade Workflow Summary:
1. Determine if upgrade is required: If the currently installed AddonRelease is incompatible with the TARGET cluster Kubernetes version, upgrade is required.
2. Determine WHEN to upgrade:
Compare the following constraints against the target cluster:
- kubernetesVersionConstraints vs TARGET control-plane version
- workerVersionConstraints vs TARGET worker version
Identify the earliest stage during upgrade when the target AddonRelease becomes compatible:
- If incompatibility is detected in the first upgrade path of a
- If incompatibility is detected in a later upgrade path, the
- If incompatible with the target worker version during upgrade,
Note: BeforeClusterUpgrade occurs only once per multi-step upgrade.
3. If no constraints are specified, upgrade occurs AfterClusterUpgrade.
Constraint Driven Upgrade Strategy Examples:
Example 1 — Addon has compatibility requirements with control plane:
kubernetesVersionConstraints defined per AddonRelease version:
- v1.35 AddonRelease:
- v1.36 AddonRelease:
- v1.37 AddonRelease:
During cluster upgrade from 1.34 to 1.35, the addon is upgraded before control plane is upgraded to 1.35, in the BeforeClusterUpgrade (BCU) stage.
During cluster upgrade from 1.34 to 1.37, the addon is upgraded in sequence to 1.35 before control plane is upgraded to 1.35 in the BCU stage, then to 1.36 before control plane is upgraded to 1.36 in the BCPU stage, then to 1.37 before control plane is upgraded to 1.37 in the BCPU stage.
Example 2 — Addon has compatibility requirement with kubelet (i.e. worker node version):
workerVersionConstraints: "≥1.37.0"
This AddonRelease requires worker version 1.37 or higher (e.g. addon supports only N+2 kubelet). The addon is upgraded when the target worker version reaches 1.37.
Example 3 — Addon has compatibility requirements with both the control plane and worker nodes:
kubernetesVersionConstraints: "≥1.36.0" workerVersionConstraints: "≥1.36.0"
Addon is upgraded at the first step where both target control plane and target worker version satisfy the constraints when upgrading to 1.36.
Example 4 — Addon has no constraints specified (both fields nil):
Addon is treated as forward-compatible. Upgrade occurs only after the cluster upgrade fully completes.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specAddonReleaseSpec | spec is the desired state of AddonRelease. | No |
AddonRepository
AddonRepository is the Schema for the AddonRepository API, used to define either a PackageRepository or HelmRepository for workload clusters
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specAddonRepositorySpec | spec is the desired state of AddonRepository. | Yes |
statusAddonRepositoryStatus | status is the observed state of AddonRepository. | No |
AddonRepositoryInstall
AddonRepositoryInstall is the Schema for the AddonRepositories API, used to deploy an addon repository across multiple clusters that may span multiple namespaces
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specAddonRepositoryInstallSpec | spec is the desired state of AddonRepositoryInstall. | Yes |
statusAddonRepositoryInstallStatus | status is the observed state of AddonRepositoryInstall. | No |
ClusterAddon
ClusterAddon represents the per-cluster lifecycle state of a single add-on. One ClusterAddon is created for each (Cluster, Addon) pair that an AddonInstall selects. It tracks which AddonInstall and AddonRelease are currently active, drives the installation and upgrade of the add-on release on the workload cluster, and reports readiness via status conditions.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specClusterAddonSpec | spec is the desired state of ClusterAddon. | No |
statusClusterAddonStatus | status is the observed state of ClusterAddon. | No |
ServiceAccountExport
ServiceAccountExport is used to export ServiceAccounts from the Supervisor to Kubernetes workload clusters.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specServiceAccountExportSpec | spec is the desired state of ServiceAccountExport. | No |
AddonConfigDefinitionSpec
AddonConfigDefinitionSpec defines the desired state of AddonConfigDefinition. It describes how to process and install an addon, including input resource discovery, template processing, and output resource configuration.
Appears in: AddonConfigDefinition
| Field | Description | Required |
|---|---|---|
schemaCustomResourceValidation | schema describes the OpenAPI v3 schema used for validation, pruning, and defaulting of this version of the custom resource. This follows the same structure as CustomResourceDefinition schemas. Validation: Type: object | Yes |
templateInputResources[]TemplateInputResource | templateInputResources describes how to discover and reference resources that will be used as input during template processing. These resources provide the data context for rendering the addon configuration templates. Validation: Maximum items: 32 | No |
templateOutputResources[]TemplateOutputResource | templateOutputResources describes where and how to save the rendered template output. At least one output resource must be specified to define where the processed addon configuration should be stored. Validation: Minimum items: 1 | Yes |
addonInstallPermissionAddonInstallPermissionSpec | addonInstallPermission describes the required privileges to install the addon | No |
AddonConfigSpec
AddonConfigSpec defines the desired state of AddonConfig. AddonConfig provides a way to configure addon with validation against a predefined schema.
Appears in: AddonConfig
| Field | Description | Required |
|---|---|---|
addonConfigDefinitionRefAddonConfigDefinitionRef | addonConfigDefinitionRef specifies the AddonConfigDefinition that this AddonConfig should be validated against. The referenced definition contains the JSON schema or other validation rules. If not specified, the AddonConfig will skip the reconciliation. | No |
clusterNamestring | clusterName specifies the target cluster for this AddonConfig instance. This field is used to scope the addon configuration to a specific cluster in multi-cluster environments. If not specified, the AddonConfig will skip the reconciliation. Validation: Maximum length: 63 | No |
valuesJSON | values contains the configuration data that will be validated against the schema defined in the referenced AddonConfigDefinition. This field holds the actual configuration values in JSON format that will be used to render and deploy the addon components. The structure and allowed values are determined by the schema in the AddonConfigDefinition. | No |
AddonConfigStatus
AddonConfigStatus defines the observed state of AddonConfig. This status provides information about the validation state, processing results, and any errors encountered.
Appears in: AddonConfig
| Field | Description | Required |
|---|---|---|
conditions[]Condition | conditions represent the current state of the AddonConfig resource. Standard condition types include "Ready", "Validated", and "Failed". Each condition provides information about a specific aspect of the resource's state and includes a status, reason, and message. Validation: Maximum items: 64 | No |
clusterServiceAccountstring | clusterServiceAccount define the service account that created as the cluster identity Validation: Minimum length: 1 | No |
fieldErrors[]FieldError | fieldErrors contains any schema validation errors found in the AddonConfig values. Each error specifies the field path, error type, and details about the validation failure. This field is populated when the values fail validation against the schema defined in the referenced AddonConfigDefinition. Validation: Maximum items: 64 | No |
observedGenerationint64 | observedGeneration reflects the generation of the most recently observed AddonConfig spec. This is used by controllers to determine if the status needs to be updated based on spec changes. | No |
observedSchemaUIDUID | observedSchemaUID reflects the UID of the AddonConfigDefinition schema that was most recently used for validation. This helps track when schema changes require re-validation of the config. | No |
outputRef[]TemplateOutputResource | outputRef describes the non-variadic resources that were generated from processing this AddonConfig. Variadic (renderForEach) outputs are summarised in outputVariadicSummary instead to keep this list bounded. Validation: Maximum items: 32 | No |
outputVariadicSummary[]VariadicOutputSummary | outputVariadicSummary summarises the groups of resources produced by variadic (renderForEach) output resource definitions. Each entry corresponds to one variadic output definition (see summaryID) and records the kind, apiVersion, and instance count, giving operators visibility into large label-driven output sets without bloating the object. Validation: Maximum items: 64 | No |
outputHashstring | outputHash stores the hash of the current output, use the SHA256 and then output in hexadecimal format Validation: Maximum length: 64 | No |
outputLastUpdatedTime | outputLastUpdated records when the output was last updated | No |
AddonInstallSpec
AddonInstallSpec defines the desired state of AddonInstall
Appears in: AddonInstall
| Field | Description | Default | Required |
|---|---|---|---|
addonRefAddonRef | addonRef is a reference for the Addon resource to install. If addonRef doesn't exist, AddonInstall creation will fail. This field is immutable, but we allow mutation of addonRef.namespace from nil to 'vmware-system-vks-public' for backward-compatibility. | Yes | |
clusters[]ClusterSelector | clusters defines which clusters to install the addon. If crossNamespaceSelection is set to Allowed, AddonInstall can be used to select clusters across namespaces. Else, only clusters within AddonInstall's namespace will be selected. If clusters is empty and crossNamespaceSelection is blocked, the AddonInstall applies to all Clusters within its namespace. If clusters is empty and crossNamespaceSelection is Allowed, the AddonInstall applies to all Clusters across namespaces. Example 1: Selects Clusters with label "stage" == "production" in all Namespaces or Clusters called prod-cluster in Namespaces with label "production", with crossNamespaceSelection Allowed clusters:
Example 2: Select all Clusters with vKR v1.32.0 in its namespace clusters:
Example 3: Select all Clusters that have cluster-autoscaler annotations, unless the cluster opt-outs using "addon.kubernetes.vmware.com/cluster-autoscaler:unmanaged" label clusters:
Validation: Maximum items: 32 | Yes | |
crossNamespaceSelectionCrossNamespacePolicy | crossNamespaceSelection controls whether this AddonInstall can apply to other namespaces. Note, if crossNamespaceSelection is Blocked then namespace selector can't be set in clusters. CrossNamespaceSelection allows being able to select clusters across namespaces, without having to duplicate the AddonInstall in every namespace. This field is immutable. Validation: | Blocked | No |
addonConfigNameTemplatestring | addonConfigNameTemplate contains a template for references to AddonConfig(s). The referenced AddonConfig can contain values to be validated and marshaled with the AddonConfigDefinition for the selected AddonRelease. If not set, AddonConfig will be created using "{{.cluster.name}}-{{.addon.name}}" naming and the namespace will be the cluster's namespace. Note: AddonConfigNameTemplate should be unique per addon and cluster, which can be achieved by using a combination of "{{.addon.name}}" along with either of "{{.cluster.name}}" and/or "{{.cluster.uid}}" in the template. This field is immutable and can't be modified. Example 1: Provide per cluster configuration for Antrea addon addonConfigNameTemplate: "{{.cluster.name}}-antrea" Validation: Minimum length: 1 | No | |
releaseFilterAddonReleasesFilter | releaseFilter allows picking a subset of AddonRelease(s) to install, from all that are available for the addon, based on addonName. releaseFilter can select either single AddonReleases by ref or a subset using selector. If releaseFilter is not specified, all the AddonReleases available for for the addon, based on addonName, will be selected. If more than one AddonReleases are selected, the latest compatible version will be selected and if a newer compatible version is available during Cluster upgrade, the addon will be upgraded to the latest compatible version. Example 1: Select all AddonRelease(s) for telegraf add-on addonName: telegraf releaseFilter: nil Example 2: Select a unique AddonRelease for secret-store add-on addonName: secret-store releaseFilter: ref: "secret-store-1.32.8" Example 3: Select a subset of AddonRelease for cluster-autoscaler add-on that are at minor version 1.32.x and pick the latest amongst them. addonName: cluster-autoscaler releaseFilter: selector: matchLabels: addon.kubernetes.vmware.com/addon-release-major-version: "1" addon.kubernetes.vmware.com/addon-release-minor-version: "32" | No | |
pausedbool | paused when set to true will ignore all pending changes, once it set back to false, pending changes will be applied. | No | |
stopMatchingBehaviorStopMatchingBehavior | stopMatchingBehavior indicates what should happen to the ClusterAddon and its managed output resources when this AddonInstall stops matching the cluster AND no other candidate AddonInstalls are available to manage the ClusterAddon. This field only applies when the ClusterAddon would become completely unmanaged (no candidate AddonInstalls exist). If another AddonInstall becomes active, this field is not used. Note: During cluster upgrades, all AddonInstalls will wait for a new candidate to appear to prevent race condition deletions, regardless of this field's value.
| Delete | No |
AddonInstallStatus
AddonInstallStatus defines the observed state of AddonInstall
Appears in: AddonInstall
| Field | Description | Required |
|---|---|---|
conditions[]Condition | conditions define the current state of the AddonInstall, such as AddonReleasesAvailable, Validated, ClustersSelected, Paused, Reconciled Validation: Maximum items: 32 | No |
availableAddonReleases[]AvailableAddonRelease | availableAddonReleases represent the AddonReleases that are compatible with the AddonInstall and are available to be installed for this addon on the workload clusters. Validation: Maximum items: 256 | No |
AddonReleaseSpec
AddonReleaseSpec defines the desired state of AddonRelease
Appears in: AddonRelease
| Field | Description | Required |
|---|---|---|
addonRefAddonRef | addonRef references the addon. This is used to group different AddonReleases for the same addon. | Yes |
versionstring | version specifies semantic version (semver) of the AddonRelease. This version is used to order AddonReleases if more than one are selected. Build metadata (e.g., +vmware.3-vks.1) IS considered in version comparisons to allow for an addonRelease's version to be based on the version of the software being distributed, while allowing multiple addonReleases based on a single version of that component. This means 0.13.0+vmware.5-vks.1 is considered greater than 0.13.0+vmware.3-vks.1. Validation: Maximum length: 512 | Yes |
packagePackage | package specifies the ref name and version. If this field is unset, no package will be deployed for this AddonRelease. An AddonRelease should have package and/or definitionRef set. | No |
addonConfigDefinitionRefAddonConfigDefinitionRef | addonConfigDefinitionRef is the reference of the AddonConfigDefinition to be used for this AddonRelease. If this field is unset, an AddonInstall for this AddonRelease will not be able to supply an AddonConfig, and no output resources will be rendered. An AddonRelease should have package and/or definitionRef set. | No |
kubernetesVersionConstraintsVersionConstraints | kubernetesVersionConstraints defines the Kubernetes versions for which this AddonRelease is compatible. During cluster upgrades, this is used to determine compatibility with the target Kubernetes versions. If the cluster's current Kubernetes version doesn't meet the constraints, then this AddonRelease will not be deployed on the cluster. During cluster upgrades, kubernetesVersionConstraints will be run against the target Kubernetes versions to determine if the AddonRelease will remain compatible. If the installed AddonRelease would become incompatible with the target Kubernetes version, the addon will be upgraded before the control plane. Together with workerVersionConstraints, this determines the earliest safe upgrade point in the overall cluster upgrade workflow. If both kubernetesVersionConstraints and workerVersionConstraints are nil, the addon would be upgraded after the cluster upgrade completes, if there are newer compatible versions. See the AddonRelease type documentation for the complete upgrade workflow. Example 1: Deploy this AddonRelease if k8s version is greater than 1.29: kubernetesVersionConstraints: '≥1.29.0' This means deploy when target is at 1.29.0 or higher before the control plane is upgraded Example 2: Deploy this AddonRelease if k8s version is on 1.31.x kubernetesVersionConstraints: '≥1.31.0 <1.32.0' Note, in this example, the AddonRelease will need to be upgraded as part of cluster upgrade to 1.32 before the control plane is upgraded. | No |
workerVersionConstraintsVersionConstraints | workerVersionConstraints specifies the target worker node version required for this AddonRelease to be deployed during upgrades. Constraints are checked against the TARGET worker version. Note: If the currently installed AddonRelease is incompatible with the TARGET worker version during cluster upgrade, the addon upgrade is triggered before workers are upgraded. See the AddonRelease type documentation for the complete upgrade workflow. Example: '≥1.33.0' means deploy when worker version target is 1.33.0+ If nil (and kubernetesVersionConstraints is also nil), the addon upgrade defaults to AfterClusterUpgrade behavior. | No |
sourceVersionConstraintsVersionConstraints | sourceVersionConstraints specifies the source versions of AddonRelease from which this AddonRelease can be upgraded to. If the addon is not already installed, sourceVersionConstraints will be ignored. During addon upgrades, sourceVersionConstraints will be used to determine if the upgrade is supported. sourceVersionConstraints is used from the target addonRelease (to be upgraded). Example 1: Upgrade to the new v1.10 AddonRelease, only if the source version is 1.5.0 or higher. sourceVersionConstraints: '≥1.5.0' | No |
destinationVersionConstraintsVersionConstraints | destinationVersionConstraints specifies the destination versions of AddonRelease to which this AddonRelease can be upgraded from. If the addon is not already installed, destinationVersionConstraints will be ignored. destinationVersionConstraints is used from the source addonRelease (already installed). During addon upgrades, destinationVersionConstraints will be used to determine if the upgrade is supported. destinationVersionConstraints is used from the source addonRelease (already installed). Example 1: Upgrade from the new v1.30.3 AddonRelease, only if the destination version is 1.31.3 or higher. destinationVersionConstraints: '≥1.31.3' | No |
dependsOn[]DependsOnAddon | dependsOn specifies a list of other addons that this AddonRelease depends on. AddonRelease install will check if all addons in DependsOn are installed on the Kubernetes cluster before installing. Example: contour depends on cert-manager: dependsOn:
Validation: Minimum items: 1 | No |
upgradeStrategyUpgradeStrategy | upgradeStrategy specifies when an AddonRelease should be upgraded during a cluster upgrade. Deprecated behavior:
New behavior (constraint-driven stage selection):
Wait semantics:
upgradeStrategy is used from the target addonRelease (to be upgraded) during upgrades. Examples: * cluster-autoscaler needs to be upgraded Before Cluster Upgrade and we should block the cluster upgrade waiting for addon to be ready. `` upgradeStrategy: stage: "BeforeClusterUpgrade" wait: "TillReady" ``* CPI needs to be upgraded Before Cluster Upgrade and shouldn't block the stage, since images will not be available. `` upgradeStrategy: stage: "BeforeClusterUpgrade" `` | No |
AddonRepositoryInstallSpec
AddonRepositoryInstallSpec defines the desired state of AddonRepositoryInstall
Appears in: AddonRepositoryInstall
| Field | Description | Required |
|---|---|---|
addonRepositoryRefAddonRepositoryRef | addonRepositoryRef is the ref of the AddonRepository Must be a valid AddonRepository ref (see AddonRepository CR for details) | Yes |
AddonRepositoryInstallStatus
AddonRepositoryInstallStatus defines the observed state of AddonRepositoryInstall
Appears in: AddonRepositoryInstall
| Field | Description | Required |
|---|---|---|
conditions[]Condition | conditions define the current state of the AddonRepositoryInstall Validation: Maximum items: 32 | No |
AddonRepositorySpec
AddonRepositorySpec defines the desired state of AddonRepository
Appears in: AddonRepository
| Field | Description | Required |
|---|---|---|
targetRepositoryNamestring | targetRepositoryName defines the name of the repository that is to be created or updated in the cluster for this AddonRepository. To manage or update the same Repository across multiple versions or sources (e.g., different versions or Fetch), multiple AddonRepository resources should share the same TargetRepositoryName. This ensures that updates are applied to the same Repository instance in the cluster rather than creating duplicates. This field enables versioning and source switching logic while maintaining a consistent identity for the Repository resource deployed to clusters. Validation: Minimum length: 1 | Yes |
versionstring | version of AddonRepository Validation: Minimum length: 1 | Yes |
fetchAddonRepositoryFetch | fetch defines the fetch configuration for AddonRepository. | Yes |
addonFilters[]AddonFilter | addonFilters specifies the Helm charts to be discovered and managed as Addon and AddonRelease resources. Note: Support for Carvel packages is not yet implemented and is planned for a future release. Validation: Maximum items: 50 | No |
AddonRepositoryStatus
AddonRepositoryStatus defines the observed state of AddonRepository
Appears in: AddonRepository
| Field | Description | Required |
|---|---|---|
conditions[]Condition | conditions define the current state of the AddonRepository Validation: Maximum items: 32 | No |
AddonSpec
AddonSpec defines the desired state of Addon
Appears in: Addon
| Field | Description | Required |
|---|---|---|
descriptionstring | description for the Addon. Validation: Minimum length: 1 | Yes |
displayNamestring | displayName is the human-friendly name for the addon. Examples:
Validation: Maximum length: 256 | No |
iconstring | icon is a data URI representing the addon icon. Supports data URIs with base64 encoding (SVG and PNG only). Examples:
Validation: Minimum length: 1 | No |
ClusterAddonSpec
ClusterAddonSpec defines the desired state of ClusterAddon
Appears in: ClusterAddon
| Field | Description | Required |
|---|---|---|
clusterNamestring | clusterName is the name of the Cluster this object belongs to. Validation: Minimum length: 1 | Yes |
addonRefAddonRef | addonRef is a reference to the Addon to be installed on the cluster. | Yes |
pausedbool | paused when set to true will stop the reconcile of the add-on for this cluster and pending changes will not be applied. Once it set back to false, pending changes will be applied. | No |
ClusterAddonStatus
ClusterAddonStatus defines the observed state of the installed addon for the cluster.
Appears in: ClusterAddon
| Field | Description | Required |
|---|---|---|
conditions[]Condition | conditions represents the observations of a ClusterAddon's current state. Known condition types are : AddonInstallConflict, AddonInstallSelected, DependenciesReady, Configured, Reconciled, Ready Validation: Maximum items: 32 | No |
candidateAddonInstalls[]ClusterAddonCandidateAddonInstall | candidateAddonInstalls represent the AddonInstalls that are compatible with the cluster and are available to be installed for this addon on the workload cluster. Validation: Maximum items: 32 | No |
activeAddonInstallAddonInstallRef | activeAddonInstall is used to indicate the selected candidateAddonInstalls that is managing this add-on. If there are more than one candidateAddonInstalls, one of them is selected to manage this add-on as the activeAddonInstall and a ManagerConflict condition is set. If there is only one candidateAddonInstalls, then that will be used as the activeAddonInstall for the add-on. If there are no candidateAddonInstalls, then activeAddonInstall will be unset and unmanaged condition will be added. | No |
releaseRefAddonReleaseRef | releaseRef stores the last selected release for the manager. | No |
addonConfigNamestring | addonConfigName is the name of the addonConfig for this ClusterAddon. Note, the namespace will be the same as the clusterAddon and Cluster. Validation: Minimum length: 1 | No |
ServiceAccountExportSpec
ServiceAccountExportSpec defines the desired state of ServiceAccountExport.
Appears in: ServiceAccountExport
| Field | Description | Required |
|---|---|---|
clusterNamestring | clusterName specifies the name of the Cluster for which the ServiceAccountExport needs to be realized. Validation: Minimum length: 1 | Yes |
rules[]PolicyRule | rules specifies the privileges that need to be granted to the service account. Validation: Maximum items: 32 | No |
serviceAccountTargetRefServiceAccountTargetRef | serviceAccountTargetRef specifies the secrets to be created in the target cluster. | Yes |
pausedbool | paused when set to true will stop the reconcile of the ServiceAccountExport and pending changes will not be applied. Once it set back to false, pending changes will be applied. | No |
AddonConfigDefinitionRef
AddonConfigDefinitionRef contains a reference to an AddonConfigDefinition resource.
Appears in: AddonConfigSpec, AddonReleaseSpec
| Field | Description | Required |
|---|---|---|
namestring | name of the AddonConfigDefinition being referenced. Validation: Minimum length: 1 | Yes |
namespacestring | namespace of the AddonConfigDefinition being referenced. Validation: Maximum length: 63 | Yes |
AddonFilter
AddonFilter contains the details of the Addon and its AddonRelease(s) that should be discovered from the AddonRepository.
Appears in: AddonRepositorySpec
| Field | Description | Required |
|---|---|---|
namestring | name of the Addon Validation: Maximum length: 253 | Yes |
versions[]string | versions of AddonRelease Validation: Minimum items: 1 | Yes |
AddonInstallPermissionSpec
AddonInstallPermissionSpec defines all the resource access rules for this addon.
Appears in: AddonConfigDefinitionSpec
| Field | Description | Required |
|---|---|---|
accessPolicies[]AccessPolicy | accessPolicies defines an array of access policies. Validation: Maximum items: 32 | No |
AddonInstallRef
AddonInstallRef references an AddonInstall resource.
Appears in: ClusterAddonCandidateAddonInstall, ClusterAddonStatus
| Field | Description | Required |
|---|---|---|
namestring | name of the AddonInstall being referenced. Validation: Minimum length: 1 | Yes |
namespacestring | namespace of the AddonInstall being referenced. Validation: Minimum length: 1 | Yes |
AddonRef
AddonRef references an Addon resource.
Appears in: AddonInstallSpec, AddonReleaseSpec, ClusterAddonSpec, DependsOnAddon
| Field | Description | Required |
|---|---|---|
namestring | name of the addon being referenced Validation: Maximum length: 253 | Yes |
namespacestring | namespace of the addon being referenced If not specified, will use the default public namespace defined by the addon manager. Validation: Minimum length: 1 | No |
AddonReleaseRef
AddonReleaseRef provides a reference to the addon release to be installed in a clusterAddon.
Appears in: AvailableAddonRelease, ClusterAddonStatus
| Field | Description | Required |
|---|---|---|
namestring | name of the AddonRelease being referenced. Validation: Minimum length: 1 | Yes |
namespacestring | namespace of the AddonRelease being referenced. Validation: Minimum length: 1 | Yes |
AddonReleasesFilter
AddonReleasesFilter allows filtering AddonReleases by reference or labels.
Appears in: AddonInstallSpec
| Field | Description | Required |
|---|---|---|
refAddonReleaseFilterRef | ref is used to select a specific AddonRelease using its name. Note, either ref or selector should be specified and not both. | No |
selectorLabelSelector | selector is a label selector which selects AddonRelease by their labels This field follows standard label selector semantics. If selector is empty, the install object creation will fail. Note, either ref or selector should be specified and not both. If selector selects more than one AddonRelease, the latest compatible version will be selected for install and during cluster upgrades the addon will be upgraded to the latest compatible AddonRelease. Example 1: Select AddonRelease with version 1.32.8 for an add-on selector: matchLabels: addon.kubernetes.vmware.com/addon-release-version: "1.32.8" More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors | No |
AddonRepositoryFetch
AddonRepositoryFetch defines the fetch configuration for AddonRepository.
Appears in: AddonRepositorySpec
| Field | Description | Required |
|---|---|---|
helmRepositoryFetchHelmRepository | helmRepository specifies the Helm repository URL where the Helm charts are located. | No |
imgpkgBundleFetchImgpkgBundle | imgpkgBundle pulls imgpkg bundle from Docker/OCI registry | No |
AddonRepositoryRef
AddonRepositoryRef references an AddonRepository.
Appears in: AddonReleasesVersion, AddonRepositoryInstallSpec
| Field | Description | Required |
|---|---|---|
namestring | name of the AddonRepository being referenced. Validation: Minimum length: 1 | Yes |
namespacestring | namespace of the AddonRepository being referenced. Validation: Minimum length: 1 | Yes |
AvailableAddonRelease
AvailableAddonRelease references an AddonRelease that is compatible with the AddonInstall and available for installation on selected workload clusters.
Appears in: AddonInstallStatus
| Field | Description | Required |
|---|---|---|
observedGenerationint64 | observedGeneration is the latest generation of the AddonRelease observed by the controller. This is used by the controller to know if the AddonRelease has changed since the last reconcile. | Yes |
ClusterAddonCandidateAddonInstall
ClusterAddonCandidateAddonInstall references AddonInstalls that are available to manage this cluster addon.
Appears in: ClusterAddonStatus
| Field | Description | Required |
|---|---|---|
observedGenerationint64 | observedGeneration is the latest generation of the AddonInstall observed by the controller. This is used by the controller to know if the AddonInstall has changed since the last reconcile. | Yes |
ClusterSelector
ClusterSelector defines to which Clusters this AddonInstall should be applied.
Appears in: AddonInstallSpec
| Field | Description | Required |
|---|---|---|
selectorLabelSelector | selector is a label selector which selects Clusters by their labels. This field follows standard label selector semantics; if not present or empty, it selects all Clusters. If namespaceSelector is also set, then the ClusterSelector as a whole selects Clusters matching Selector belonging to Namespaces selected by namespaceSelector. If namespaceSelector is not set, it selects all Clusters matching selector in all Namespaces. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors | No |
namespaceSelectorLabelSelector | namespaceSelector is a label selector which selects Clusters by the labels of their Namespaces. Note, only if the AddonInstall has CrossNamespaceSelection Allowed, it can use namespaceSelector to select clusters across namespaces. Else, AddonInstall can only select clusters within its namespace and namespaceSelector will be ignored. and the AddonInstall can only select clusters within its namespace. This field follows standard label selector semantics; if not present or empty, it selects Clusters across all Namespaces. If Selector is also set, then the ClusterSelector as a whole selects Clusters matching Selector belonging to Namespaces selected by namespaceSelector. If Selector is not set, it selects all Clusters belonging to Namespaces selected by namespaceSelector. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors | No |
constraintsClusterConstraints | constraints contains dynamic cluster constraints to ensure the addon is only deployed to cluster's that meet the requirement. | No |
CrossNamespacePolicy
CrossNamespacePolicy defines whether the AddonInstall can select clusters outside its namespace.
Appears in: AddonInstallSpec
DependsOnAddon
DependsOnAddon declares a dependency on another addon; this AddonRelease depends on and must be deployed on the workload cluster.
Appears in: AddonReleaseSpec
| Field | Description | Required |
|---|---|---|
addonRefAddonRef | addonRef contains the reference for the addon. | Yes |
FieldError
FieldError represents a validation error for a specific field in the AddonConfig values.
Appears in: AddonConfigStatus
| Field | Description | Required |
|---|---|---|
fieldstring | field specifies the JSON path to the field that contains the error. This follows the standard JSON path notation (e.g., "spec.replicas", "spec.containers[0].image"). Validation: Minimum length: 1 | Yes |
typeErrorType | type indicates the machine-readable error type that provides more detail about why the field is invalid. These values correspond to the field.ErrorType enumeration and include types like "FieldValueRequired", "FieldValueInvalid", etc. | Yes |
detailstring | detail provides a human-readable description of the validation error. This message should be clear and actionable to help users understand and fix the issue. Validation: Maximum length: 1024 | No |
badValuestring | badValue contains the actual value that caused the validation error. This helps users identify exactly what was rejected. Complex values may be serialized to string representation. Validation: Minimum length: 1 | No |
Package
Package specifies the Carvel package reference (name and version) that backs an AddonRelease.
Appears in: AddonReleaseSpec
| Field | Description | Required |
|---|---|---|
refNamestring | refName specifies the name of the package corresponding to this release Validation: Minimum length: 1 | Yes |
versionstring | version specifies version of the package corresponding to this release Validation: Maximum length: 512 | Yes |
ServiceAccountTargetRef
ServiceAccountTargetRef specifies the name and namespace of the secret to be created in the target cluster.
Appears in: ServiceAccountExportSpec
| Field | Description | Required |
|---|---|---|
tokenSecretRefServiceAccountTokenSecretRef | tokenSecretRef specifies the name and namespace of the secret containing the generated service account token, which will be created in the target cluster. | No |
kubeconfigSecretRefKubeconfigSecretRef | kubeconfigSecretRef specifies the name and namespace of the secret containing the generated kubeconfig yaml file, which will be created in the target cluster. | No |
StopMatchingBehavior
StopMatchingBehavior defines what happens to a ClusterAddon and its managed output resources when the AddonInstall stops matching the cluster and no other candidate AddonInstalls are available.
Appears in: AddonInstallSpec
TemplateInputResource
TemplateInputResource defines a named dependency resource that will be used during template processing. This resource will be fetched and made available to the template engine under the specified input name.
Appears in: AddonConfigDefinitionSpec
| Field | Description | Default | Required |
|---|---|---|---|
inputNamestring | inputName defines the top-level name used when providing the referent for templating. This name will be used as the key to access the resource data within the template processing context. Validation: Minimum length: 1 | Yes | |
apiVersionstring | apiVersion of the target referent resource. Must be a valid Kubernetes API version (e.g., "v1", "apps/v1"). Validation: Minimum length: 1 | Yes | |
kindstring | kind of the target referent resource. Must be a valid Kubernetes resource kind (e.g., "ConfigMap", "Secret", "Deployment"). Validation: Minimum length: 1 | Yes | |
namestring | name of the target referent resource. Mutually exclusive with the selector field. When specified, this value will be used for discovery. The value may be a literal name or a Go template expression that references data from previously resolved TemplateInputResources via .Dependencies.<inputName> (dot-access) or index .Dependencies "<inputName>" (index-access, required for names containing hyphens). For example: templateInputResources:
When cross-references are present, TemplateInputResources are automatically ordered by a topological sort so that each dependency is fully resolved before it is referenced. A circular dependency (including a self-reference) is rejected at admission time. Validation: Minimum length: 1 | No | |
namespacestring | namespace of the target referent resource. If the scope is Cluster, the namespace is ignored. If the scope is Namespace, and if the namespace is not specified, the resource will be looked up in the same namespace as the Cluster. Validation: Maximum length: 63 | No | |
scopeTypeScope | scope indicates whether the target resource is namespaced or cluster-scoped. When set to "Cluster", the resource will be looked up at cluster scope regardless of namespace. When set to "Namespace" (default), the resource will be looked up in the specified namespace. | Namespace | No |
selectorLabelSelector | selector used to identify the referent resource using label selectors. Must identify exactly one resource to avoid ambiguity during template processing. Mutually exclusive with the explicit name field. The matchLabels values and matchExpressions values may contain Go template expressions that reference data from previously resolved TemplateInputResources via .Dependencies.<inputName> or index .Dependencies "<inputName>", identical to the name field. Such cross-references are included in the topological sort, so circular dependencies in selector values are also rejected at admission time. For example: selector: matchLabels: tier: "{{.Dependencies.appConfig.data.tier}}" matchExpressions:
| No | |
constraints[]DependencyConstraint | constraints used to specify additional requirements for the target resource. These constraints are evaluated during resource discovery to ensure the referenced resource meets specific criteria before being used in templating. Supported constraint operators:
Validation: Maximum items: 16 | No |
TemplateOutputResource
TemplateOutputResource defines where and how to persist the rendered template output. The output can be stored either in the supervisor cluster or in the target workload cluster.
Appears in: AddonConfigDefinitionSpec, AddonConfigStatus
| Field | Description | Required |
|---|---|---|
supervisorNamespaceOutputSupervisorNamespaceOutput | supervisorNamespaceOutput specifies that the rendered configuration should be persisted as a resource within the supervisor cluster namespace. | No |
targetClusterOutputTargetClusterOutput | targetClusterOutput specifies that the rendered configuration should be persisted as a resource within the target workload cluster. | No |
templatestring | template defines the Kubernetes resource template for output manifest generation. This field only needs the resource specification (excluding TypeMeta and ObjectMeta) as the GVK, Name, and Namespace are already handled in the SupervisorNamespaceOutput or TargetClusterOutput structure. The template supports CEL expressions that can be populated with values from:
Validation: Maximum length: 32768 | Yes |
renderForEachRenderForEach | renderForEach enables variadic output generation by referencing an input resource with the "multiple" constraint. When set, this output resource will be instantiated once for each item in the referenced input array. A single renderForEach input produces at most 64 output instances. | No |
UpgradeStrategy
UpgradeStrategy specifies when to upgrade addon during cluster upgrade.
Appears in: AddonReleaseSpec
| Field | Description | Required |
|---|---|---|
stageClusterUpgradeStage | stage specifies the stage to perform addon upgrade. Deprecated: stage is deprecated since v1alpha1 and will be removed in a future version. Use kubernetesVersionConstraints and workerVersionConstraints instead. | No |
waitWaitStrategy | wait specifies whether to wait for the addon to be ready or not. | No |
VariadicOutputSummary
VariadicOutputSummary summarises all instances produced by a single variadic (renderForEach) output resource definition, instead of listing each instance individually in OutputRef. This keeps the AddonConfig object small even when hundreds of resources are generated from a label-selected input.
Appears in: AddonConfigStatus
| Field | Description | Default | Required |
|---|---|---|---|
summaryIDstring | summaryID uniquely identifies this summary row. The controller sets it to a short stable encoding (base64url(SHA-256)) of the canonical grouping key: renderForEach inputName plus TemplateOutputResource.Key(). This distinguishes multiple variadic outputs that share the same inputName. It is the list map key for outputVariadicSummary (Server-Side Apply merges per entry). Validation: Maximum length: 64 | Yes | |
inputNamestring | inputName is the RenderForEach.InputName that produced these instances, matching the TemplateInputResource.InputName in the AddonConfigDefinition. Validation: Maximum length: 253 | Yes | |
apiVersionstring | apiVersion of the generated output resources (e.g. "v1", "apps/v1"). Validation: Minimum length: 1 | Yes | |
kindstring | kind of the generated output resources (e.g. "Secret", "ConfigMap"). Validation: Maximum length: 63 | Yes | |
namespacestring | namespace is where the generated instances are stored. For Supervisor outputTarget this is the AddonConfig namespace. For TargetCluster outputTarget it matches TemplateOutputResource.TargetClusterOutput.Namespace and may be empty for cluster-scoped resources. Validation: Maximum length: 63 | No | |
desiredCountint32 | desiredCount is the total number of instances that the controller attempted to create or update in the most recent reconciliation, equal to the length of the referenced input array. Validation: Minimum: 0 | Yes | |
successCountint32 | successCount is the number of instances that were successfully created or updated in the most recent reconciliation. Validation: Minimum: 0 | Yes | |
pendingDeletionCountint32 | pendingDeletionCount is the number of instances that still exist after a deletion attempt. It is set only during the delete path when cleanup is partially complete. During normal create/update reconciliation this field is nil. Validation: Minimum: 0 | No | |
outputTargetVariadicOutputTarget | outputTarget indicates where the instances reside: Supervisor (supervisor namespace) or TargetCluster (workload cluster). | Yes | |
referenceTypeOutputReferenceType | referenceType specifies how this output is consumed by the addon system. When set to "ValuesRef", the configuration values will be consumed through PackageInstalls. When set to "Direct", the configuration is applied directly to the target cluster as a standalone resource. if the kind is not a secret, then the referenceType will be ignored. | ValuesRef | No |
VersionConstraints
VersionConstraints allows specifying version constraints Example: Check if version is between [1.27,1.28) '≥1.27.0 <1.28.0'
Appears in: AddonReleaseSpec
AccessPolicy
AccessPolicy defines the resource access rules on the target namespace. If the target namespace is not specified, the rules apply to the namespace of the consuming Cluster.
Appears in: AddonInstallPermissionSpec
| Field | Description | Required |
|---|---|---|
orderint32 | order is the order of the policy. Defining order can help to maintain the policies especially when handling upgrade. | Yes |
targetNamespacestring | targetNamespace is the namespace to create the Role and RoleBinding based on the Rules. If not specified, the rules apply to the namespace of the consuming Cluster. Validation: Minimum length: 1 | No |
rules[]PolicyRule | rules specifies the privileges that need to be granted to the service account. Validation: Maximum items: 32 | No |
AddonReleaseFilterRef
AddonReleaseFilterRef provides a reference to the AddonRelease to select for the AddonInstall.
Appears in: AddonReleasesFilter
| Field | Description | Required |
|---|---|---|
namestring | name of the AddonRelease being referenced. Validation: Minimum length: 1 | Yes |
namespacestring | namespace of the AddonRelease being referenced. If not specified, will use the default public namespace defined by the addon manager. Validation: Maximum length: 63 | No |
ClusterConstraints
ClusterConstraints defines constraints for deploying AddonRelease to clusters.
Appears in: ClusterSelector
| Field | Description | Required |
|---|---|---|
expressionstring | expression allows to define criteria for restricting the list of Clusters where addon should be deployed. expression is defined using Common Expression Language (CEL). CEL expressions have access to the Cluster object (see: https://github.com/google/cel-spec) For example to check if there are Windows machine deployments in a cluster. Example 1: Check cluster has Window worker nodes:
Example 2: Check cluster has opted in to cluster autoscaler
Example 3: Check cluster is on k8s version v1.31.x and has variable called CNI set to antrea
Validation: Minimum length: 1 | No |
ClusterUpgradeStage
ClusterUpgradeStage defines the stage during cluster upgrade.
Appears in: UpgradeStrategy
DependencyConstraint
DependencyConstraint defines a constraint that must be satisfied by a dependency resource.
Appears in: TemplateInputResource
| Field | Description | Required |
|---|---|---|
operatorstring | operator specifies the constraint operator for this dependency input. Valid values are "unique", "optional", and "multiple".
Validation: Allowed values: | Yes |
FetchHelmRepository
FetchHelmRepository defines the configuration for fetching the Helm repository that contains the Helm charts.
Appears in: AddonRepositoryFetch
| Field | Description | Required |
|---|---|---|
urlstring | url is the Helm repository URL Validation: Maximum length: 512 | Yes |
FetchImgpkgBundle
FetchImgpkgBundle defines the imgpkg bundle fetch configuration for AddonRepository.
Appears in: AddonRepositoryFetch
| Field | Description | Required |
|---|---|---|
imageURLstring | imageURL is the imgpkg bundle url used to fetch the corresponding PackageRepository Validation: Minimum length: 1 | Yes |
KubeconfigSecretRef
KubeconfigSecretRef specifies the name and namespace of the secret in the target cluster where the secret containing the generated kubeconfig yaml file.
Appears in: ServiceAccountTargetRef
| Field | Description | Required |
|---|---|---|
namestring | name is the name of the secret in the target cluster that contains the generated kubeconfig yaml file based on the service account token. Validation: Minimum length: 1 | Yes |
namespacestring | namespace is the namespace of the secret in the target cluster that contains the generated kubeconfig yaml file based on the service account token. Validation: Minimum length: 1 | Yes |
OutputReferenceType
OutputReferenceType specifies how a rendered output resource is consumed by the addon system.
Appears in: SupervisorNamespaceOutput, TargetClusterOutput, VariadicOutputSummary
RenderForEach
RenderForEach specifies how to iterate over an input to generate multiple outputs.
Appears in: TemplateOutputResource
| Field | Description | Required |
|---|---|---|
inputNamestring | inputName references a TemplateInputResource.inputName with the "multiple" constraint. Validation: Minimum length: 1 | Yes |
ServiceAccountTokenSecretRef
ServiceAccountTokenSecretRef specifies the name and namespace of the secret in the target cluster where the secret containing the generated service account.
Appears in: ServiceAccountTargetRef
| Field | Description | Required |
|---|---|---|
namestring | name is the name of the secret in the target cluster where the secret containing the generated service account token needs to be created. Validation: Minimum length: 1 | Yes |
namespacestring | namespace is the namespace of the secret in the target cluster where the secret containing the generated service account token needs to be created. Validation: Minimum length: 1 | Yes |
SupervisorNamespaceOutput
supervisorNamespaceOutput defines the resource metadata for persisting the rendered configuration as a resource into the addon's namespace of supervisor cluster.
Appears in: TemplateOutputResource
| Field | Description | Default | Required |
|---|---|---|---|
apiVersionstring | apiVersion of the output resource. Must be a valid Kubernetes API version (e.g., "v1", "apps/v1"). Validation: Maximum length: 317 | Yes | |
kindstring | kind of the output resource. Must be a valid Kubernetes resource kind (e.g., "ConfigMap", "Secret"). Validation: Minimum length: 1 | Yes | |
namestring | name of the output resource. Validation: Minimum length: 1 | Yes | |
referenceTypeOutputReferenceType | referenceType specifies how this output is consumed by the addon system. When set to "ValuesRef", the configuration values will be consumed through PackageInstalls. When set to "Direct", the configuration is applied directly to the supervisor cluster as a standalone resource. if the kind is not a secret, then the referenceType will be ignored. | Direct | No |
TargetClusterOutput
TargetClusterOutput defines the resource metadata for persisting the rendered configuration as a resource within the target workload cluster. This is typically used for configuration that needs to be directly accessible to workload components.
Appears in: TemplateOutputResource
| Field | Description | Default | Required |
|---|---|---|---|
apiVersionstring | apiVersion of the output resource. Must be a valid Kubernetes API version (e.g., "v1", "apps/v1"). Validation: Minimum length: 1 | Yes | |
kindstring | kind of the output resource. Must be a valid Kubernetes resource kind (e.g., "ConfigMap", "Secret"). Validation: Minimum length: 1 | Yes | |
namestring | name of the output resource. Validation: Minimum length: 1 | Yes | |
namespacestring | namespace of the output resource. If it is a cluster-scoped resource, the empty Namespace is allowed, otherwise Namespace must have value. Validation: Minimum length: 1 | No | |
scopeTypeScope | scope indicates whether the scope of the output resource. If it is a cluster-scoped resource, the empty Namespace is allowed, otherwise Namespace must have value. | Namespace | No |
referenceTypeOutputReferenceType | referenceType specifies how this output is consumed by the addon system. When set to "ValuesRef", the configuration values will be consumed through PackageInstalls. When set to "Direct", the configuration is applied directly to the target cluster as a standalone resource. if the kind is not a secret, then the referenceType will be ignored. | ValuesRef | No |
TypeScope
TypeScope indicates whether a Kubernetes resource is namespace-scoped or cluster-scoped.
Appears in: TargetClusterOutput, TemplateInputResource
VariadicOutputTarget
VariadicOutputTarget indicates where the variadic output instances reside.
Appears in: VariadicOutputSummary
WaitStrategy
WaitStrategy defines the available wait strategies for addon readiness during cluster upgrades
Appears in: UpgradeStrategy
AddonReleasesVersion
AddonReleasesVersion references a specific version of AddonRelease and its related AddonRepositories.
Appears in: AddonStatus
| Field | Description | Required |
|---|---|---|
versionstring | version specifies semantic version (semver) of the AddonRelease. See AddonRelease resource for more details. Validation: Minimum length: 1 | Yes |
addonRepositories[]AddonRepositoryRef | addonRepositories contains references to AddonRepositories that provide this version of the AddonRelease. addonRepositories can be empty or have one or many AddonRepositories that provide a single version. If addonRepositories is empty, that means the AddonRelease does not require an AddonRepository. This is the case when the AddonRelease is provided by a Kubernetes-Release or another controller. If addonRepositories contains one or more, then to consume this version of the AddonRelease, the Kubernetes cluster must have one of these AddonRepositories installed using the AddonRepositoryInstall. Validation: Maximum items: 64 | No |
bootstrap.cluster.x-k8s.io/v1beta1
Resource Types:
KubeadmConfig
KubeadmConfig is the Schema for the kubeadmconfigs API.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specKubeadmConfigSpec | spec is the desired state of KubeadmConfig. | No |
statusKubeadmConfigStatus | status is the observed state of KubeadmConfig. | No |
KubeadmConfigTemplate
KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates API.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specKubeadmConfigTemplateSpec | spec is the desired state of KubeadmConfigTemplate. | No |
KubeadmConfigSpec
KubeadmConfigSpec defines the desired state of KubeadmConfig. Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined.
Appears in: KubeadmConfig, KubeadmConfigTemplateResource
| Field | Description | Required |
|---|---|---|
clusterConfigurationClusterConfiguration | clusterConfiguration along with InitConfiguration are the configurations necessary for the init command | No |
initConfigurationInitConfiguration | initConfiguration along with ClusterConfiguration are the configurations necessary for the init command | No |
joinConfigurationJoinConfiguration | joinConfiguration is the kubeadm configuration for the join command | No |
files[]File | files specifies extra files to be passed to user_data upon creation. Validation: Maximum items: 200 | No |
diskSetupDiskSetup | diskSetup specifies options for the creation of partition tables and file systems on devices. | No |
mounts[]MountPoints | mounts specifies a list of mount points to be setup. Validation: Maximum items: 100 | No |
bootCommands[]string | bootCommands specifies extra commands to run very early in the boot process via the cloud-init bootcmd module. bootcmd will run on every boot, 'cloud-init-per' command can be used to make bootcmd run exactly once. This is typically run in the cloud-init.service systemd unit. This has no effect in Ignition. Validation: Maximum items: 1000 | No |
preKubeadmCommands[]string | preKubeadmCommands specifies extra commands to run before kubeadm runs. With cloud-init, this is prepended to the runcmd module configuration, and is typically executed in the cloud-final.service systemd unit. In Ignition, this is prepended to /etc/kubeadm.sh. Validation: items:MinLength: 1 | No |
postKubeadmCommands[]string | postKubeadmCommands specifies extra commands to run after kubeadm runs. With cloud-init, this is appended to the runcmd module configuration, and is typically executed in the cloud-final.service systemd unit. In Ignition, this is appended to /etc/kubeadm.sh. Validation: Maximum items: 1000 | No |
users[]User | users specifies extra users to add Validation: Maximum items: 100 | No |
ntpNTP | ntp specifies NTP configuration | No |
formatFormat | format specifies the output format of the bootstrap data | No |
verbosityint32 | verbosity is the number for the kubeadm log level verbosity. It overrides the --v flag in kubeadm commands. | No |
useExperimentalRetryJoinbool | useExperimentalRetryJoin replaces a basic kubeadm command with a shell script with retries for joins. This is meant to be an experimental temporary workaround on some environments where joins fail due to timing (and other issues). The long term goal is to add retries to kubeadm proper and use that functionality. This will add about 40KB to userdata For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. Deprecated: This experimental fix is no longer needed and this field will be removed in a future release. When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml | No |
ignitionIgnitionSpec | ignition contains Ignition specific configuration. | No |
KubeadmConfigStatus
KubeadmConfigStatus defines the observed state of KubeadmConfig.
Appears in: KubeadmConfig
| Field | Description | Required |
|---|---|---|
readybool | ready indicates the BootstrapData field is ready to be consumed | No |
dataSecretNamestring | dataSecretName is the name of the secret that stores the bootstrap data script. Validation: Minimum length: 1 | No |
failureReasonstring | failureReason will be set on non-retryable errors Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. Validation: Minimum length: 1 | No |
failureMessagestring | failureMessage will be set on non-retryable errors Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. Validation: Minimum length: 1 | No |
observedGenerationint64 | observedGeneration is the latest generation observed by the controller. | No |
conditionsConditions | conditions defines current service state of the KubeadmConfig. | No |
v1beta2KubeadmConfigV1Beta2Status | v1beta2 groups all the fields that will be added or modified in KubeadmConfig's status with the V1Beta2 version. | No |
KubeadmConfigTemplateSpec
KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate.
Appears in: KubeadmConfigTemplate
| Field | Description | Required |
|---|---|---|
templateKubeadmConfigTemplateResource | template defines the desired state of KubeadmConfigTemplate. | Yes |
ClusterConfiguration
ClusterConfiguration contains cluster-wide configuration for a kubeadm cluster.
Appears in: KubeadmConfigSpec
| Field | Description | Required |
|---|---|---|
etcdEtcd | etcd holds configuration for etcd. NB: This value defaults to a Local (stacked) etcd | No |
networkingNetworking | networking holds configuration for the networking topology of the cluster. NB: This value defaults to the Cluster object spec.clusterNetwork. | No |
kubernetesVersionstring | kubernetesVersion is the target version of the control plane. NB: This value defaults to the Machine object spec.version Validation: Minimum length: 1 | No |
controlPlaneEndpointstring | controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint is specified but without a TCP port, the BindPort is used. Possible usages are: e.g. In a cluster with more than one control plane instances, this field should be assigned the address of the external load balancer in front of the control plane instances. e.g. in environments with enforced node recycling, the ControlPlaneEndpoint could be used for assigning a stable DNS to the control plane. NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. Validation: Minimum length: 1 | No |
apiServerAPIServer | apiServer contains extra settings for the API server control plane component | No |
controllerManagerControlPlaneComponent | controllerManager contains extra settings for the controller manager control plane component | No |
schedulerControlPlaneComponent | scheduler contains extra settings for the scheduler control plane component | No |
dnsDNS | dns defines the options for the DNS add-on installed in the cluster. | No |
certificatesDirstring | certificatesDir specifies where to store or look for all required certificates. NB: if not provided, this will default to /etc/kubernetes/pkiValidation: Minimum length: 1 | No |
imageRepositorystring | imageRepository sets the container registry to pull images from. * If not set, the default registry of kubeadm will be used, i.e. * registry.k8s.io (new registry): ≥ v1.22.17, ≥ v1.23.15, ≥ v1.24.9, ≥ v1.25.0 * k8s.gcr.io (old registry): all older versions Please note that when imageRepository is not set we don't allow upgrades to versions ≥ v1.22.0 which use the old registry (k8s.gcr.io). Please use a newer patch version with the new registry instead (i.e. ≥ v1.22.17, ≥ v1.23.15, ≥ v1.24.9, ≥ v1.25.0). * If the version is a CI build (kubernetes version starts with ci/ or ci-cross/) gcr.io/k8s-staging-ci-images will be used as a default for control plane components and for kube-proxy, while registry.k8s.io will be used for all the other images.Validation: Minimum length: 1 | No |
featureGatesmap[string]bool | featureGates enabled by the user. | No |
certificateValidityPeriodDaysint32 | certificateValidityPeriodDays specifies the validity period for non-CA certificates generated by kubeadm. If not specified, kubeadm will use a default of 365 days (1 year). This field is only supported with Kubernetes v1.31 or above. Validation: Minimum: 1 | No |
caCertificateValidityPeriodDaysint32 | caCertificateValidityPeriodDays specifies the validity period for CA certificates generated by Cluster API. If not specified, Cluster API will use a default of 3650 days (10 years). This field cannot be modified. Validation: Minimum: 1 | No |
encryptionAlgorithmEncryptionAlgorithmType | encryptionAlgorithm holds the type of asymmetric encryption algorithm used for keys and certificates. Can be one of "RSA-2048", "RSA-3072", "RSA-4096", "ECDSA-P256" or "ECDSA-P384". For Kubernetes 1.34 or above, "ECDSA-P384" is supported. If not specified, Cluster API will use RSA-2048 as default. When this field is modified every certificate generated afterward will use the new encryptionAlgorithm. Existing CA certificates and service account keys are not rotated. This field is only supported with Kubernetes v1.31 or above. | No |
clusterNamestring | clusterName is the cluster name Validation: Minimum length: 1 | No |
DiskSetup
DiskSetup defines input for generated disk_setup and fs_setup in cloud-init.
Appears in: KubeadmConfigSpec
| Field | Description | Required |
|---|---|---|
partitions[]Partition | partitions specifies the list of the partitions to setup. Validation: Maximum items: 100 | No |
filesystems[]Filesystem | filesystems specifies the list of file systems to setup. Validation: Maximum items: 100 | No |
File
File defines the input for generating write_files in cloud-init.
Appears in: KubeadmConfigSpec
| Field | Description | Required |
|---|---|---|
pathstring | path specifies the full path on disk where to store the file. Validation: Minimum length: 1 | Yes |
ownerstring | owner specifies the ownership of the file, e.g. "root:root". Validation: Minimum length: 1 | No |
permissionsstring | permissions specifies the permissions to assign to the file, e.g. "0640". Validation: Minimum length: 1 | No |
encodingEncoding | encoding specifies the encoding of the file contents. | No |
appendbool | append specifies whether to append Content to existing file if Path exists. | No |
contentstring | content is the actual content of the file. Validation: Minimum length: 1 | No |
contentFromFileSource | contentFrom is a referenced source of content to populate the file. | No |
Format
Format specifies the output format of the bootstrap data
Appears in: KubeadmConfigSpec
IgnitionSpec
IgnitionSpec contains Ignition specific configuration.
Appears in: KubeadmConfigSpec
| Field | Description | Required |
|---|---|---|
containerLinuxConfigContainerLinuxConfig | containerLinuxConfig contains CLC specific configuration. | No |
InitConfiguration
InitConfiguration contains a list of elements that is specific "kubeadm init"-only runtime information.
Appears in: KubeadmConfigSpec
| Field | Description | Required |
|---|---|---|
bootstrapTokens[]BootstrapToken | bootstrapTokens is respected at kubeadm init time and describes a set of Bootstrap Tokens to create. This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive natureValidation: Maximum items: 100 | No |
nodeRegistrationNodeRegistrationOptions | nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. When used in the context of control plane nodes, NodeRegistration should remain consistent across both InitConfiguration and JoinConfiguration | No |
localAPIEndpointAPIEndpoint | localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process fails you may set the desired value here. | No |
skipPhases[]string | skipPhases is a list of phases to skip during command execution. The list of phases can be obtained with the "kubeadm init --help" command. This option takes effect only on Kubernetes ≥1.22.0. Validation: Maximum items: 50 | No |
patchesPatches | patches contains options related to applying patches to components deployed by kubeadm during "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22 | No |
JoinConfiguration
JoinConfiguration contains elements describing a particular node.
Appears in: KubeadmConfigSpec
| Field | Description | Required |
|---|---|---|
nodeRegistrationNodeRegistrationOptions | nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. When used in the context of control plane nodes, NodeRegistration should remain consistent across both InitConfiguration and JoinConfiguration | No |
caCertPathstring | caCertPath is the path to the SSL certificate authority used to secure comunications between node and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". TODO: revisit when there is defaulting from k/k Validation: Minimum length: 1 | No |
discoveryDiscovery | discovery specifies the options for the kubelet to use during the TLS Bootstrap process TODO: revisit when there is defaulting from k/k | No |
controlPlaneJoinControlPlane | controlPlane defines the additional control plane instance to be deployed on the joining node. If nil, no additional control plane instance will be deployed. | No |
skipPhases[]string | skipPhases is a list of phases to skip during command execution. The list of phases can be obtained with the "kubeadm init --help" command. This option takes effect only on Kubernetes ≥1.22.0. Validation: Maximum items: 50 | No |
patchesPatches | patches contains options related to applying patches to components deployed by kubeadm during "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22 | No |
KubeadmConfigTemplateResource
KubeadmConfigTemplateResource defines the Template structure.
Appears in: KubeadmConfigTemplateSpec
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specKubeadmConfigSpec | spec is the desired state of KubeadmConfig. | No |
KubeadmConfigV1Beta2Status
KubeadmConfigV1Beta2Status groups all the fields that will be added or modified in KubeadmConfig with the V1Beta2 version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.
Appears in: KubeadmConfigStatus
| Field | Description | Required |
|---|---|---|
conditions[]Condition | conditions represents the observations of a KubeadmConfig's current state. Known condition types are Ready, DataSecretAvailable, CertificatesAvailable. Validation: Maximum items: 32 | No |
MountPoints
MountPoints defines input for generated mounts in cloud-init.
Appears in: KubeadmConfigSpec
NTP
NTP defines input for generated ntp in cloud-init.
Appears in: KubeadmConfigSpec
| Field | Description | Required |
|---|---|---|
servers[]string | servers specifies which NTP servers to use Validation: items:MaxLength: 512 | No |
enabledbool | enabled specifies whether NTP should be enabled | No |
User
User defines the input for a generated user in cloud-init.
Appears in: KubeadmConfigSpec
| Field | Description | Required |
|---|---|---|
namestring | name specifies the user name Validation: Minimum length: 1 | Yes |
gecosstring | gecos specifies the gecos to use for the user Validation: Minimum length: 1 | No |
groupsstring | groups specifies the additional groups for the user Validation: Minimum length: 1 | No |
homeDirstring | homeDir specifies the home directory to use for the user Validation: Minimum length: 1 | No |
inactivebool | inactive specifies whether to mark the user as inactive | No |
shellstring | shell specifies the user's shell Validation: Minimum length: 1 | No |
passwdstring | passwd specifies a hashed password for the user Validation: Minimum length: 1 | No |
passwdFromPasswdSource | passwdFrom is a referenced source of passwd to populate the passwd. | No |
primaryGroupstring | primaryGroup specifies the primary group for the user Validation: Minimum length: 1 | No |
lockPasswordbool | lockPassword specifies if password login should be disabled | No |
sudostring | sudo specifies a sudo role for the user Validation: Maximum length: 256 | No |
sshAuthorizedKeys[]string | sshAuthorizedKeys specifies a list of ssh authorized keys for the user Validation: Maximum items: 100 | No |
APIEndpoint
APIEndpoint struct contains elements of API server instance deployed on a node.
Appears in: ClusterStatus, InitConfiguration, JoinControlPlane
| Field | Description | Required |
|---|---|---|
advertiseAddressstring | advertiseAddress sets the IP address for the API server to advertise. Validation: Minimum length: 1 | No |
bindPortint32 | bindPort sets the secure port for the API Server to bind to. Defaults to 6443. | No |
APIServer
APIServer holds settings necessary for API server deployments in the cluster.
Appears in: ClusterConfiguration
| Field | Description | Required |
|---|---|---|
certSANs[]string | certSANs sets extra Subject Alternative Names for the API Server signing cert. Validation: Maximum items: 100 | No |
timeoutForControlPlaneDuration | timeoutForControlPlane controls the timeout that we use for API server to appear | No |
BootstrapToken
BootstrapToken describes one bootstrap token, stored as a Secret in the cluster.
Appears in: InitConfiguration
| Field | Description | Required |
|---|---|---|
tokenBootstrapTokenString | token is used for establishing bidirectional trust between nodes and control-planes. Used for joining nodes in the cluster. | Yes |
descriptionstring | description sets a human-friendly message why this token exists and what it's used for, so other administrators can know its purpose. Validation: Minimum length: 1 | No |
ttlDuration | ttl defines the time to live for this token. Defaults to 24h. Expires and TTL are mutually exclusive. | No |
expiresTime | expires specifies the timestamp when this token expires. Defaults to being set dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. | No |
usages[]string | usages describes the ways in which this token can be used. Can by default be used for establishing bidirectional trust, but that can be changed here. Validation: items:MinLength: 1 | No |
groups[]string | groups specifies the extra groups that this token will authenticate as when/if used for authentication Validation: Maximum items: 100 | No |
ContainerLinuxConfig
ContainerLinuxConfig contains CLC-specific configuration.
We use a structured type here to allow adding additional fields, for example 'version'.
Appears in: IgnitionSpec
| Field | Description | Required |
|---|---|---|
additionalConfigstring | additionalConfig contains additional configuration to be merged with the Ignition configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ Validation: Minimum length: 1 | No |
strictbool | strict controls if AdditionalConfig should be strictly parsed. If so, warnings are treated as errors. | No |
ControlPlaneComponent
ControlPlaneComponent holds settings common to control plane component of the cluster.
Appears in: APIServer, ClusterConfiguration
| Field | Description | Required |
|---|---|---|
extraArgsmap[string]string | extraArgs is an extra set of flags to pass to the control plane component. TODO: This is temporary and ideally we would like to switch all components to use ComponentConfig + ConfigMaps. | No |
extraVolumes[]HostPathMount | extraVolumes is an extra set of host volumes, mounted to the control plane component. Validation: Maximum items: 100 | No |
extraEnvs[]EnvVar | extraEnvs is an extra set of environment variables to pass to the control plane component. Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. This option takes effect only on Kubernetes ≥1.31.0. Validation: Maximum items: 100 | No |
DNS
DNS defines the DNS addon that should be used in the cluster.
Appears in: ClusterConfiguration
Discovery
Discovery specifies the options for the kubelet to use during the TLS Bootstrap process.
Appears in: JoinConfiguration
| Field | Description | Required |
|---|---|---|
bootstrapTokenBootstrapTokenDiscovery | bootstrapToken is used to set the options for bootstrap token based discovery BootstrapToken and File are mutually exclusive | No |
fileFileDiscovery | file is used to specify a file or URL to a kubeconfig file from which to load cluster information BootstrapToken and File are mutually exclusive | No |
tlsBootstrapTokenstring | tlsBootstrapToken is a token used for TLS bootstrapping. If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information Validation: Minimum length: 1 | No |
timeoutDuration | timeout modifies the discovery timeout | No |
Encoding
Encoding specifies the cloud-init file encoding.
Appears in: File
EncryptionAlgorithmType
EncryptionAlgorithmType can define an asymmetric encryption algorithm type.
Appears in: ClusterConfiguration
Etcd
Etcd contains elements describing Etcd configuration.
Appears in: ClusterConfiguration
| Field | Description | Required |
|---|---|---|
localLocalEtcd | local provides configuration knobs for configuring the local etcd instance Local and External are mutually exclusive | No |
externalExternalEtcd | external describes how to connect to an external etcd cluster Local and External are mutually exclusive | No |
FileSource
FileSource is a union of all possible external source types for file data. Only one field may be populated in any given instance. Developers adding new sources of data for target systems should add them here.
Appears in: File
| Field | Description | Required |
|---|---|---|
secretSecretFileSource | secret represents a secret that should populate this file. | Yes |
Filesystem
Filesystem defines the file systems to be created.
Appears in: DiskSetup
| Field | Description | Required |
|---|---|---|
devicestring | device specifies the device name Validation: Minimum length: 1 | Yes |
filesystemstring | filesystem specifies the file system type. Validation: Minimum length: 1 | Yes |
labelstring | label specifies the file system label to be used. If set to None, no label is used. Validation: Minimum length: 1 | No |
partitionstring | partition specifies the partition to use. The valid options are: "auto|any", "auto", "any", "none", and <NUM>, where NUM is the actual partition number. Validation: Minimum length: 1 | No |
overwritebool | overwrite defines whether or not to overwrite any existing filesystem. If true, any pre-existing file system will be destroyed. Use with Caution. | No |
replaceFSstring | replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>. NOTE: unless you define a label, this requires the use of the 'any' partition directive. Validation: Minimum length: 1 | No |
extraOpts[]string | extraOpts defined extra options to add to the command for creating the file system. Validation: items:MinLength: 1 | No |
JoinControlPlane
JoinControlPlane contains elements describing an additional control plane instance to be deployed on the joining node.
Appears in: JoinConfiguration
| Field | Description | Required |
|---|---|---|
localAPIEndpointAPIEndpoint | localAPIEndpoint represents the endpoint of the API server instance to be deployed on this node. | No |
Networking
Networking contains elements describing cluster's networking configuration.
Appears in: ClusterConfiguration
| Field | Description | Required |
|---|---|---|
serviceSubnetstring | serviceSubnet is the subnet used by k8s services. Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12" if that's unset. Validation: Minimum length: 1 | No |
podSubnetstring | podSubnet is the subnet used by pods. If unset, the API server will not allocate CIDR ranges for every node. Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set Validation: Minimum length: 1 | No |
dnsDomainstring | dnsDomain is the dns domain used by k8s services. Defaults to "cluster.local". Validation: Minimum length: 1 | No |
NodeRegistrationOptions
NodeRegistrationOptions holds fields that relate to registering a new control-plane or node to the cluster, either via "kubeadm init" or "kubeadm join". Note: The NodeRegistrationOptions struct has to be kept in sync with the structs in MarshalJSON.
Appears in: InitConfiguration, JoinConfiguration
| Field | Description | Required |
|---|---|---|
namestring | name is the .Metadata.Name field of the Node API object that will be created in this kubeadm init or kubeadm join operation. This field is also used in the CommonName field of the kubelet's client certificate to the API server. Defaults to the hostname of the node if not provided.Validation: Minimum length: 1 | No |
criSocketstring | criSocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use Validation: Maximum length: 512 | No |
taints[]Taint | taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the kubeadm init process it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an empty slice, i.e. taints: [] in the YAML file. This field is solely used for Node registration.Validation: Maximum items: 100 | No |
kubeletExtraArgsmap[string]string | kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. | No |
ignorePreflightErrors[]string | ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered. Validation: Maximum items: 50 | No |
imagePullPolicystring | imagePullPolicy specifies the policy for image pulling during kubeadm "init" and "join" operations. The value of this field must be one of "Always", "IfNotPresent" or "Never". Defaults to "IfNotPresent". This can be used only with Kubernetes version equal to 1.22 and later. Validation: Allowed values: | No |
imagePullSerialbool | imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. This option takes effect only on Kubernetes ≥1.31.0. Default: true (defaulted in kubeadm) | No |
Partition
Partition defines how to create and layout a partition.
Appears in: DiskSetup
| Field | Description | Required |
|---|---|---|
devicestring | device is the name of the device. Validation: Minimum length: 1 | Yes |
layoutbool | layout specifies the device layout. If it is true, a single partition will be created for the entire device. When layout is false, it means don't partition or ignore existing partitioning. | Yes |
overwritebool | overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. Use with caution. Default is 'false'. | No |
tableTypestring | tableType specifies the tupe of partition table. The following are supported: 'mbr': default and setups a MS-DOS partition table 'gpt': setups a GPT partition table Validation: Allowed values: | No |
diskLayout[]PartitionSpec | diskLayout specifies an ordered list of partitions, where each item defines the percentage of disk space and optional partition type for that partition. The sum of all partition percentages must not be greater than 100. Validation: Minimum items: 1 | No |
PasswdSource
PasswdSource is a union of all possible external source types for passwd data. Only one field may be populated in any given instance. Developers adding new sources of data for target systems should add them here.
Appears in: User
| Field | Description | Required |
|---|---|---|
secretSecretPasswdSource | secret represents a secret that should populate this password. | Yes |
Patches
Patches contains options related to applying patches to components deployed by kubeadm.
Appears in: InitConfiguration, JoinConfiguration
| Field | Description | Required |
|---|---|---|
directorystring | directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically. These files can be written into the target directory via KubeadmConfig.Files which specifies additional files to be created on the machine, either with content inline or by referencing a secret. Validation: Minimum length: 1 | No |
BootstrapTokenDiscovery
BootstrapTokenDiscovery is used to set the options for bootstrap token based discovery.
Appears in: Discovery
| Field | Description | Required |
|---|---|---|
tokenstring | token is a token used to validate cluster information fetched from the control-plane. Validation: Minimum length: 1 | No |
apiServerEndpointstring | apiServerEndpoint is an IP or domain name to the API server from which info will be fetched. Validation: Minimum length: 1 | No |
caCertHashes[]string | caCertHashes specifies a set of public key pins to verify when token-based discovery is used. The root CA found during discovery must match one of these values. Specifying an empty set disables root CA pinning, which can be unsafe. Each hash is specified as "<type>:<value>", where the only currently supported type is "sha256". This is a hex-encoded SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded ASN.1. These hashes can be calculated using, for example, OpenSSL: openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex Validation: Maximum items: 100 | No |
unsafeSkipCAVerificationbool | unsafeSkipCAVerification allows token-based discovery without CA verification via CACertHashes. This can weaken the security of kubeadm since other nodes can impersonate the control-plane. | No |
BootstrapTokenString
BootstrapTokenString is a token of the format abcdef.abcdef0123456789 that is used for both validation of the practically of the API server from a joining node's point of view and as an authentication method for the node in the bootstrap phase of "kubeadm join". This token is and should be short-lived.
Appears in: BootstrapToken
EnvVar
EnvVar represents an environment variable present in a Container.
Appears in: ControlPlaneComponent, EnvVar, LocalEtcd
ExternalEtcd
ExternalEtcd describes an external etcd cluster. Kubeadm has no knowledge of where certificate files live and they must be supplied.
Appears in: Etcd
| Field | Description | Required |
|---|---|---|
endpoints[]string | endpoints of etcd members. Required for ExternalEtcd. Validation: Maximum items: 50 | Yes |
caFilestring | caFile is an SSL Certificate Authority file used to secure etcd communication. Required if using a TLS connection. Validation: Minimum length: 1 | Yes |
certFilestring | certFile is an SSL certification file used to secure etcd communication. Required if using a TLS connection. Validation: Minimum length: 1 | Yes |
keyFilestring | keyFile is an SSL key file used to secure etcd communication. Required if using a TLS connection. Validation: Minimum length: 1 | Yes |
FileDiscovery
FileDiscovery is used to specify a file or URL to a kubeconfig file from which to load cluster information.
Appears in: Discovery
| Field | Description | Required |
|---|---|---|
kubeConfigPathstring | kubeConfigPath is used to specify the actual file path or URL to the kubeconfig file from which to load cluster information Validation: Maximum length: 512 | Yes |
kubeConfigFileDiscoveryKubeConfig | kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information. The file is generated at the path specified in KubeConfigPath. Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint. Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret. | No |
HostPathMount
HostPathMount contains elements describing volumes that are mounted from the host.
Appears in: ControlPlaneComponent
| Field | Description | Required |
|---|---|---|
namestring | name of the volume inside the pod template. Validation: Minimum length: 1 | Yes |
hostPathstring | hostPath is the path in the host that will be mounted inside the pod. Validation: Minimum length: 1 | Yes |
mountPathstring | mountPath is the path inside the pod where hostPath will be mounted. Validation: Maximum length: 512 | Yes |
readOnlybool | readOnly controls write access to the volume | No |
pathTypeHostPathType | pathType is the type of the HostPath. | No |
ImageMeta
ImageMeta allows to customize the image used for components that are not originated from the Kubernetes/Kubernetes release process.
| Field | Description | Required |
|---|---|---|
imageRepositorystring | imageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead. Validation: Minimum length: 1 | No |
imageTagstring | imageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. Validation: Maximum length: 256 | No |
LocalEtcd
LocalEtcd describes that kubeadm should run an etcd cluster locally.
Appears in: Etcd
| Field | Description | Required |
|---|---|---|
dataDirstring | dataDir is the directory etcd will place its data. Defaults to "/var/lib/etcd". Validation: Minimum length: 1 | No |
extraArgsmap[string]string | extraArgs are extra arguments provided to the etcd binary when run inside a static pod. | No |
extraEnvs[]EnvVar | extraEnvs is an extra set of environment variables to pass to the control plane component. Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. This option takes effect only on Kubernetes ≥1.31.0. Validation: Maximum items: 100 | No |
serverCertSANs[]string | serverCertSANs sets extra Subject Alternative Names for the etcd server signing cert. Validation: items:MaxLength: 253 | No |
peerCertSANs[]string | peerCertSANs sets extra Subject Alternative Names for the etcd peer signing cert. Validation: Maximum items: 100 | No |
PartitionSpec
PartitionSpec defines the size and optional type for a partition.
Appears in: Partition
| Field | Description | Required |
|---|---|---|
percentageint32 | percentage of disk that partition will take (1-100) Validation: Maximum: 100 | No |
partitionTypestring | partitionType is the partition type (optional). Supported values are Linux, LinuxSwap, LinuxRAID, LVM, Fat32, NTFS, and LinuxExtended. These are translated to cloud-init partition type codes. A full GPT partition GUID is also supported as a passthrough value. Validation: Maximum length: 36 | No |
SecretFileSource
SecretFileSource adapts a Secret into a FileSource.
The contents of the target Secret's Data field will be presented as files using the keys in the Data field as the file names.
Appears in: FileSource
| Field | Description | Required |
|---|---|---|
namestring | name of the secret in the KubeadmBootstrapConfig's namespace to use. Validation: Minimum length: 1 | Yes |
keystring | key is the key in the secret's data map for this value. Validation: Minimum length: 1 | Yes |
SecretPasswdSource
SecretPasswdSource adapts a Secret into a PasswdSource.
The contents of the target Secret's Data field will be presented as passwd using the keys in the Data field as the file names.
Appears in: PasswdSource
| Field | Description | Required |
|---|---|---|
namestring | name of the secret in the KubeadmBootstrapConfig's namespace to use. Validation: Minimum length: 1 | Yes |
keystring | key is the key in the secret's data map for this value. Validation: Minimum length: 1 | Yes |
FileDiscoveryKubeConfig
FileDiscoveryKubeConfig contains elements describing how to generate the kubeconfig for bootstrapping.
Appears in: FileDiscovery
| Field | Description | Required |
|---|---|---|
clusterKubeConfigCluster | cluster contains information about how to communicate with the kubernetes cluster. By default the following fields are automatically populated:
| No |
userKubeConfigUser | user contains information that describes identity information. This is used to tell the kubernetes cluster who you are. | Yes |
KubeConfigCluster
KubeConfigCluster contains information about how to communicate with a kubernetes cluster.
Adapted from clientcmdv1.Cluster.
Appears in: FileDiscoveryKubeConfig
| Field | Description | Required |
|---|---|---|
serverstring | server is the address of the kubernetes cluster (https://hostname:port). Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint. Validation: Minimum length: 1 | No |
tlsServerNamestring | tlsServerName is used to check server certificate. If TLSServerName is empty, the hostname used to contact the server is used. Validation: Minimum length: 1 | No |
insecureSkipTLSVerifybool | insecureSkipTLSVerify skips the validity check for the server's certificate. This will make your HTTPS connections insecure. | No |
certificateAuthorityData[]byte | certificateAuthorityData contains PEM-encoded certificate authority certificates. Defaults to the Cluster's CA certificate if empty. Validation: Minimum length: 1 | No |
proxyURLstring | proxyURL is the URL to the proxy to be used for all requests made by this client. URLs with "http", "https", and "socks5" schemes are supported. If this configuration is not provided or the empty string, the client attempts to construct a proxy configuration from http_proxy and https_proxy environment variables. If these environment variables are not set, the client does not attempt to proxy requests. socks5 proxying does not currently support spdy streaming endpoints (exec, attach, port forward). Validation: Minimum length: 1 | No |
KubeConfigUser
KubeConfigUser contains information that describes identity information. This is used to tell the kubernetes cluster who you are.
Either authProvider or exec must be filled.
Adapted from clientcmdv1.AuthInfo.
Appears in: FileDiscoveryKubeConfig
| Field | Description | Required |
|---|---|---|
authProviderKubeConfigAuthProvider | authProvider specifies a custom authentication plugin for the kubernetes cluster. | No |
execKubeConfigAuthExec | exec specifies a custom exec-based authentication plugin for the kubernetes cluster. | No |
KubeConfigAuthExec
KubeConfigAuthExec specifies a command to provide client credentials. The command is exec'd and outputs structured stdout holding credentials.
See the client.authentication.k8s.io API group for specifications of the exact input and output format.
Appears in: KubeConfigUser
| Field | Description | Required |
|---|---|---|
commandstring | command to execute. Validation: Minimum length: 1 | Yes |
args[]string | args is the arguments to pass to the command when executing it. Validation: Maximum items: 100 | No |
env[]KubeConfigAuthExecEnv | env defines additional environment variables to expose to the process. These are unioned with the host's environment, as well as variables client-go uses to pass argument to the plugin. Validation: Maximum items: 100 | No |
apiVersionstring | apiVersion is preferred input version of the ExecInfo. The returned ExecCredentials MUST use the same encoding version as the input. Defaults to client.authentication.k8s.io/v1 if not set. Validation: Minimum length: 1 | No |
provideClusterInfobool | provideClusterInfo determines whether or not to provide cluster information, which could potentially contain very large CA data, to this exec plugin as a part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for reading this environment variable. | No |
KubeConfigAuthProvider
KubeConfigAuthProvider holds the configuration for a specified auth provider.
Appears in: KubeConfigUser
| Field | Description | Required |
|---|---|---|
namestring | name is the name of the authentication plugin. Validation: Maximum length: 256 | Yes |
configmap[string]string | config holds the parameters for the authentication plugin. | No |
KubeConfigAuthExecEnv
KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based credential plugin.
Appears in: KubeConfigAuthExec
| Field | Description | Required |
|---|---|---|
namestring | name of the environment variable Validation: Minimum length: 1 | Yes |
valuestring | value of the environment variable Validation: Minimum length: 1 | Yes |
bootstrap.cluster.x-k8s.io/v1beta2
Resource Types:
KubeadmConfig
KubeadmConfig is the Schema for the kubeadmconfigs API.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specKubeadmConfigSpec | spec is the desired state of KubeadmConfig. | No |
statusKubeadmConfigStatus | status is the observed state of KubeadmConfig. | No |
KubeadmConfigTemplate
KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates API.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specKubeadmConfigTemplateSpec | spec is the desired state of KubeadmConfigTemplate. | No |
KubeadmConfigSpec
KubeadmConfigSpec defines the desired state of KubeadmConfig. Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined.
Appears in: KubeadmConfig, KubeadmConfigTemplateResource
| Field | Description | Required |
|---|---|---|
clusterConfigurationClusterConfiguration | clusterConfiguration along with InitConfiguration are the configurations necessary for the init command | No |
initConfigurationInitConfiguration | initConfiguration along with ClusterConfiguration are the configurations necessary for the init command | No |
joinConfigurationJoinConfiguration | joinConfiguration is the kubeadm configuration for the join command | No |
files[]File | files specifies extra files to be passed to user_data upon creation. Validation: Minimum items: 1 | No |
diskSetupDiskSetup | diskSetup specifies options for the creation of partition tables and file systems on devices. | No |
mounts[]MountPoints | mounts specifies a list of mount points to be setup. Validation: Minimum items: 1 | No |
bootCommands[]string | bootCommands specifies extra commands to run very early in the boot process via the cloud-init bootcmd module. bootcmd will run on every boot, 'cloud-init-per' command can be used to make bootcmd run exactly once. This is typically run in the cloud-init.service systemd unit. This has no effect in Ignition. Validation: Minimum items: 1 | No |
preKubeadmCommands[]string | preKubeadmCommands specifies extra commands to run before kubeadm runs. With cloud-init, this is prepended to the runcmd module configuration, and is typically executed in the cloud-final.service systemd unit. In Ignition, this is prepended to /etc/kubeadm.sh. Validation: Minimum items: 1 | No |
postKubeadmCommands[]string | postKubeadmCommands specifies extra commands to run after kubeadm runs. With cloud-init, this is appended to the runcmd module configuration, and is typically executed in the cloud-final.service systemd unit. In Ignition, this is appended to /etc/kubeadm.sh. Validation: Minimum items: 1 | No |
users[]User | users specifies extra users to add Validation: Minimum items: 1 | No |
ntpNTP | ntp specifies NTP configuration | No |
formatFormat | format specifies the output format of the bootstrap data. Defaults to cloud-config if not set. | No |
verbosityint32 | verbosity is the number for the kubeadm log level verbosity. It overrides the --v flag in kubeadm commands. | No |
ignitionIgnitionSpec | ignition contains Ignition specific configuration. | No |
KubeadmConfigStatus
KubeadmConfigStatus defines the observed state of KubeadmConfig.
Appears in: KubeadmConfig
| Field | Description | Required |
|---|---|---|
conditions[]Condition | conditions represents the observations of a KubeadmConfig's current state. Known condition types are Ready, DataSecretAvailable, CertificatesAvailable. Validation: Maximum items: 32 | No |
initializationKubeadmConfigInitializationStatus | initialization provides observations of the KubeadmConfig initialization process. NOTE: Fields in this struct are part of the Cluster API contract and are used to orchestrate initial Machine provisioning. | No |
dataSecretNamestring | dataSecretName is the name of the secret that stores the bootstrap data script. Validation: Minimum length: 1 | No |
observedGenerationint64 | observedGeneration is the latest generation observed by the controller. Validation: Minimum: 1 | No |
deprecatedKubeadmConfigDeprecatedStatus | deprecated groups all the status fields that are deprecated and will be removed when all the nested field are removed. | No |
KubeadmConfigTemplateSpec
KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate.
Appears in: KubeadmConfigTemplate
| Field | Description | Required |
|---|---|---|
templateKubeadmConfigTemplateResource | template defines the desired state of KubeadmConfigTemplate. | No |
ClusterConfiguration
ClusterConfiguration contains cluster-wide configuration for a kubeadm cluster.
Appears in: KubeadmConfigSpec
| Field | Description | Required |
|---|---|---|
etcdEtcd | etcd holds configuration for etcd. NB: This value defaults to a Local (stacked) etcd | No |
controlPlaneEndpointstring | controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint is specified but without a TCP port, the BindPort is used. Possible usages are: e.g. In a cluster with more than one control plane instances, this field should be assigned the address of the external load balancer in front of the control plane instances. e.g. in environments with enforced node recycling, the ControlPlaneEndpoint could be used for assigning a stable DNS to the control plane. NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. Validation: Maximum length: 512 | No |
apiServerAPIServer | apiServer contains extra settings for the API server control plane component | No |
controllerManagerControllerManager | controllerManager contains extra settings for the controller manager control plane component | No |
schedulerScheduler | scheduler contains extra settings for the scheduler control plane component | No |
dnsDNS | dns defines the options for the DNS add-on installed in the cluster. | No |
certificatesDirstring | certificatesDir specifies where to store or look for all required certificates. NB: if not provided, this will default to /etc/kubernetes/pkiValidation: Minimum length: 1 | No |
imageRepositorystring | imageRepository sets the container registry to pull images from. If not set, the default registry of kubeadm will be used (registry.k8s.io). Validation: Maximum length: 512 | No |
featureGatesmap[string]bool | featureGates enabled by the user. | No |
certificateValidityPeriodDaysint32 | certificateValidityPeriodDays specifies the validity period for non-CA certificates generated by kubeadm. If not specified, kubeadm will use a default of 365 days (1 year). This field is only supported with Kubernetes v1.31 or above. Validation: Minimum: 1 | No |
caCertificateValidityPeriodDaysint32 | caCertificateValidityPeriodDays specifies the validity period for CA certificates generated by Cluster API. If not specified, Cluster API will use a default of 3650 days (10 years). This field cannot be modified. Validation: Minimum: 1 | No |
encryptionAlgorithmEncryptionAlgorithmType | encryptionAlgorithm holds the type of asymmetric encryption algorithm used for keys and certificates. Can be one of "RSA-2048", "RSA-3072", "RSA-4096", "ECDSA-P256" or "ECDSA-P384". For Kubernetes 1.34 or above, "ECDSA-P384" is supported. If not specified, Cluster API will use RSA-2048 as default. When this field is modified every certificate generated afterward will use the new encryptionAlgorithm. Existing CA certificates and service account keys are not rotated. This field is only supported with Kubernetes v1.31 or above. | No |
DiskSetup
DiskSetup defines input for generated disk_setup and fs_setup in cloud-init.
Appears in: KubeadmConfigSpec
| Field | Description | Required |
|---|---|---|
partitions[]Partition | partitions specifies the list of the partitions to setup. Validation: Maximum items: 100 | No |
filesystems[]Filesystem | filesystems specifies the list of file systems to setup. Validation: Maximum items: 100 | No |
File
File defines the input for generating write_files in cloud-init.
Appears in: KubeadmConfigSpec
| Field | Description | Required |
|---|---|---|
pathstring | path specifies the full path on disk where to store the file. Validation: Minimum length: 1 | No |
ownerstring | owner specifies the ownership of the file, e.g. "root:root". Validation: Minimum length: 1 | No |
permissionsstring | permissions specifies the permissions to assign to the file, e.g. "0640". Validation: Minimum length: 1 | No |
encodingEncoding | encoding specifies the encoding of the file contents. | No |
appendbool | append specifies whether to append Content to existing file if Path exists. | No |
contentstring | content is the actual content of the file. Validation: Minimum length: 1 | No |
contentFromFileSource | contentFrom is a referenced source of content to populate the file. | No |
Format
Format specifies the output format of the bootstrap data
Appears in: KubeadmConfigSpec
IgnitionSpec
IgnitionSpec contains Ignition specific configuration.
Appears in: KubeadmConfigSpec
| Field | Description | Required |
|---|---|---|
containerLinuxConfigContainerLinuxConfig | containerLinuxConfig contains CLC specific configuration. | No |
InitConfiguration
InitConfiguration contains a list of elements that is specific "kubeadm init"-only runtime information.
Appears in: KubeadmConfigSpec
| Field | Description | Required |
|---|---|---|
bootstrapTokens[]BootstrapToken | bootstrapTokens is respected at kubeadm init time and describes a set of Bootstrap Tokens to create. This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive natureValidation: Minimum items: 1 | No |
nodeRegistrationNodeRegistrationOptions | nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. When used in the context of control plane nodes, NodeRegistration should remain consistent across both InitConfiguration and JoinConfiguration | No |
localAPIEndpointAPIEndpoint | localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process fails you may set the desired value here. | No |
skipPhases[]string | skipPhases is a list of phases to skip during command execution. The list of phases can be obtained with the "kubeadm init --help" command. This option takes effect only on Kubernetes ≥1.22.0. Validation: items:MinLength: 1 | No |
patchesPatches | patches contains options related to applying patches to components deployed by kubeadm during "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22 | No |
timeoutsTimeouts | timeouts holds various timeouts that apply to kubeadm commands. | No |
JoinConfiguration
JoinConfiguration contains elements describing a particular node.
Appears in: KubeadmConfigSpec
| Field | Description | Required |
|---|---|---|
nodeRegistrationNodeRegistrationOptions | nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. When used in the context of control plane nodes, NodeRegistration should remain consistent across both InitConfiguration and JoinConfiguration | No |
caCertPathstring | caCertPath is the path to the SSL certificate authority used to secure communications between node and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". TODO: revisit when there is defaulting from k/k Validation: Minimum length: 1 | No |
discoveryDiscovery | discovery specifies the options for the kubelet to use during the TLS Bootstrap process TODO: revisit when there is defaulting from k/k | No |
controlPlaneJoinControlPlane | controlPlane defines the additional control plane instance to be deployed on the joining node. If nil, no additional control plane instance will be deployed. | No |
skipPhases[]string | skipPhases is a list of phases to skip during command execution. The list of phases can be obtained with the "kubeadm init --help" command. This option takes effect only on Kubernetes ≥1.22.0. Validation: Minimum items: 1 | No |
patchesPatches | patches contains options related to applying patches to components deployed by kubeadm during "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22 | No |
timeoutsTimeouts | timeouts holds various timeouts that apply to kubeadm commands. | No |
KubeadmConfigDeprecatedStatus
KubeadmConfigDeprecatedStatus groups all the status fields that are deprecated and will be removed in a future version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.
Appears in: KubeadmConfigStatus
| Field | Description | Required |
|---|---|---|
v1beta1KubeadmConfigV1Beta1DeprecatedStatus | v1beta1 groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped. | No |
KubeadmConfigInitializationStatus
KubeadmConfigInitializationStatus provides observations of the KubeadmConfig initialization process.
Appears in: KubeadmConfigStatus
| Field | Description | Required |
|---|---|---|
dataSecretCreatedbool | dataSecretCreated is true when the Machine's boostrap secret is created. NOTE: this field is part of the Cluster API contract, and it is used to orchestrate initial Machine provisioning. | No |
KubeadmConfigTemplateResource
KubeadmConfigTemplateResource defines the Template structure.
Appears in: KubeadmConfigTemplateSpec
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specKubeadmConfigSpec | spec is the desired state of KubeadmConfig. | No |
MountPoints
MountPoints defines input for generated mounts in cloud-init.
Appears in: KubeadmConfigSpec
NTP
NTP defines input for generated ntp in cloud-init.
Appears in: KubeadmConfigSpec
| Field | Description | Required |
|---|---|---|
servers[]string | servers specifies which NTP servers to use Validation: Maximum items: 100 | No |
enabledbool | enabled specifies whether NTP should be enabled | No |
User
User defines the input for a generated user in cloud-init.
Appears in: KubeadmConfigSpec
| Field | Description | Required |
|---|---|---|
namestring | name specifies the user name Validation: Minimum length: 1 | No |
gecosstring | gecos specifies the gecos to use for the user Validation: Maximum length: 256 | No |
groupsstring | groups specifies the additional groups for the user Validation: Minimum length: 1 | No |
homeDirstring | homeDir specifies the home directory to use for the user Validation: Minimum length: 1 | No |
inactivebool | inactive specifies whether to mark the user as inactive | No |
shellstring | shell specifies the user's shell Validation: Minimum length: 1 | No |
passwdstring | passwd specifies a hashed password for the user Validation: Minimum length: 1 | No |
passwdFromPasswdSource | passwdFrom is a referenced source of passwd to populate the passwd. | No |
primaryGroupstring | primaryGroup specifies the primary group for the user Validation: Minimum length: 1 | No |
lockPasswordbool | lockPassword specifies if password login should be disabled | No |
sudostring | sudo specifies a sudo role for the user Validation: Minimum length: 1 | No |
sshAuthorizedKeys[]string | sshAuthorizedKeys specifies a list of ssh authorized keys for the user Validation: Maximum items: 100 | No |
APIEndpoint
APIEndpoint struct contains elements of API server instance deployed on a node.
Appears in: InitConfiguration, JoinControlPlane
| Field | Description | Required |
|---|---|---|
advertiseAddressstring | advertiseAddress sets the IP address for the API server to advertise. Validation: Minimum length: 1 | No |
bindPortint32 | bindPort sets the secure port for the API Server to bind to. Defaults to 6443. Validation: Minimum: 1 | No |
APIServer
APIServer holds settings necessary for API server deployments in the cluster.
Appears in: ClusterConfiguration
| Field | Description | Required |
|---|---|---|
extraArgs[]Arg | extraArgs is a list of args to pass to the control plane component. The arg name must match the command line flag name except without leading dash(es). Extra arguments will override existing default arguments set by kubeadm. Validation: Minimum items: 1 | No |
extraVolumes[]HostPathMount | extraVolumes is an extra set of host volumes, mounted to the control plane component. Validation: Minimum items: 1 | No |
extraEnvs[]EnvVar | extraEnvs is an extra set of environment variables to pass to the control plane component. Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. This option takes effect only on Kubernetes ≥1.31.0. Validation: Minimum items: 1 | No |
certSANs[]string | certSANs sets extra Subject Alternative Names for the API Server signing cert. Validation: Minimum items: 1 | No |
BootstrapToken
BootstrapToken describes one bootstrap token, stored as a Secret in the cluster.
Appears in: InitConfiguration
| Field | Description | Required |
|---|---|---|
tokenBootstrapTokenString | token is used for establishing bidirectional trust between nodes and control-planes. Used for joining nodes in the cluster. | No |
descriptionstring | description sets a human-friendly message why this token exists and what it's used for, so other administrators can know its purpose. Validation: Minimum length: 1 | No |
ttlSecondsint32 | ttlSeconds defines the time to live for this token. Defaults to 24h. Expires and ttlSeconds are mutually exclusive. Validation: Minimum: 0 | No |
expiresTime | expires specifies the timestamp when this token expires. Defaults to being set dynamically at runtime based on the ttlSeconds. Expires and ttlSeconds are mutually exclusive. | No |
usages[]string | usages describes the ways in which this token can be used. Can by default be used for establishing bidirectional trust, but that can be changed here. Validation: items:MaxLength: 256 | No |
groups[]string | groups specifies the extra groups that this token will authenticate as when/if used for authentication Validation: items:MinLength: 1 | No |
ContainerLinuxConfig
ContainerLinuxConfig contains CLC-specific configuration.
We use a structured type here to allow adding additional fields, for example 'version'.
Appears in: IgnitionSpec
| Field | Description | Required |
|---|---|---|
additionalConfigstring | additionalConfig contains additional configuration to be merged with the Ignition configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ Validation: Minimum length: 1 | No |
strictbool | strict controls if AdditionalConfig should be strictly parsed. If so, warnings are treated as errors. | No |
ControllerManager
ControllerManager holds settings necessary for controller-manager deployments in the cluster.
Appears in: ClusterConfiguration
| Field | Description | Required |
|---|---|---|
extraArgs[]Arg | extraArgs is a list of args to pass to the control plane component. The arg name must match the command line flag name except without leading dash(es). Extra arguments will override existing default arguments set by kubeadm. Validation: Minimum items: 1 | No |
extraVolumes[]HostPathMount | extraVolumes is an extra set of host volumes, mounted to the control plane component. Validation: Maximum items: 100 | No |
extraEnvs[]EnvVar | extraEnvs is an extra set of environment variables to pass to the control plane component. Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. This option takes effect only on Kubernetes ≥1.31.0. Validation: Maximum items: 100 | No |
DNS
DNS defines the DNS addon that should be used in the cluster.
Appears in: ClusterConfiguration
| Field | Description | Required |
|---|---|---|
imageRepositorystring | imageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead. Validation: Minimum length: 1 | No |
imageTagstring | imageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. Validation: Minimum length: 1 | No |
Discovery
Discovery specifies the options for the kubelet to use during the TLS Bootstrap process.
Appears in: JoinConfiguration
| Field | Description | Required |
|---|---|---|
bootstrapTokenBootstrapTokenDiscovery | bootstrapToken is used to set the options for bootstrap token based discovery BootstrapToken and File are mutually exclusive | No |
fileFileDiscovery | file is used to specify a file or URL to a kubeconfig file from which to load cluster information BootstrapToken and File are mutually exclusive | No |
tlsBootstrapTokenstring | tlsBootstrapToken is a token used for TLS bootstrapping. If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information Validation: Minimum length: 1 | No |
Encoding
Encoding specifies the cloud-init file encoding.
Appears in: File
EncryptionAlgorithmType
EncryptionAlgorithmType can define an asymmetric encryption algorithm type.
Appears in: ClusterConfiguration
Etcd
Etcd contains elements describing Etcd configuration.
Appears in: ClusterConfiguration
| Field | Description | Required |
|---|---|---|
localLocalEtcd | local provides configuration knobs for configuring the local etcd instance Local and External are mutually exclusive | No |
externalExternalEtcd | external describes how to connect to an external etcd cluster Local and External are mutually exclusive | No |
FileSource
FileSource is a union of all possible external source types for file data. Only one field may be populated in any given instance. Developers adding new sources of data for target systems should add them here.
Appears in: File
| Field | Description | Required |
|---|---|---|
secretSecretFileSource | secret represents a secret that should populate this file. | No |
Filesystem
Filesystem defines the file systems to be created.
Appears in: DiskSetup
| Field | Description | Required |
|---|---|---|
devicestring | device specifies the device name Validation: Minimum length: 1 | No |
filesystemstring | filesystem specifies the file system type. Validation: Minimum length: 1 | No |
labelstring | label specifies the file system label to be used. If set to None, no label is used. Validation: Minimum length: 1 | No |
partitionstring | partition specifies the partition to use. The valid options are: "auto|any", "auto", "any", "none", and <NUM>, where NUM is the actual partition number. Validation: Minimum length: 1 | No |
overwritebool | overwrite defines whether or not to overwrite any existing filesystem. If true, any pre-existing file system will be destroyed. Use with Caution. | No |
replaceFSstring | replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>. NOTE: unless you define a label, this requires the use of the 'any' partition directive. Validation: Minimum length: 1 | No |
extraOpts[]string | extraOpts defined extra options to add to the command for creating the file system. Validation: Maximum items: 100 | No |
JoinControlPlane
JoinControlPlane contains elements describing an additional control plane instance to be deployed on the joining node.
Appears in: JoinConfiguration
| Field | Description | Required |
|---|---|---|
localAPIEndpointAPIEndpoint | localAPIEndpoint represents the endpoint of the API server instance to be deployed on this node. | No |
KubeadmConfigV1Beta1DeprecatedStatus
KubeadmConfigV1Beta1DeprecatedStatus groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.
Appears in: KubeadmConfigDeprecatedStatus
| Field | Description | Required |
|---|---|---|
conditionsConditions | conditions defines current service state of the KubeadmConfig. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. | No |
failureReasonstring | failureReason will be set on non-retryable errors Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. Validation: Minimum length: 1 | No |
failureMessagestring | failureMessage will be set on non-retryable errors Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. Validation: Minimum length: 1 | No |
NodeRegistrationOptions
NodeRegistrationOptions holds fields that relate to registering a new control-plane or node to the cluster, either via "kubeadm init" or "kubeadm join". Note: The NodeRegistrationOptions struct has to be kept in sync with the structs in MarshalJSON.
Appears in: InitConfiguration, JoinConfiguration
| Field | Description | Required |
|---|---|---|
namestring | name is the .Metadata.Name field of the Node API object that will be created in this kubeadm init or kubeadm join operation. This field is also used in the CommonName field of the kubelet's client certificate to the API server. Defaults to the hostname of the node if not provided.Validation: Minimum length: 1 | No |
criSocketstring | criSocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use Validation: Minimum length: 1 | No |
taints[]Taint | taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the kubeadm init process it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an empty slice, i.e. taints: [] in the YAML file. This field is solely used for Node registration.Validation: Minimum items: 0 | No |
kubeletExtraArgs[]Arg | kubeletExtraArgs is a list of args to pass to kubelet. The arg name must match the command line flag name except without leading dash(es). Extra arguments will override existing default arguments set by kubeadm. Validation: Minimum items: 1 | No |
ignorePreflightErrors[]string | ignorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered, e.g. 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks. Validation: Minimum items: 1 | No |
imagePullPolicyPullPolicy | imagePullPolicy specifies the policy for image pulling during kubeadm "init" and "join" operations. The value of this field must be one of "Always", "IfNotPresent" or "Never". Defaults to "IfNotPresent" if not set. Validation: Allowed values: | No |
imagePullSerialbool | imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. This option takes effect only on Kubernetes ≥1.31.0. Default: true (defaulted in kubeadm) | No |
Partition
Partition defines how to create and layout a partition.
Appears in: DiskSetup
| Field | Description | Required |
|---|---|---|
devicestring | device is the name of the device. Validation: Minimum length: 1 | No |
layoutbool | layout specifies the device layout. If it is true, a single partition will be created for the entire device. When layout is false, it means don't partition or ignore existing partitioning. Mutually exclusive with diskLayout. | No |
overwritebool | overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. Use with caution. Default is 'false'. | No |
tableTypestring | tableType specifies the tupe of partition table. The following are supported: 'mbr': default and setups a MS-DOS partition table 'gpt': setups a GPT partition table Validation: Allowed values: | No |
diskLayout[]PartitionSpec | diskLayout specifies an ordered list of partitions, where each item defines the percentage of disk space and optional partition type for that partition. The sum of all partition percentages must not be greater than 100. Mutually exclusive with layout. Validation: Minimum items: 1 | No |
PasswdSource
PasswdSource is a union of all possible external source types for passwd data. Only one field may be populated in any given instance. Developers adding new sources of data for target systems should add them here.
Appears in: User
| Field | Description | Required |
|---|---|---|
secretSecretPasswdSource | secret represents a secret that should populate this password. | No |
Patches
Patches contains options related to applying patches to components deployed by kubeadm.
Appears in: InitConfiguration, JoinConfiguration
| Field | Description | Required |
|---|---|---|
directorystring | directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically. These files can be written into the target directory via KubeadmConfig.Files which specifies additional files to be created on the machine, either with content inline or by referencing a secret. Validation: Minimum length: 1 | No |
Scheduler
Scheduler holds settings necessary for scheduler deployments in the cluster.
Appears in: ClusterConfiguration
| Field | Description | Required |
|---|---|---|
extraArgs[]Arg | extraArgs is a list of args to pass to the control plane component. The arg name must match the command line flag name except without leading dash(es). Extra arguments will override existing default arguments set by kubeadm. Validation: Minimum items: 1 | No |
extraVolumes[]HostPathMount | extraVolumes is an extra set of host volumes, mounted to the control plane component. Validation: Minimum items: 1 | No |
extraEnvs[]EnvVar | extraEnvs is an extra set of environment variables to pass to the control plane component. Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. This option takes effect only on Kubernetes ≥1.31.0. Validation: Minimum items: 1 | No |
Timeouts
Timeouts holds various timeouts that apply to kubeadm commands.
Appears in: InitConfiguration, JoinConfiguration
| Field | Description | Required |
|---|---|---|
controlPlaneComponentHealthCheckSecondsint32 | controlPlaneComponentHealthCheckSeconds is the amount of time to wait for a control plane component, such as the API server, to be healthy during "kubeadm init" and "kubeadm join". If not set, it defaults to 4m (240s). Validation: Minimum: 0 | No |
kubeletHealthCheckSecondsint32 | kubeletHealthCheckSeconds is the amount of time to wait for the kubelet to be healthy during "kubeadm init" and "kubeadm join". If not set, it defaults to 4m (240s). Validation: Minimum: 0 | No |
kubernetesAPICallSecondsint32 | kubernetesAPICallSeconds is the amount of time to wait for the kubeadm client to complete a request to the API server. This applies to all types of methods (GET, POST, etc). If not set, it defaults to 1m (60s). Validation: Minimum: 0 | No |
etcdAPICallSecondsint32 | etcdAPICallSeconds is the amount of time to wait for the kubeadm etcd client to complete a request to the etcd cluster. If not set, it defaults to 2m (120s). Validation: Minimum: 0 | No |
tlsBootstrapSecondsint32 | tlsBootstrapSeconds is the amount of time to wait for the kubelet to complete TLS bootstrap for a joining node. If not set, it defaults to 5m (300s). Validation: Minimum: 0 | No |
discoverySecondsint32 | discoverySeconds is the amount of time to wait for kubeadm to validate the API server identity for a joining node. If not set, it defaults to 5m (300s). Validation: Minimum: 0 | No |
Arg
Arg represents an argument with a name and a value.
Appears in: APIServer, ControllerManager, LocalEtcd, NodeRegistrationOptions, Scheduler
| Field | Description | Required |
|---|---|---|
namestring | name is the Name of the extraArg. Validation: Minimum length: 1 | No |
valuestring | value is the Value of the extraArg. Validation: Minimum length: 0 | No |
BootstrapTokenDiscovery
BootstrapTokenDiscovery is used to set the options for bootstrap token based discovery.
Appears in: Discovery
| Field | Description | Required |
|---|---|---|
tokenstring | token is a token used to validate cluster information fetched from the control-plane. Validation: Minimum length: 1 | No |
apiServerEndpointstring | apiServerEndpoint is an IP or domain name to the API server from which info will be fetched. Validation: Minimum length: 1 | No |
caCertHashes[]string | caCertHashes specifies a set of public key pins to verify when token-based discovery is used. The root CA found during discovery must match one of these values. Specifying an empty set disables root CA pinning, which can be unsafe. Each hash is specified as "<type>:<value>", where the only currently supported type is "sha256". This is a hex-encoded SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded ASN.1. These hashes can be calculated using, for example, OpenSSL: openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex Validation: Maximum items: 100 | No |
unsafeSkipCAVerificationbool | unsafeSkipCAVerification allows token-based discovery without CA verification via CACertHashes. This can weaken the security of kubeadm since other nodes can impersonate the control-plane. | No |
BootstrapTokenString
BootstrapTokenString is a token of the format abcdef.abcdef0123456789 that is used for both validation of the practically of the API server from a joining node's point of view and as an authentication method for the node in the bootstrap phase of "kubeadm join". This token is and should be short-lived.
Appears in: BootstrapToken
EnvVar
EnvVar represents an environment variable present in a Container.
Appears in: APIServer, ControllerManager, EnvVar, LocalEtcd, Scheduler
ExternalEtcd
ExternalEtcd describes an external etcd cluster. Kubeadm has no knowledge of where certificate files live and they must be supplied.
Appears in: Etcd
| Field | Description | Required |
|---|---|---|
endpoints[]string | endpoints of etcd members. Required for ExternalEtcd. Validation: Maximum items: 50 | No |
caFilestring | caFile is an SSL Certificate Authority file used to secure etcd communication. Required if using a TLS connection. Validation: Minimum length: 1 | No |
certFilestring | certFile is an SSL certification file used to secure etcd communication. Required if using a TLS connection. Validation: Minimum length: 1 | No |
keyFilestring | keyFile is an SSL key file used to secure etcd communication. Required if using a TLS connection. Validation: Minimum length: 1 | No |
FileDiscovery
FileDiscovery is used to specify a file or URL to a kubeconfig file from which to load cluster information.
Appears in: Discovery
| Field | Description | Required |
|---|---|---|
kubeConfigPathstring | kubeConfigPath is used to specify the actual file path or URL to the kubeconfig file from which to load cluster information Validation: Minimum length: 1 | No |
kubeConfigFileDiscoveryKubeConfig | kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information. The file is generated at the path specified in KubeConfigPath. Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint. Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret. | No |
HostPathMount
HostPathMount contains elements describing volumes that are mounted from the host.
Appears in: APIServer, ControllerManager, Scheduler
| Field | Description | Required |
|---|---|---|
namestring | name of the volume inside the pod template. Validation: Minimum length: 1 | No |
hostPathstring | hostPath is the path in the host that will be mounted inside the pod. Validation: Minimum length: 1 | No |
mountPathstring | mountPath is the path inside the pod where hostPath will be mounted. Validation: Minimum length: 1 | No |
readOnlybool | readOnly controls write access to the volume | No |
pathTypeHostPathType | pathType is the type of the HostPath. | No |
LocalEtcd
LocalEtcd describes that kubeadm should run an etcd cluster locally.
Appears in: Etcd
| Field | Description | Required |
|---|---|---|
imageRepositorystring | imageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead. Validation: Minimum length: 1 | No |
imageTagstring | imageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. Validation: Maximum length: 256 | No |
dataDirstring | dataDir is the directory etcd will place its data. Defaults to "/var/lib/etcd". Validation: Maximum length: 512 | No |
extraArgs[]Arg | extraArgs is a list of args to pass to etcd. The arg name must match the command line flag name except without leading dash(es). Extra arguments will override existing default arguments set by kubeadm. Validation: Minimum items: 1 | No |
extraEnvs[]EnvVar | extraEnvs is an extra set of environment variables to pass to etcd. Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. This option takes effect only on Kubernetes ≥1.31.0. Validation: Minimum items: 1 | No |
serverCertSANs[]string | serverCertSANs sets extra Subject Alternative Names for the etcd server signing cert. Validation: Minimum items: 1 | No |
peerCertSANs[]string | peerCertSANs sets extra Subject Alternative Names for the etcd peer signing cert. Validation: Minimum items: 1 | No |
PartitionSpec
PartitionSpec defines the size and optional type for a partition.
Appears in: Partition
| Field | Description | Required |
|---|---|---|
percentageint32 | percentage of disk that partition will take (1-100) Validation: Minimum: 1 | No |
partitionTypestring | partitionType is the partition type (optional). Supported values are Linux, LinuxSwap, LinuxRAID, LVM, Fat32, NTFS, and LinuxExtended. These are translated to cloud-init partition type codes. A full GPT partition GUID is also supported as a passthrough value. Validation: Minimum length: 1 | No |
SecretFileSource
SecretFileSource adapts a Secret into a FileSource.
The contents of the target Secret's Data field will be presented as files using the keys in the Data field as the file names.
Appears in: FileSource
| Field | Description | Required |
|---|---|---|
namestring | name of the secret in the KubeadmBootstrapConfig's namespace to use. Validation: Minimum length: 1 | No |
keystring | key is the key in the secret's data map for this value. Validation: Minimum length: 1 | No |
SecretPasswdSource
SecretPasswdSource adapts a Secret into a PasswdSource.
The contents of the target Secret's Data field will be presented as passwd using the keys in the Data field as the file names.
Appears in: PasswdSource
| Field | Description | Required |
|---|---|---|
namestring | name of the secret in the KubeadmBootstrapConfig's namespace to use. Validation: Minimum length: 1 | No |
keystring | key is the key in the secret's data map for this value. Validation: Minimum length: 1 | No |
FileDiscoveryKubeConfig
FileDiscoveryKubeConfig contains elements describing how to generate the kubeconfig for bootstrapping.
Appears in: FileDiscovery
| Field | Description | Required |
|---|---|---|
clusterKubeConfigCluster | cluster contains information about how to communicate with the kubernetes cluster. By default the following fields are automatically populated:
| No |
userKubeConfigUser | user contains information that describes identity information. This is used to tell the kubernetes cluster who you are. | No |
KubeConfigCluster
KubeConfigCluster contains information about how to communicate with a kubernetes cluster.
Adapted from clientcmdv1.Cluster.
Appears in: FileDiscoveryKubeConfig
| Field | Description | Required |
|---|---|---|
serverstring | server is the address of the kubernetes cluster (https://hostname:port). Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint. Validation: Minimum length: 1 | No |
tlsServerNamestring | tlsServerName is used to check server certificate. If TLSServerName is empty, the hostname used to contact the server is used. Validation: Minimum length: 1 | No |
insecureSkipTLSVerifybool | insecureSkipTLSVerify skips the validity check for the server's certificate. This will make your HTTPS connections insecure. | No |
certificateAuthorityData[]byte | certificateAuthorityData contains PEM-encoded certificate authority certificates. Defaults to the Cluster's CA certificate if empty. Validation: Minimum length: 1 | No |
proxyURLstring | proxyURL is the URL to the proxy to be used for all requests made by this client. URLs with "http", "https", and "socks5" schemes are supported. If this configuration is not provided or the empty string, the client attempts to construct a proxy configuration from http_proxy and https_proxy environment variables. If these environment variables are not set, the client does not attempt to proxy requests. socks5 proxying does not currently support spdy streaming endpoints (exec, attach, port forward). Validation: Minimum length: 1 | No |
KubeConfigUser
KubeConfigUser contains information that describes identity information. This is used to tell the kubernetes cluster who you are.
Either authProvider or exec must be filled.
Adapted from clientcmdv1.AuthInfo.
Appears in: FileDiscoveryKubeConfig
| Field | Description | Required |
|---|---|---|
authProviderKubeConfigAuthProvider | authProvider specifies a custom authentication plugin for the kubernetes cluster. | No |
execKubeConfigAuthExec | exec specifies a custom exec-based authentication plugin for the kubernetes cluster. | No |
KubeConfigAuthExec
KubeConfigAuthExec specifies a command to provide client credentials. The command is exec'd and outputs structured stdout holding credentials.
See the client.authentication.k8s.io API group for specifications of the exact input and output format.
Appears in: KubeConfigUser
| Field | Description | Required |
|---|---|---|
commandstring | command to execute. Validation: Minimum length: 1 | No |
args[]string | args is the arguments to pass to the command when executing it. Validation: Maximum items: 100 | No |
env[]KubeConfigAuthExecEnv | env defines additional environment variables to expose to the process. These are unioned with the host's environment, as well as variables client-go uses to pass argument to the plugin. Validation: Minimum items: 1 | No |
apiVersionstring | apiVersion is preferred input version of the ExecInfo. The returned ExecCredentials MUST use the same encoding version as the input. Defaults to client.authentication.k8s.io/v1 if not set. Validation: Minimum length: 1 | No |
provideClusterInfobool | provideClusterInfo determines whether or not to provide cluster information, which could potentially contain very large CA data, to this exec plugin as a part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for reading this environment variable. | No |
KubeConfigAuthProvider
KubeConfigAuthProvider holds the configuration for a specified auth provider.
Appears in: KubeConfigUser
| Field | Description | Required |
|---|---|---|
namestring | name is the name of the authentication plugin. Validation: Minimum length: 1 | No |
configmap[string]string | config holds the parameters for the authentication plugin. | No |
KubeConfigAuthExecEnv
KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based credential plugin.
Appears in: KubeConfigAuthExec
| Field | Description | Required |
|---|---|---|
namestring | name of the environment variable Validation: Minimum length: 1 | No |
valuestring | value of the environment variable Validation: Minimum length: 1 | No |
cluster.x-k8s.io/v1beta1
Resource Types:
Cluster
Cluster is the Schema for the clusters API.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specClusterSpec | spec is the desired state of Cluster. | No |
statusClusterStatus | status is the observed state of Cluster. | No |
ClusterClass
ClusterClass is a template which can be used to create managed topologies.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specClusterClassSpec | spec is the desired state of ClusterClass. | No |
statusClusterClassStatus | status is the observed state of ClusterClass. | No |
Machine
Machine is the Schema for the machines API.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specMachineSpec | spec is the desired state of Machine. | No |
statusMachineStatus | status is the observed state of Machine. | No |
MachineDeployment
MachineDeployment is the Schema for the machinedeployments API.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specMachineDeploymentSpec | spec is the desired state of MachineDeployment. | No |
statusMachineDeploymentStatus | status is the observed state of MachineDeployment. | No |
MachineDrainRule
MachineDrainRule is the Schema for the MachineDrainRule API.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | Yes |
specMachineDrainRuleSpec | spec defines the spec of a MachineDrainRule. | Yes |
MachineHealthCheck
MachineHealthCheck is the Schema for the machinehealthchecks API.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specMachineHealthCheckSpec | spec is the specification of machine health check policy | No |
statusMachineHealthCheckStatus | status is the most recently observed status of MachineHealthCheck resource | No |
MachineSet
MachineSet is the Schema for the machinesets API.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specMachineSetSpec | spec is the desired state of MachineSet. | No |
statusMachineSetStatus | status is the observed state of MachineSet. | No |
ClusterClassSpec
ClusterClassSpec describes the desired state of the ClusterClass.
Appears in: ClusterClass
| Field | Description | Required |
|---|---|---|
availabilityGates[]ClusterAvailabilityGate | availabilityGates specifies additional conditions to include when evaluating Cluster Available condition. NOTE: this field is considered only for computing v1beta2 conditions. NOTE: If a Cluster is using this ClusterClass, and this Cluster defines a custom list of availabilityGates, such list overrides availabilityGates defined in this field. Validation: Maximum items: 32 | No |
infrastructureLocalObjectTemplate | infrastructure is a reference to a provider-specific template that holds the details for provisioning infrastructure specific cluster for the underlying provider. The underlying provider is responsible for the implementation of the template to an infrastructure cluster. | No |
infrastructureNamingStrategyInfrastructureNamingStrategy | infrastructureNamingStrategy allows changing the naming pattern used when creating the infrastructure object. | No |
controlPlaneControlPlaneClass | controlPlane is a reference to a local struct that holds the details for provisioning the Control Plane for the Cluster. | No |
workersWorkersClass | workers describes the worker nodes for the cluster. It is a collection of node types which can be used to create the worker nodes of the cluster. | No |
variables[]ClusterClassVariable | variables defines the variables which can be configured in the Cluster topology and are then used in patches. Validation: Maximum items: 1000 | No |
patches[]ClusterClassPatch | patches defines the patches which are applied to customize referenced templates of a ClusterClass. Note: Patches will be applied in the order of the array. Validation: Maximum items: 1000 | No |
upgradeClusterClassUpgrade | upgrade defines the upgrade configuration for clusters using this ClusterClass. | No |
kubernetesVersions[]string | kubernetesVersions is the list of Kubernetes versions that can be used for clusters using this ClusterClass. The list of version must be ordered from the older to the newer version, and there should be at least one version for every minor in between the first and the last version. Validation: Maximum items: 100 | No |
ClusterClassStatus
ClusterClassStatus defines the observed state of the ClusterClass.
Appears in: ClusterClass
| Field | Description | Required |
|---|---|---|
variables[]ClusterClassStatusVariable | variables is a list of ClusterClassStatusVariable that are defined for the ClusterClass. Validation: Maximum items: 1000 | No |
conditionsConditions | conditions defines current observed state of the ClusterClass. | No |
observedGenerationint64 | observedGeneration is the latest generation observed by the controller. | No |
v1beta2ClusterClassV1Beta2Status | v1beta2 groups all the fields that will be added or modified in ClusterClass's status with the V1Beta2 version. | No |
ClusterSpec
ClusterSpec defines the desired state of Cluster.
Appears in: Cluster
| Field | Description | Required |
|---|---|---|
pausedbool | paused can be used to prevent controllers from processing the Cluster and all its associated objects. | No |
clusterNetworkClusterNetwork | clusterNetwork represents the cluster network configuration. | No |
controlPlaneEndpointAPIEndpoint | controlPlaneEndpoint represents the endpoint used to communicate with the control plane. | No |
controlPlaneRefObjectReference | controlPlaneRef is an optional reference to a provider-specific resource that holds the details for provisioning the Control Plane for a Cluster. | No |
infrastructureRefObjectReference | infrastructureRef is a reference to a provider-specific resource that holds the details for provisioning infrastructure for a cluster in said provider. | No |
topologyTopology | topology encapsulates the topology for the cluster. NOTE: It is required to enable the ClusterTopology feature gate flag to activate managed topologies support. | No |
availabilityGates[]ClusterAvailabilityGate | availabilityGates specifies additional conditions to include when evaluating Cluster Available condition. If this field is not defined and the Cluster implements a managed topology, availabilityGates from the corresponding ClusterClass will be used, if any. NOTE: this field is considered only for computing v1beta2 conditions. Validation: Maximum items: 32 | No |
ClusterStatus
ClusterStatus defines the observed state of Cluster.
Appears in: Cluster
| Field | Description | Required |
|---|---|---|
failureDomainsFailureDomains | failureDomains is a slice of failure domain objects synced from the infrastructure provider. | No |
failureReasonClusterStatusError | failureReason indicates that there is a fatal problem reconciling the state, and will be set to a token value suitable for programmatic interpretation. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. | No |
failureMessagestring | failureMessage indicates that there is a fatal problem reconciling the state, and will be set to a descriptive error message. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. Validation: Minimum length: 1 | No |
phasestring | phase represents the current phase of cluster actuation. Validation: Allowed values: | No |
infrastructureReadybool | infrastructureReady is the state of the infrastructure provider. | No |
controlPlaneReadybool | controlPlaneReady denotes if the control plane became ready during initial provisioning to receive requests. NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning. The value of this field is never updated after provisioning is completed. Please use conditions to check the operational state of the control plane. | No |
conditionsConditions | conditions defines current service state of the cluster. | No |
observedGenerationint64 | observedGeneration is the latest generation observed by the controller. | No |
v1beta2ClusterV1Beta2Status | v1beta2 groups all the fields that will be added or modified in Cluster's status with the V1Beta2 version. | No |
MachineDeploymentSpec
MachineDeploymentSpec defines the desired state of MachineDeployment.
Appears in: MachineDeployment
| Field | Description | Required |
|---|---|---|
clusterNamestring | clusterName is the name of the Cluster this object belongs to. Validation: Minimum length: 1 | Yes |
replicasint32 | replicas is the number of desired machines. This is a pointer to distinguish between explicit zero and not specified. Defaults to: * if the Kubernetes autoscaler min size and max size annotations are set:
| No |
rolloutAfterTime | rolloutAfter is a field to indicate a rollout should be performed after the specified time even if no changes have been made to the MachineDeployment. Example: In the YAML the time can be specified in the RFC3339 format. To specify the rolloutAfter target as March 9, 2023, at 9 am UTC use "2023-03-09T09:00:00Z". | No |
selectorLabelSelector | selector is the label selector for machines. Existing MachineSets whose machines are selected by this will be the ones affected by this deployment. It must match the machine template's labels. | Yes |
templateMachineTemplateSpec | template describes the machines that will be created. | Yes |
strategyMachineDeploymentStrategy | strategy is the deployment strategy to use to replace existing machines with new ones. | No |
machineNamingStrategyMachineNamingStrategy | machineNamingStrategy allows changing the naming pattern used when creating Machines. Note: InfraMachines & BootstrapConfigs will use the same name as the corresponding Machines. | No |
minReadySecondsint32 | minReadySeconds is the minimum number of seconds for which a Node for a newly created machine should be ready before considering the replica available. Defaults to 0 (machine will be considered available as soon as the Node is ready) | No |
revisionHistoryLimitint32 | revisionHistoryLimit is the number of old MachineSets to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1. Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/10479 for more details. | No |
pausedbool | paused indicates that the deployment is paused. | No |
progressDeadlineSecondsint32 | progressDeadlineSeconds is the maximum time in seconds for a deployment to make progress before it is considered to be failed. The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status. Note that progress will not be estimated during the time a deployment is paused. Defaults to 600s. Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/11470 for more details. | No |
MachineDeploymentStatus
MachineDeploymentStatus defines the observed state of MachineDeployment.
Appears in: MachineDeployment
| Field | Description | Required |
|---|---|---|
observedGenerationint64 | observedGeneration is the generation observed by the deployment controller. | No |
selectorstring | selector is the same as the label selector but in the string format to avoid introspection by clients. The string will be in the same format as the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors Validation: Minimum length: 1 | No |
replicasint32 | replicas is the total number of non-terminated machines targeted by this deployment (their labels match the selector). | No |
updatedReplicasint32 | updatedReplicas is the total number of non-terminated machines targeted by this deployment that have the desired template spec. | No |
readyReplicasint32 | readyReplicas is the total number of ready machines targeted by this deployment. | No |
availableReplicasint32 | availableReplicas is the total number of available machines (ready for at least minReadySeconds) targeted by this deployment. | No |
unavailableReplicasint32 | unavailableReplicas is the total number of unavailable machines targeted by this deployment. This is the total number of machines that are still required for the deployment to have 100% available capacity. They may either be machines that are running but not yet available or machines that still have not been created. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. | No |
phasestring | phase represents the current phase of a MachineDeployment (ScalingUp, ScalingDown, Running, Failed, or Unknown). Validation: Allowed values: | No |
conditionsConditions | conditions defines current service state of the MachineDeployment. | No |
v1beta2MachineDeploymentV1Beta2Status | v1beta2 groups all the fields that will be added or modified in MachineDeployment's status with the V1Beta2 version. | No |
MachineDrainRuleSpec
MachineDrainRuleSpec defines the spec of a MachineDrainRule.
Appears in: MachineDrainRule
| Field | Description | Required |
|---|---|---|
drainMachineDrainRuleDrainConfig | drain configures if and how Pods are drained. | Yes |
machines[]MachineDrainRuleMachineSelector | machines defines to which Machines this MachineDrainRule should be applied. If machines is not set, the MachineDrainRule applies to all Machines in the Namespace. If machines contains multiple selectors, the results are ORed. Within a single Machine selector the results of selector and clusterSelector are ANDed. Machines will be selected from all Clusters in the Namespace unless otherwise restricted with the clusterSelector. Example: Selects control plane Machines in all Clusters or Machines with label "os" == "linux" in Clusters with label "stage" == "production".
Validation: Minimum items: 1 | No |
pods[]MachineDrainRulePodSelector | pods defines to which Pods this MachineDrainRule should be applied. If pods is not set, the MachineDrainRule applies to all Pods in all Namespaces. If pods contains multiple selectors, the results are ORed. Within a single Pod selector the results of selector and namespaceSelector are ANDed. Pods will be selected from all Namespaces unless otherwise restricted with the namespaceSelector. Example: Selects Pods with label "app" == "logging" in all Namespaces or Pods with label "app" == "prometheus" in the "monitoring" Namespace.
Validation: Minimum items: 1 | No |
MachineHealthCheckSpec
MachineHealthCheckSpec defines the desired state of MachineHealthCheck.
Appears in: MachineHealthCheck
| Field | Description | Required |
|---|---|---|
clusterNamestring | clusterName is the name of the Cluster this object belongs to. Validation: Minimum length: 1 | Yes |
selectorLabelSelector | selector is a label selector to match machines whose health will be exercised | Yes |
unhealthyConditions[]UnhealthyCondition | unhealthyConditions contains a list of the conditions that determine whether a node is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy. Validation: Maximum items: 100 | No |
unhealthyMachineConditions[]UnhealthyMachineCondition | unhealthyMachineConditions contains a list of the machine conditions that determine whether a machine is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the machine is unhealthy. Validation: Maximum items: 100 | No |
maxUnhealthyIntOrString | maxUnhealthy specifies the maximum number of unhealthy machines allowed. Any further remediation is only allowed if at most "maxUnhealthy" machines selected by "selector" are not healthy. Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/10722 for more details. | No |
unhealthyRangestring | unhealthyRange specifies the range of unhealthy machines allowed. Any further remediation is only allowed if the number of machines selected by "selector" as not healthy is within the range of "unhealthyRange". Takes precedence over maxUnhealthy. Eg. "[3-5]" - This means that remediation will be allowed only when: (a) there are at least 3 unhealthy machines (and) (b) there are at most 5 unhealthy machines Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/10722 for more details. Validation: Minimum length: 1 | No |
nodeStartupTimeoutDuration | nodeStartupTimeout allows to set the maximum time for MachineHealthCheck to consider a Machine unhealthy if a corresponding Node isn't associated through a Spec.ProviderID field.The duration set in this field is compared to the greatest of:
Defaults to 10 minutes. If you wish to disable this feature, set the value explicitly to 0. | No |
remediationTemplateObjectReference | remediationTemplate is a reference to a remediation template provided by an infrastructure provider. This field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Cluster API. | No |
MachineHealthCheckStatus
MachineHealthCheckStatus defines the observed state of MachineHealthCheck.
Appears in: MachineHealthCheck
| Field | Description | Required |
|---|---|---|
expectedMachinesint32 | expectedMachines is the total number of machines counted by this machine health check Validation: Minimum: 0 | No |
currentHealthyint32 | currentHealthy is the total number of healthy machines counted by this machine health check Validation: Minimum: 0 | No |
remediationsAllowedint32 | remediationsAllowed is the number of further remediations allowed by this machine health check before maxUnhealthy short circuiting will be applied Validation: Minimum: 0 | No |
observedGenerationint64 | observedGeneration is the latest generation observed by the controller. | No |
targets[]string | targets shows the current list of machines the machine health check is watching Validation: Maximum items: 10000 | No |
conditionsConditions | conditions defines current service state of the MachineHealthCheck. | No |
v1beta2MachineHealthCheckV1Beta2Status | v1beta2 groups all the fields that will be added or modified in MachineHealthCheck's status with the V1Beta2 version. | No |
MachineSetSpec
MachineSetSpec defines the desired state of MachineSet.
Appears in: MachineSet
| Field | Description | Required |
|---|---|---|
clusterNamestring | clusterName is the name of the Cluster this object belongs to. Validation: Minimum length: 1 | Yes |
replicasint32 | replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified. Defaults to: * if the Kubernetes autoscaler min size and max size annotations are set:
| No |
minReadySecondsint32 | minReadySeconds is the minimum number of seconds for which a Node for a newly created machine should be ready before considering the replica available. Defaults to 0 (machine will be considered available as soon as the Node is ready) | No |
deletePolicystring | deletePolicy defines the policy used to identify nodes to delete when downscaling. Defaults to "Random". Valid values are "Random, "Newest", "Oldest" Validation: Allowed values: | No |
selectorLabelSelector | selector is a label query over machines that should match the replica count. Label keys and values that must match in order to be controlled by this MachineSet. It must match the machine template's labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors | Yes |
templateMachineTemplateSpec | template is the object that describes the machine that will be created if insufficient replicas are detected. Object references to custom resources are treated as templates. | No |
machineNamingStrategyMachineNamingStrategy | machineNamingStrategy allows changing the naming pattern used when creating Machines. Note: InfraMachines & BootstrapConfigs will use the same name as the corresponding Machines. | No |
MachineSetStatus
MachineSetStatus defines the observed state of MachineSet.
Appears in: MachineSet
| Field | Description | Required |
|---|---|---|
selectorstring | selector is the same as the label selector but in the string format to avoid introspection by clients. The string will be in the same format as the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors Validation: Minimum length: 1 | No |
replicasint32 | replicas is the most recently observed number of replicas. | No |
fullyLabeledReplicasint32 | fullyLabeledReplicas is the number of replicas that have labels matching the labels of the machine template of the MachineSet. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. | No |
readyReplicasint32 | readyReplicas is the number of ready replicas for this MachineSet. A machine is considered ready when the node has been created and is "Ready". | No |
availableReplicasint32 | availableReplicas is the number of available replicas (ready for at least minReadySeconds) for this MachineSet. | No |
observedGenerationint64 | observedGeneration reflects the generation of the most recently observed MachineSet. | No |
failureReasonMachineSetStatusError | failureReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation. In the event that there is a terminal problem reconciling the replicas, both FailureReason and FailureMessage will be set. FailureReason will be populated with a succinct value suitable for machine interpretation, while FailureMessage will contain a more verbose string suitable for logging and human consumption. These fields should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the MachineTemplate's spec or the configuration of the machine controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the machine controller, or the responsible machine controller itself being critically misconfigured. Any transient errors that occur during the reconciliation of Machines can be added as events to the MachineSet object and/or logged in the controller's output. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. | No |
failureMessagestring | failureMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. Validation: Minimum length: 1 | No |
conditionsConditions | conditions defines current service state of the MachineSet. | No |
v1beta2MachineSetV1Beta2Status | v1beta2 groups all the fields that will be added or modified in MachineSet's status with the V1Beta2 version. | No |
MachineSpec
MachineSpec defines the desired state of Machine.
Appears in: Machine, MachineTemplateSpec
| Field | Description | Required |
|---|---|---|
clusterNamestring | clusterName is the name of the Cluster this object belongs to. Validation: Minimum length: 1 | Yes |
bootstrapBootstrap | bootstrap is a reference to a local struct which encapsulates fields to configure the Machine’s bootstrapping mechanism. | Yes |
infrastructureRefObjectReference | infrastructureRef is a required reference to a custom resource offered by an infrastructure provider. | Yes |
versionstring | version defines the desired Kubernetes version. This field is meant to be optionally used by bootstrap providers. Validation: Minimum length: 1 | No |
providerIDstring | providerID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a generic out-of-tree provider for autoscaler, this field is required by autoscaler to be able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver and then a comparison is done to find out unregistered machines and are marked for delete. This field will be set by the actuators and consumed by higher level entities like autoscaler that will be interfacing with cluster-api as generic provider. Validation: Minimum length: 1 | No |
failureDomainstring | failureDomain is the failure domain the machine will be created in. Must match a key in the FailureDomains map stored on the cluster object. Validation: Minimum length: 1 | No |
readinessGates[]MachineReadinessGate | readinessGates specifies additional conditions to include when evaluating Machine Ready condition. This field can be used e.g. by Cluster API control plane providers to extend the semantic of the Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc. Another example are external controllers, e.g. responsible to install special software/hardware on the Machines; they can include the status of those components with a new condition and add this condition to ReadinessGates. NOTE: This field is considered only for computing v1beta2 conditions. NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those readiness gates condition are reporting the same message, when computing the Machine's Ready condition those readinessGates will be replaced by a single entry reporting "Control plane components: " + message. This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster). Validation: Maximum items: 32 | No |
nodeDrainTimeoutDuration | nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from kubectl drain --timeout | No |
nodeVolumeDetachTimeoutDuration | nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. | No |
nodeDeletionTimeoutDuration | nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. Defaults to 10 seconds. | No |
taints[]MachineTaint | taints are the node taints that Cluster API will manage. This list is not necessarily complete: other Kubernetes components may add or remove other taints from nodes, e.g. the node controller might add the node.kubernetes.io/not-ready taint. Only those taints defined in this list will be added or removed by core Cluster API controllers. There can be at most 64 taints. A pod would have to tolerate all existing taints to run on the corresponding node. NOTE: This list is implemented as a "map" type, meaning that individual elements can be managed by different owners. Validation: Minimum items: 1 | No |
MachineStatus
MachineStatus defines the observed state of Machine.
Appears in: Machine
| Field | Description | Required |
|---|---|---|
nodeRefObjectReference | nodeRef will point to the corresponding Node if it exists. | No |
nodeInfoNodeSystemInfo | nodeInfo is a set of ids/uuids to uniquely identify the node. More info: https://kubernetes.io/docs/concepts/nodes/node/#info | No |
lastUpdatedTime | lastUpdated identifies when the phase of the Machine last transitioned. | No |
failureReasonMachineStatusError | failureReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation. This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. | No |
failureMessagestring | failureMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption. This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. Validation: Minimum length: 1 | No |
addressesMachineAddresses | addresses is a list of addresses assigned to the machine. This field is copied from the infrastructure provider reference. | No |
phasestring | phase represents the current phase of machine actuation. Validation: Allowed values: | No |
certificatesExpiryDateTime | certificatesExpiryDate is the expiry date of the machine certificates. This value is only set for control plane machines. | No |
bootstrapReadybool | bootstrapReady is the state of the bootstrap provider. | No |
infrastructureReadybool | infrastructureReady is the state of the infrastructure provider. | No |
observedGenerationint64 | observedGeneration is the latest generation observed by the controller. | No |
conditionsConditions | conditions defines current service state of the Machine. | No |
deletionMachineDeletionStatus | deletion contains information relating to removal of the Machine. Only present when the Machine has a deletionTimestamp and drain or wait for volume detach started. | No |
v1beta2MachineV1Beta2Status | v1beta2 groups all the fields that will be added or modified in Machine's status with the V1Beta2 version. | No |
ObjectMeta
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. This is a copy of customizable fields from metav1.ObjectMeta.
ObjectMeta is embedded in Machine.Spec, MachineDeployment.Template and MachineSet.Template, which are not top-level Kubernetes objects. Given that metav1.ObjectMeta has lots of special cases and read-only fields which end up in the generated CRD validation, having it as a subset simplifies the API and some issues that can impact user experience.
During the upgrade to controller-tools@v2 for v1alpha2, we noticed a failure would occur running Cluster API test suite against the new CRDs, specifically spec.metadata.creationTimestamp in body must be of type string: "null". The investigation showed that controller-tools@v2 behaves differently than its previous version when handling types from metav1 package.
In more details, we found that embedded (non-top level) types that embedded metav1.ObjectMeta had validation properties, including for creationTimestamp (metav1.Time). The metav1.Time type specifies a custom json marshaller that, when IsZero() is true, returns null which breaks validation because the field isn't marked as nullable.
In future versions, controller-tools@v2 might allow overriding the type and validation for embedded types. When that happens, this hack should be revisited.
Appears in: Cluster, ClusterClass, ControlPlaneClass, ControlPlaneTopology, Machine, MachineDeployment, MachineDeploymentClassTemplate, MachineDeploymentTopology, MachineDrainRule, MachineHealthCheck, MachineSet, MachineTemplateSpec
| Field | Description | Required |
|---|---|---|
labelsmap[string]string | labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels | No |
annotationsmap[string]string | annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations | No |
APIEndpoint
APIEndpoint represents a reachable Kubernetes API endpoint.
Appears in: ClusterSpec
| Field | Description | Required |
|---|---|---|
hoststring | host is the hostname on which the API server is serving. TODO: Can't set MinLength=1 for now, because this struct is not always used in pointer fields so today we have cases where host is set to an empty string. Validation: Maximum length: 512 | No |
portint32 | port is the port on which the API server is serving. | No |
Bootstrap
Bootstrap encapsulates fields to configure the Machine’s bootstrapping mechanism.
Appears in: MachineSpec
| Field | Description | Required |
|---|---|---|
configRefObjectReference | configRef is a reference to a bootstrap provider-specific resource that holds configuration details. The reference is optional to allow users/operators to specify Bootstrap.DataSecretName without the need of a controller. | No |
dataSecretNamestring | dataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine should remain in the Pending state. Validation: Minimum length: 0 | No |
ClusterAvailabilityGate
ClusterAvailabilityGate contains the type of a Cluster condition to be used as availability gate.
Appears in: ClusterClassSpec, ClusterSpec
| Field | Description | Required |
|---|---|---|
conditionTypestring | conditionType refers to a condition with matching type in the Cluster's condition list. If the conditions doesn't exist, it will be treated as unknown. Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as availability gates. Validation: Pattern: | Yes |
polarityConditionPolarity | polarity of the conditionType specified in this availabilityGate. Valid values are Positive, Negative and omitted. When omitted, the default behaviour will be Positive. A positive polarity means that the condition should report a true status under normal conditions. A negative polarity means that the condition should report a false status under normal conditions. Validation: Allowed values: | No |
ClusterClassPatch
ClusterClassPatch defines a patch which is applied to customize the referenced templates.
Appears in: ClusterClassSpec
| Field | Description | Required |
|---|---|---|
namestring | name of the patch. Validation: Minimum length: 1 | Yes |
descriptionstring | description is a human-readable description of this patch. Validation: Minimum length: 1 | No |
enabledIfstring | enabledIf is a Go template to be used to calculate if a patch should be enabled. It can reference variables defined in .spec.variables and builtin variables. The patch will be enabled if the template evaluates to true, otherwise it will be disabled. If EnabledIf is not set, the patch will be enabled per default.Validation: Minimum length: 1 | No |
definitions[]PatchDefinition | definitions define inline patches. Note: Patches will be applied in the order of the array. Note: Exactly one of Definitions or External must be set. Validation: Maximum items: 100 | No |
externalExternalPatchDefinition | external defines an external patch. Note: Exactly one of Definitions or External must be set. | No |
ClusterClassStatusVariable
ClusterClassStatusVariable defines a variable which appears in the status of a ClusterClass.
Appears in: ClusterClassStatus
| Field | Description | Required |
|---|---|---|
namestring | name is the name of the variable. Validation: Maximum length: 256 | Yes |
definitionsConflictbool | definitionsConflict specifies whether or not there are conflicting definitions for a single variable name. | No |
definitions[]ClusterClassStatusVariableDefinition | definitions is a list of definitions for a variable. Validation: Maximum items: 100 | Yes |
ClusterClassUpgrade
ClusterClassUpgrade defines the upgrade configuration for clusters using the ClusterClass.
Appears in: ClusterClassSpec
| Field | Description | Required |
|---|---|---|
externalClusterClassUpgradeExternal | external defines external runtime extensions for upgrade operations. | No |
ClusterClassV1Beta2Status
ClusterClassV1Beta2Status groups all the fields that will be added or modified in ClusterClass with the V1Beta2 version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.
Appears in: ClusterClassStatus
| Field | Description | Required |
|---|---|---|
conditions[]Condition | conditions represents the observations of a ClusterClass's current state. Known condition types are VariablesReady, RefVersionsUpToDate, Paused. Validation: Maximum items: 32 | No |
ClusterClassVariable
ClusterClassVariable defines a variable which can be configured in the Cluster topology and used in patches.
Appears in: ClusterClassSpec
| Field | Description | Required |
|---|---|---|
namestring | name of the variable. Validation: Minimum length: 1 | Yes |
requiredbool | required specifies if the variable is required. Note: this applies to the variable as a whole and thus the top-level object defined in the schema. If nested fields are required, this will be specified inside the schema. | Yes |
metadataClusterClassVariableMetadata | metadata is the metadata of a variable. It can be used to add additional data for higher level tools to a ClusterClassVariable. Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please use XMetadata in JSONSchemaProps instead. | No |
schemaVariableSchema | schema defines the schema of the variable. | Yes |
ClusterNetwork
ClusterNetwork specifies the different networking parameters for a cluster.
Appears in: ClusterSpec
| Field | Description | Required |
|---|---|---|
apiServerPortint32 | apiServerPort specifies the port the API Server should bind to. Defaults to 6443. | No |
servicesNetworkRanges | services is the network ranges from which service VIPs are allocated. | No |
podsNetworkRanges | pods is the network ranges from which Pod networks are allocated. | No |
serviceDomainstring | serviceDomain is the domain name for services. Validation: Minimum length: 1 | No |
ClusterV1Beta2Status
ClusterV1Beta2Status groups all the fields that will be added or modified in Cluster with the V1Beta2 version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.
Appears in: ClusterStatus
| Field | Description | Required |
|---|---|---|
conditions[]Condition | conditions represents the observations of a Cluster's current state. Known condition types are Available, InfrastructureReady, ControlPlaneInitialized, ControlPlaneAvailable, WorkersAvailable, MachinesReady MachinesUpToDate, RemoteConnectionProbe, ScalingUp, ScalingDown, Remediating, Deleting, Paused. Additionally, a TopologyReconciled condition will be added in case the Cluster is referencing a ClusterClass / defining a managed Topology. Validation: Maximum items: 32 | No |
controlPlaneClusterControlPlaneStatus | controlPlane groups all the observations about Cluster's ControlPlane current state. | No |
workersWorkersStatus | workers groups all the observations about Cluster's Workers current state. | No |
Conditions
Conditions provide observations of the operational state of a Cluster API resource.
Appears in: ClusterClassStatus, ClusterStatus, MachineDeploymentStatus, MachineHealthCheckStatus, MachineSetStatus, MachineStatus
ControlPlaneClass
ControlPlaneClass defines the class for the control plane.
Appears in: ClusterClassSpec
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane if the ControlPlaneTemplate referenced is machine based. If not, it is applied only to the ControlPlane. At runtime this metadata is merged with the corresponding metadata from the topology. This field is supported if and only if the control plane provider template referenced is Machine based. | No |
machineInfrastructureLocalObjectTemplate | machineInfrastructure defines the metadata and infrastructure information for control plane machines. This field is supported if and only if the control plane provider template referenced above is Machine based and supports setting replicas. | No |
machineHealthCheckMachineHealthCheckClass | machineHealthCheck defines a MachineHealthCheck for this ControlPlaneClass. This field is supported if and only if the ControlPlane provider template referenced above is Machine based and supports setting replicas. | No |
namingStrategyControlPlaneClassNamingStrategy | namingStrategy allows changing the naming pattern used when creating the control plane provider object. | No |
nodeDrainTimeoutDuration | nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from kubectl drain --timeout NOTE: This value can be overridden while defining a Cluster.Topology. | No |
nodeVolumeDetachTimeoutDuration | nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. NOTE: This value can be overridden while defining a Cluster.Topology. | No |
nodeDeletionTimeoutDuration | nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. Defaults to 10 seconds. NOTE: This value can be overridden while defining a Cluster.Topology. | No |
taints[]MachineTaint | taints are the node taints that Cluster API will manage. This list is not necessarily complete: other Kubernetes components may add or remove other taints from nodes, e.g. the node controller might add the node.kubernetes.io/not-ready taint. Only those taints defined in this list will be added or removed by core Cluster API controllers. There can be at most 64 taints. A pod would have to tolerate all existing taints to run on the corresponding node. NOTE: This list is implemented as a "map" type, meaning that individual elements can be managed by different owners. Validation: Minimum items: 1 | No |
readinessGates[]MachineReadinessGate | readinessGates specifies additional conditions to include when evaluating Machine Ready condition. This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine. NOTE: This field is considered only for computing v1beta2 conditions. NOTE: If a Cluster defines a custom list of readinessGates for the control plane, such list overrides readinessGates defined in this field. NOTE: Specific control plane provider implementations might automatically extend the list of readinessGates; e.g. the kubeadm control provider adds ReadinessGates for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc. Validation: Maximum items: 32 | No |
FailureDomains
FailureDomains is a slice of FailureDomains.
Appears in: ClusterStatus
InfrastructureNamingStrategy
InfrastructureNamingStrategy defines the naming strategy for infrastructure objects.
Appears in: ClusterClassSpec
| Field | Description | Required |
|---|---|---|
templatestring | template defines the template to use for generating the name of the Infrastructure object. If not defined, it will fallback to {{ .cluster.name }}-{{ .random }}. If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will get concatenated with a random suffix of length 5. The templating mechanism provides the following arguments: * .cluster.name: The name of the cluster object. * .random: A random alphanumeric string, without vowels, of length 5.Validation: Minimum length: 1 | No |
LocalObjectTemplate
LocalObjectTemplate defines a template for a topology Class.
Appears in: ClusterClassSpec, ControlPlaneClass, MachineDeploymentClassTemplate
| Field | Description | Required |
|---|---|---|
refObjectReference | ref is a required reference to a custom resource offered by a provider. | Yes |
MachineAddresses
MachineAddresses is a slice of MachineAddress items to be used by infrastructure providers.
Appears in: MachineStatus
MachineDeletionStatus
MachineDeletionStatus is the deletion state of the Machine.
Appears in: MachineStatus
| Field | Description | Required |
|---|---|---|
nodeDrainStartTimeTime | nodeDrainStartTime is the time when the drain of the node started and is used to determine if the NodeDrainTimeout is exceeded. Only present when the Machine has a deletionTimestamp and draining the node had been started. | No |
waitForNodeVolumeDetachStartTimeTime | waitForNodeVolumeDetachStartTime is the time when waiting for volume detachment started and is used to determine if the NodeVolumeDetachTimeout is exceeded. Detaching volumes from nodes is usually done by CSI implementations and the current state is observed from the node's .Status.VolumesAttached field. Only present when the Machine has a deletionTimestamp and waiting for volume detachments had been started. | No |
MachineDeploymentStrategy
MachineDeploymentStrategy describes how to replace existing machines with new ones.
Appears in: MachineDeploymentClass, MachineDeploymentSpec, MachineDeploymentTopology
| Field | Description | Required |
|---|---|---|
typeMachineDeploymentStrategyType | type of deployment. Allowed values are RollingUpdate and OnDelete. The default is RollingUpdate. Validation: Allowed values: | No |
rollingUpdateMachineRollingUpdateDeployment | rollingUpdate is the rolling update config params. Present only if MachineDeploymentStrategyType = RollingUpdate. | No |
remediationRemediationStrategy | remediation controls the strategy of remediating unhealthy machines and how remediating operations should occur during the lifecycle of the dependant MachineSets. | No |
MachineDeploymentV1Beta2Status
MachineDeploymentV1Beta2Status groups all the fields that will be added or modified in MachineDeployment with the V1Beta2 version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.
Appears in: MachineDeploymentStatus
| Field | Description | Required |
|---|---|---|
conditions[]Condition | conditions represents the observations of a MachineDeployment's current state. Known condition types are Available, MachinesReady, MachinesUpToDate, ScalingUp, ScalingDown, Remediating, Deleting, Paused. Validation: Maximum items: 32 | No |
readyReplicasint32 | readyReplicas is the number of ready replicas for this MachineDeployment. A machine is considered ready when Machine's Ready condition is true. | No |
availableReplicasint32 | availableReplicas is the number of available replicas for this MachineDeployment. A machine is considered available when Machine's Available condition is true. | No |
upToDateReplicasint32 | upToDateReplicas is the number of up-to-date replicas targeted by this deployment. A machine is considered up-to-date when Machine's UpToDate condition is true. | No |
MachineDrainRuleDrainConfig
MachineDrainRuleDrainConfig configures if and how Pods are drained.
Appears in: MachineDrainRuleSpec
| Field | Description | Required |
|---|---|---|
behaviorMachineDrainRuleDrainBehavior | behavior defines the drain behavior. Can be either "Drain", "Skip", or "WaitCompleted". "Drain" means that the Pods to which this MachineDrainRule applies will be drained. If behavior is set to "Drain" the order in which Pods are drained can be configured with the order field. When draining Pods of a Node the Pods will be grouped by order and one group after another will be drained (by increasing order). Cluster API will wait until all Pods of a group are terminated / removed from the Node before starting with the next group. "Skip" means that the Pods to which this MachineDrainRule applies will be skipped during drain. "WaitCompleted" means that the pods to which this MachineDrainRule applies will never be evicted and we wait for them to be completed, it is enforced that pods marked with this behavior always have Order=0. | Yes |
orderint32 | order defines the order in which Pods are drained. Pods with higher order are drained after Pods with lower order. order can only be set if behavior is set to "Drain". If order is not set, 0 will be used. Valid values for order are from -2147483648 to 2147483647 (inclusive). | No |
MachineDrainRuleMachineSelector
MachineDrainRuleMachineSelector defines to which Machines this MachineDrainRule should be applied.
Appears in: MachineDrainRuleSpec
| Field | Description | Required |
|---|---|---|
selectorLabelSelector | selector is a label selector which selects Machines by their labels. This field follows standard label selector semantics; if not present or empty, it selects all Machines. If clusterSelector is also set, then the selector as a whole selects Machines matching selector belonging to Clusters selected by clusterSelector. If clusterSelector is not set, it selects all Machines matching selector in all Clusters. | No |
clusterSelectorLabelSelector | clusterSelector is a label selector which selects Machines by the labels of their Clusters. This field follows standard label selector semantics; if not present or empty, it selects Machines of all Clusters. If selector is also set, then the selector as a whole selects Machines matching selector belonging to Clusters selected by clusterSelector. If selector is not set, it selects all Machines belonging to Clusters selected by clusterSelector. | No |
MachineDrainRulePodSelector
MachineDrainRulePodSelector defines to which Pods this MachineDrainRule should be applied.
Appears in: MachineDrainRuleSpec
| Field | Description | Required |
|---|---|---|
selectorLabelSelector | selector is a label selector which selects Pods by their labels. This field follows standard label selector semantics; if not present or empty, it selects all Pods. If namespaceSelector is also set, then the selector as a whole selects Pods matching selector in Namespaces selected by namespaceSelector. If namespaceSelector is not set, it selects all Pods matching selector in all Namespaces. | No |
namespaceSelectorLabelSelector | namespaceSelector is a label selector which selects Pods by the labels of their Namespaces. This field follows standard label selector semantics; if not present or empty, it selects Pods of all Namespaces. If selector is also set, then the selector as a whole selects Pods matching selector in Namespaces selected by namespaceSelector. If selector is not set, it selects all Pods in Namespaces selected by namespaceSelector. | No |
MachineHealthCheckV1Beta2Status
MachineHealthCheckV1Beta2Status groups all the fields that will be added or modified in MachineHealthCheck with the V1Beta2 version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.
Appears in: MachineHealthCheckStatus
| Field | Description | Required |
|---|---|---|
conditions[]Condition | conditions represents the observations of a MachineHealthCheck's current state. Known condition types are RemediationAllowed, Paused. Validation: Maximum items: 32 | No |
MachineNamingStrategy
MachineNamingStrategy allows changing the naming pattern used when creating Machines. Note: InfraMachines & BootstrapConfigs will use the same name as the corresponding Machines.
Appears in: MachineDeploymentSpec, MachineSetSpec
| Field | Description | Required |
|---|---|---|
templatestring | template defines the template to use for generating the names of the Machine objects. If not defined, it will fallback to {{ .machineSet.name }}-{{ .random }}. If the generated name string exceeds 63 characters, it will be trimmed to 58 characters and will get concatenated with a random suffix of length 5. Length of the template string must not exceed 256 characters. The template allows the following variables .cluster.name, .machineSet.name and .random. The variable .cluster.name retrieves the name of the cluster object that owns the Machines being created. The variable .machineSet.name retrieves the name of the MachineSet object that owns the Machines being created. The variable .random is substituted with random alphanumeric string, without vowels, of length 5. This variable is required part of the template. If not provided, validation will fail.Validation: Minimum length: 1 | No |
MachineReadinessGate
MachineReadinessGate contains the type of a Machine condition to be used as a readiness gate.
Appears in: ControlPlaneClass, ControlPlaneTopology, MachineDeploymentClass, MachineDeploymentTopology, MachineSpec
| Field | Description | Required |
|---|---|---|
conditionTypestring | conditionType refers to a condition with matching type in the Machine's condition list. If the conditions doesn't exist, it will be treated as unknown. Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. Validation: Maximum length: 316 | Yes |
polarityConditionPolarity | polarity of the conditionType specified in this readinessGate. Valid values are Positive, Negative and omitted. When omitted, the default behaviour will be Positive. A positive polarity means that the condition should report a true status under normal conditions. A negative polarity means that the condition should report a false status under normal conditions. Validation: Allowed values: | No |
MachineSetV1Beta2Status
MachineSetV1Beta2Status groups all the fields that will be added or modified in MachineSetStatus with the V1Beta2 version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.
Appears in: MachineSetStatus
| Field | Description | Required |
|---|---|---|
conditions[]Condition | conditions represents the observations of a MachineSet's current state. Known condition types are MachinesReady, MachinesUpToDate, ScalingUp, ScalingDown, Remediating, Deleting, Paused. Validation: Maximum items: 32 | No |
readyReplicasint32 | readyReplicas is the number of ready replicas for this MachineSet. A machine is considered ready when Machine's Ready condition is true. | No |
availableReplicasint32 | availableReplicas is the number of available replicas for this MachineSet. A machine is considered available when Machine's Available condition is true. | No |
upToDateReplicasint32 | upToDateReplicas is the number of up-to-date replicas for this MachineSet. A machine is considered up-to-date when Machine's UpToDate condition is true. | No |
MachineTaint
MachineTaint defines a taint equivalent to corev1.Taint, but additionally having a propagation field.
Appears in: ControlPlaneClass, ControlPlaneTopology, MachineDeploymentClass, MachineDeploymentTopology, MachineSpec
| Field | Description | Required |
|---|---|---|
keystring | key is the taint key to be applied to a node. Must be a valid qualified name of maximum size 63 characters with an optional subdomain prefix of maximum size 253 characters, separated by a /.Validation: Pattern: | No |
valuestring | value is the taint value corresponding to the taint key. It must be a valid label value of maximum size 63 characters. Validation: Maximum length: 63 | No |
effectTaintEffect | effect is the effect for the taint. Valid values are NoSchedule, PreferNoSchedule and NoExecute. Validation: Allowed values: | No |
propagationMachineTaintPropagation | propagation defines how this taint should be propagated to nodes. Valid values are 'Always' and 'OnInitialization'. Always: The taint will be continuously reconciled. If it is not set for a node, it will be added during reconciliation. OnInitialization: The taint will be added during node initialization. If it gets removed from the node later on it will not get added again. | No |
MachineTemplateSpec
MachineTemplateSpec describes the data needed to create a Machine from a template.
Appears in: MachineDeploymentSpec, MachineSetSpec
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specMachineSpec | spec is the specification of the desired behavior of the machine. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | No |
MachineV1Beta2Status
MachineV1Beta2Status groups all the fields that will be added or modified in MachineStatus with the V1Beta2 version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.
Appears in: MachineStatus
| Field | Description | Required |
|---|---|---|
conditions[]Condition | conditions represents the observations of a Machine's current state. Known condition types are Available, Ready, UpToDate, BootstrapConfigReady, InfrastructureReady, NodeReady, NodeHealthy, Deleting, Paused. If a MachineHealthCheck is targeting this machine, also HealthCheckSucceeded, OwnerRemediated conditions are added. Additionally control plane Machines controlled by KubeadmControlPlane will have following additional conditions: APIServerPodHealthy, ControllerManagerPodHealthy, SchedulerPodHealthy, EtcdPodHealthy, EtcdMemberHealthy. Validation: Maximum items: 32 | No |
Topology
Topology encapsulates the information of the managed resources.
Appears in: ClusterSpec
| Field | Description | Required |
|---|---|---|
classstring | class is the name of the ClusterClass object to create the topology. Validation: Minimum length: 1 | Yes |
classNamespacestring | classNamespace is the namespace of the ClusterClass that should be used for the topology. If classNamespace is empty or not set, it is defaulted to the namespace of the Cluster object. classNamespace must be a valid namespace name and because of that be at most 63 characters in length and it must consist only of lower case alphanumeric characters or hyphens (-), and must start and end with an alphanumeric character. Validation: Minimum length: 1 | No |
versionstring | version is the Kubernetes version of the cluster. Validation: Minimum length: 1 | Yes |
rolloutAfterTime | rolloutAfter performs a rollout of the entire cluster one component at a time, control plane first and then machine deployments. Deprecated: This field has no function and is going to be removed in the next apiVersion. | No |
controlPlaneControlPlaneTopology | controlPlane describes the cluster control plane. | No |
workersWorkersTopology | workers encapsulates the different constructs that form the worker nodes for the cluster. | No |
variables[]ClusterVariable | variables can be used to customize the Cluster through patches. They must comply to the corresponding VariableClasses defined in the ClusterClass. Validation: Maximum items: 1000 | No |
UnhealthyCondition
UnhealthyCondition represents a Node condition type and value with a timeout specified as a duration. When the named condition has been in the given status for at least the timeout value, a node is considered unhealthy.
Appears in: MachineHealthCheckClass, MachineHealthCheckSpec
| Field | Description | Required |
|---|---|---|
typeNodeConditionType | type of Node condition Validation: Type: string | Yes |
statusConditionStatus | status of the condition, one of True, False, Unknown. Validation: Type: string | Yes |
timeoutDuration | timeout is the duration that a node must be in a given status for, after which the node is considered unhealthy. For example, with a value of "1h", the node must match the status for at least 1 hour before being considered unhealthy. | Yes |
UnhealthyMachineCondition
UnhealthyMachineCondition represents a Machine condition type and value with a timeout specified as a duration. When the named condition has been in the given status for at least the timeout value, a machine is considered unhealthy.
Appears in: MachineHealthCheckClass, MachineHealthCheckSpec
| Field | Description | Required |
|---|---|---|
typestring | type of Machine condition Validation: Pattern: | No |
statusConditionStatus | status of the condition, one of True, False, Unknown. Validation: Allowed values: | No |
timeoutDuration | timeout is the duration that a Machine must be in a given status for, after which the Machine is considered unhealthy. For example, with a value of "1h", the Machine must match the status for at least 1 hour before being considered unhealthy. | Yes |
WorkersClass
WorkersClass is a collection of deployment classes.
Appears in: ClusterClassSpec
| Field | Description | Required |
|---|---|---|
machineDeployments[]MachineDeploymentClass | machineDeployments is a list of machine deployment classes that can be used to create a set of worker nodes. Validation: Maximum items: 100 | No |
machinePools[]MachinePoolClass | machinePools is a list of machine pool classes that can be used to create a set of worker nodes. Validation: Maximum items: 100 | No |
ClusterClassStatusVariableDefinition
ClusterClassStatusVariableDefinition defines a variable which appears in the status of a ClusterClass.
Appears in: ClusterClassStatusVariable
| Field | Description | Required |
|---|---|---|
fromstring | from specifies the origin of the variable definition. This will be inline for variables defined in the ClusterClass or the name of a patch defined in the ClusterClass for variables discovered from a DiscoverVariables runtime extensions.Validation: Minimum length: 1 | Yes |
requiredbool | required specifies if the variable is required. Note: this applies to the variable as a whole and thus the top-level object defined in the schema. If nested fields are required, this will be specified inside the schema. | Yes |
metadataClusterClassVariableMetadata | metadata is the metadata of a variable. It can be used to add additional data for higher level tools to a ClusterClassVariable. Deprecated: This field is deprecated and is going to be removed in the next apiVersion. | No |
schemaVariableSchema | schema defines the schema of the variable. | Yes |
ClusterClassUpgradeExternal
ClusterClassUpgradeExternal defines external runtime extensions for upgrade operations.
Appears in: ClusterClassUpgrade
| Field | Description | Required |
|---|---|---|
generateUpgradePlanExtensionstring | generateUpgradePlanExtension references an extension which is called to generate upgrade plan. Validation: Minimum length: 1 | No |
ClusterClassVariableMetadata
ClusterClassVariableMetadata is the metadata of a variable. It can be used to add additional data for higher level tools to a ClusterClassVariable.
Deprecated: This struct is deprecated and is going to be removed in the next apiVersion.
Appears in: ClusterClassStatusVariableDefinition, ClusterClassVariable
| Field | Description | Required |
|---|---|---|
labelsmap[string]string | labels is a map of string keys and values that can be used to organize and categorize (scope and select) variables. | No |
annotationsmap[string]string | annotations is an unstructured key value map that can be used to store and retrieve arbitrary metadata. They are not queryable. | No |
ClusterControlPlaneStatus
ClusterControlPlaneStatus groups all the observations about control plane current state.
Appears in: ClusterV1Beta2Status
| Field | Description | Required |
|---|---|---|
desiredReplicasint32 | desiredReplicas is the total number of desired control plane machines in this cluster. | No |
replicasint32 | replicas is the total number of control plane machines in this cluster. NOTE: replicas also includes machines still being provisioned or being deleted. | No |
upToDateReplicasint32 | upToDateReplicas is the number of up-to-date control plane machines in this cluster. A machine is considered up-to-date when Machine's UpToDate condition is true. | No |
readyReplicasint32 | readyReplicas is the total number of ready control plane machines in this cluster. A machine is considered ready when Machine's Ready condition is true. | No |
availableReplicasint32 | availableReplicas is the total number of available control plane machines in this cluster. A machine is considered available when Machine's Available condition is true. | No |
ClusterVariable
ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a Variable definition in the ClusterClass status variables.
Appears in: ControlPlaneVariables, MachineDeploymentVariables, Topology
| Field | Description | Required |
|---|---|---|
namestring | name of the variable. Validation: Minimum length: 1 | Yes |
definitionFromstring | definitionFrom specifies where the definition of this Variable is from. Deprecated: This field is deprecated, must not be set anymore and is going to be removed in the next apiVersion. Validation: Maximum length: 256 | No |
valueJSON | value of the variable. Note: the value will be validated against the schema of the corresponding ClusterClassVariable from the ClusterClass. Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools, i.e. it is not possible to have no type field. Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 | Yes |
Condition
Condition defines an observation of a Cluster API resource operational state.
Appears in: ClusterClassV1Beta2Status, ClusterV1Beta2Status, MachineDeploymentV1Beta2Status, MachineHealthCheckV1Beta2Status, MachineSetV1Beta2Status, MachineV1Beta2Status
| Field | Description | Required |
|---|---|---|
typeConditionType | type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. | Yes |
statusConditionStatus | status of the condition, one of True, False, Unknown. | Yes |
severityConditionSeverity | severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. | No |
lastTransitionTimeTime | lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. | Yes |
reasonstring | reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may be empty. Validation: Minimum length: 1 | No |
messagestring | message is a human readable message indicating details about the transition. This field may be empty. Validation: Minimum length: 1 | No |
ConditionPolarity
ConditionPolarity defines the polarity for a metav1.Condition.
Appears in: ClusterAvailabilityGate, MachineReadinessGate
ControlPlaneClassNamingStrategy
ControlPlaneClassNamingStrategy defines the naming strategy for control plane objects.
Appears in: ControlPlaneClass
| Field | Description | Required |
|---|---|---|
templatestring | template defines the template to use for generating the name of the ControlPlane object. If not defined, it will fallback to {{ .cluster.name }}-{{ .random }}. If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will get concatenated with a random suffix of length 5. The templating mechanism provides the following arguments: * .cluster.name: The name of the cluster object. * .random: A random alphanumeric string, without vowels, of length 5.Validation: Minimum length: 1 | No |
ControlPlaneTopology
ControlPlaneTopology specifies the parameters for the control plane nodes in the cluster.
Appears in: Topology
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane if the ControlPlaneTemplate referenced by the ClusterClass is machine based. If not, it is applied only to the ControlPlane. At runtime this metadata is merged with the corresponding metadata from the ClusterClass. | No |
replicasint32 | replicas is the number of control plane nodes. If the value is nil, the ControlPlane object is created without the number of Replicas and it's assumed that the control plane controller does not implement support for this field. When specified against a control plane provider that lacks support for this field, this value will be ignored. | No |
rolloutControlPlaneTopologyRolloutSpec | rollout allows you to configure the behavior of rolling updates to the control plane. | No |
machineHealthCheckMachineHealthCheckTopology | machineHealthCheck allows to enable, disable and override the MachineHealthCheck configuration in the ClusterClass for this control plane. | No |
nodeDrainTimeoutDuration | nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from kubectl drain --timeout | No |
nodeVolumeDetachTimeoutDuration | nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. | No |
nodeDeletionTimeoutDuration | nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. Defaults to 10 seconds. | No |
taints[]MachineTaint | taints are the node taints that Cluster API will manage. This list is not necessarily complete: other Kubernetes components may add or remove other taints from nodes, e.g. the node controller might add the node.kubernetes.io/not-ready taint. Only those taints defined in this list will be added or removed by core Cluster API controllers. There can be at most 64 taints. A pod would have to tolerate all existing taints to run on the corresponding node. NOTE: This list is implemented as a "map" type, meaning that individual elements can be managed by different owners. Validation: Minimum items: 1 | No |
readinessGates[]MachineReadinessGate | readinessGates specifies additional conditions to include when evaluating Machine Ready condition. This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine. If this field is not defined, readinessGates from the corresponding ControlPlaneClass will be used, if any. NOTE: This field is considered only for computing v1beta2 conditions. NOTE: Specific control plane provider implementations might automatically extend the list of readinessGates; e.g. the kubeadm control provider adds ReadinessGates for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc. Validation: Maximum items: 32 | No |
variablesControlPlaneVariables | variables can be used to customize the ControlPlane through patches. | No |
ExternalPatchDefinition
ExternalPatchDefinition defines an external patch. Note: At least one of GenerateExtension or ValidateExtension must be set.
Appears in: ClusterClassPatch
| Field | Description | Required |
|---|---|---|
generateExtensionstring | generateExtension references an extension which is called to generate patches. Validation: Minimum length: 1 | No |
validateExtensionstring | validateExtension references an extension which is called to validate the topology. Validation: Minimum length: 1 | No |
discoverVariablesExtensionstring | discoverVariablesExtension references an extension which is called to discover variables. Validation: Minimum length: 1 | No |
settingsmap[string]string | settings defines key value pairs to be passed to the extensions. Values defined here take precedence over the values defined in the corresponding ExtensionConfig. | No |
MachineDeploymentClass
MachineDeploymentClass serves as a template to define a set of worker nodes of the cluster provisioned using the ClusterClass.
Appears in: WorkersClass
| Field | Description | Required |
|---|---|---|
classstring | class denotes a type of worker node present in the cluster, this name MUST be unique within a ClusterClass and can be referenced in the Cluster to create a managed MachineDeployment. Validation: Minimum length: 1 | Yes |
templateMachineDeploymentClassTemplate | template is a local struct containing a collection of templates for creation of MachineDeployment objects representing a set of worker nodes. | Yes |
machineHealthCheckMachineHealthCheckClass | machineHealthCheck defines a MachineHealthCheck for this MachineDeploymentClass. | No |
failureDomainstring | failureDomain is the failure domain the machines will be created in. Must match a key in the FailureDomains map stored on the cluster object. NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. Validation: Minimum length: 1 | No |
namingStrategyMachineDeploymentClassNamingStrategy | namingStrategy allows changing the naming pattern used when creating the MachineDeployment. | No |
nodeDrainTimeoutDuration | nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from kubectl drain --timeout NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. | No |
nodeVolumeDetachTimeoutDuration | nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. | No |
nodeDeletionTimeoutDuration | nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. Defaults to 10 seconds. NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. | No |
taints[]MachineTaint | taints are the node taints that Cluster API will manage. This list is not necessarily complete: other Kubernetes components may add or remove other taints from nodes, e.g. the node controller might add the node.kubernetes.io/not-ready taint. Only those taints defined in this list will be added or removed by core Cluster API controllers. There can be at most 64 taints. A pod would have to tolerate all existing taints to run on the corresponding node. NOTE: This list is implemented as a "map" type, meaning that individual elements can be managed by different owners. Validation: Minimum items: 1 | No |
minReadySecondsint32 | minReadySeconds is the minimum number of seconds for which a newly created machine should be ready. Defaults to 0 (machine will be considered available as soon as it is ready) NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. | No |
readinessGates[]MachineReadinessGate | readinessGates specifies additional conditions to include when evaluating Machine Ready condition. This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine. NOTE: This field is considered only for computing v1beta2 conditions. NOTE: If a Cluster defines a custom list of readinessGates for a MachineDeployment using this MachineDeploymentClass, such list overrides readinessGates defined in this field. Validation: Maximum items: 32 | No |
strategyMachineDeploymentStrategy | strategy is the deployment strategy to use to replace existing machines with new ones. NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. | No |
MachineDeploymentStrategyType
MachineDeploymentStrategyType defines the type of MachineDeployment rollout strategies.
Appears in: MachineDeploymentStrategy
MachineDrainRuleDrainBehavior
MachineDrainRuleDrainBehavior defines the drain behavior. Can be either "Drain", "Skip", or "WaitCompleted".
Appears in: MachineDrainRuleDrainConfig
MachineHealthCheckClass
MachineHealthCheckClass defines a MachineHealthCheck for a group of Machines.
Appears in: ControlPlaneClass, MachineDeploymentClass, MachineHealthCheckTopology
| Field | Description | Required |
|---|---|---|
unhealthyConditions[]UnhealthyCondition | unhealthyConditions contains a list of the conditions that determine whether a node is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy. Validation: Maximum items: 100 | No |
unhealthyMachineConditions[]UnhealthyMachineCondition | unhealthyMachineConditions contains a list of the machine conditions that determine whether a machine is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the machine is unhealthy. Validation: Minimum items: 1 | No |
maxUnhealthyIntOrString | maxUnhealthy specifies the maximum number of unhealthy machines allowed. Any further remediation is only allowed if at most "maxUnhealthy" machines selected by "selector" are not healthy. | No |
unhealthyRangestring | unhealthyRange specifies the range of unhealthy machines allowed. Any further remediation is only allowed if the number of machines selected by "selector" as not healthy is within the range of "unhealthyRange". Takes precedence over maxUnhealthy. Eg. "[3-5]" - This means that remediation will be allowed only when: (a) there are at least 3 unhealthy machines (and) (b) there are at most 5 unhealthy machines Validation: Pattern: | No |
nodeStartupTimeoutDuration | nodeStartupTimeout allows to set the maximum time for MachineHealthCheck to consider a Machine unhealthy if a corresponding Node isn't associated through a Spec.ProviderID field.The duration set in this field is compared to the greatest of:
Defaults to 10 minutes. If you wish to disable this feature, set the value explicitly to 0. | No |
remediationTemplateObjectReference | remediationTemplate is a reference to a remediation template provided by an infrastructure provider. This field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Cluster API. | No |
MachineRollingUpdateDeployment
MachineRollingUpdateDeployment is used to control the desired behavior of rolling update.
Appears in: MachineDeploymentStrategy
| Field | Description | Required |
|---|---|---|
maxUnavailableIntOrString | maxUnavailable is the maximum number of machines that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 0. Example: when this is set to 30%, the old MachineSet can be scaled down to 70% of desired machines immediately when the rolling update starts. Once new machines are ready, old MachineSet can be scaled down further, followed by scaling up the new MachineSet, ensuring that the total number of machines available at all times during the update is at least 70% of desired machines. | No |
maxSurgeIntOrString | maxSurge is the maximum number of machines that can be scheduled above the desired number of machines. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 1. Example: when this is set to 30%, the new MachineSet can be scaled up immediately when the rolling update starts, such that the total number of old and new machines do not exceed 130% of desired machines. Once old machines have been killed, new MachineSet can be scaled up further, ensuring that total number of machines running at any time during the update is at most 130% of desired machines. | No |
deletePolicystring | deletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling. Valid values are "Random, "Newest", "Oldest" When no value is supplied, the default DeletePolicy of MachineSet is used Validation: Allowed values: | No |
MachineTaintPropagation
MachineTaintPropagation defines when a taint should be propagated to nodes.
Appears in: MachineTaint
NetworkRanges
NetworkRanges represents ranges of network addresses.
Appears in: ClusterNetwork
| Field | Description | Required |
|---|---|---|
cidrBlocks[]string | cidrBlocks is a list of CIDR blocks. Validation: items:MinLength: 1 | Yes |
PatchDefinition
PatchDefinition defines a patch which is applied to customize the referenced templates.
Appears in: ClusterClassPatch
| Field | Description | Required |
|---|---|---|
selectorPatchSelector | selector defines on which templates the patch should be applied. | Yes |
jsonPatches[]JSONPatch | jsonPatches defines the patches which should be applied on the templates matching the selector. Note: Patches will be applied in the order of the array. Validation: Maximum items: 100 | Yes |
RemediationStrategy
RemediationStrategy allows to define how the MachineSet can control scaling operations.
Appears in: MachineDeploymentStrategy
| Field | Description | Required |
|---|---|---|
maxInFlightIntOrString | maxInFlight determines how many in flight remediations should happen at the same time. Remediation only happens on the MachineSet with the most current revision, while older MachineSets (usually present during rollout operations) aren't allowed to remediate. Note: In general (independent of remediations), unhealthy machines are always prioritized during scale down operations over healthy ones. MaxInFlight can be set to a fixed number or a percentage. Example: when this is set to 20%, the MachineSet controller deletes at most 20% of the desired replicas. If not set, remediation is limited to all machines (bounded by replicas) under the active MachineSet's management. | No |
VariableSchema
VariableSchema defines the schema of a variable.
Appears in: ClusterClassStatusVariableDefinition, ClusterClassVariable
| Field | Description | Required |
|---|---|---|
openAPIV3SchemaJSONSchemaProps | openAPIV3Schema defines the schema of a variable via OpenAPI v3 schema. The schema is a subset of the schema used in Kubernetes CRDs. | Yes |
WorkersStatus
WorkersStatus groups all the observations about workers current state.
Appears in: ClusterV1Beta2Status
| Field | Description | Required |
|---|---|---|
desiredReplicasint32 | desiredReplicas is the total number of desired worker machines in this cluster. | No |
replicasint32 | replicas is the total number of worker machines in this cluster. NOTE: replicas also includes machines still being provisioned or being deleted. | No |
upToDateReplicasint32 | upToDateReplicas is the number of up-to-date worker machines in this cluster. A machine is considered up-to-date when Machine's UpToDate condition is true. | No |
readyReplicasint32 | readyReplicas is the total number of ready worker machines in this cluster. A machine is considered ready when Machine's Ready condition is true. | No |
availableReplicasint32 | availableReplicas is the total number of available worker machines in this cluster. A machine is considered available when Machine's Available condition is true. | No |
WorkersTopology
WorkersTopology represents the different sets of worker nodes in the cluster.
Appears in: Topology
| Field | Description | Required |
|---|---|---|
machineDeployments[]MachineDeploymentTopology | machineDeployments is a list of machine deployments in the cluster. Validation: Maximum items: 2000 | No |
machinePools[]MachinePoolTopology | machinePools is a list of machine pools in the cluster. Validation: Maximum items: 2000 | No |
ConditionSeverity
ConditionSeverity expresses the severity of a Condition Type failing.
Appears in: Condition
ConditionType
ConditionType is a valid value for Condition.Type.
Appears in: Condition
ControlPlaneTopologyRolloutSpec
ControlPlaneTopologyRolloutSpec defines the rollout behavior.
Appears in: ControlPlaneTopology
| Field | Description | Required |
|---|---|---|
afterTime | after is a field to indicate a rollout should be performed after the specified time even if no changes have been made to the ControlPlane. Example: In the YAML the time can be specified in the RFC3339 format. To specify the rolloutAfter target as March 9, 2023, at 9 am UTC use "2023-03-09T09:00:00Z". | No |
ControlPlaneVariables
ControlPlaneVariables can be used to provide variables for the ControlPlane.
Appears in: ControlPlaneTopology
| Field | Description | Required |
|---|---|---|
overrides[]ClusterVariable | overrides can be used to override Cluster level variables. Validation: Maximum items: 1000 | No |
JSONPatch
JSONPatch defines a JSON patch.
Appears in: PatchDefinition
| Field | Description | Required |
|---|---|---|
opstring | op defines the operation of the patch. Note: Only add, replace and remove are supported.Validation: Allowed values: | Yes |
pathstring | path defines the path of the patch. Note: Only the spec of a template can be patched, thus the path has to start with /spec/. Note: For now the only allowed array modifications are append and prepend, i.e.: * for op: add: only index 0 (prepend) and - (append) are allowed * for op: replace or remove: no indexes are allowedValidation: Minimum length: 1 | Yes |
valueJSON | value defines the value of the patch. Note: Either Value or ValueFrom is required for add and replace operations. Only one of them is allowed to be set at the same time. Note: We have to use apiextensionsv1.JSON instead of our JSON type, because controller-tools has a hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type (unset type field). Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 | No |
valueFromJSONPatchValue | valueFrom defines the value of the patch. Note: Either Value or ValueFrom is required for add and replace operations. Only one of them is allowed to be set at the same time. | No |
JSONSchemaProps
JSONSchemaProps is a JSON-Schema following Specification Draft 4 (http://json-schema.org/). This struct has been initially copied from apiextensionsv1.JSONSchemaProps, but all fields which are not supported in CAPI have been removed.
Appears in: JSONSchemaProps, VariableSchema
| Field | Description | Required |
|---|---|---|
descriptionstring | description is a human-readable description of this variable. Validation: Minimum length: 1 | No |
exampleJSON | example is an example for this variable. | No |
typestring | type is the type of the variable. Valid values are: object, array, string, integer, number or boolean. Validation: Allowed values: | No |
propertiesmap[string]JSONSchemaProps | properties specifies fields of an object. NOTE: Can only be set if type is object. NOTE: Properties is mutually exclusive with AdditionalProperties. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible. Validation: Schemaless: {} | No |
additionalPropertiesJSONSchemaProps | additionalProperties specifies the schema of values in a map (keys are always strings). NOTE: Can only be set if type is object. NOTE: AdditionalProperties is mutually exclusive with Properties. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible. Validation: Schemaless: {} | No |
maxPropertiesint64 | maxProperties is the maximum amount of entries in a map or properties in an object. NOTE: Can only be set if type is object. | No |
minPropertiesint64 | minProperties is the minimum amount of entries in a map or properties in an object. NOTE: Can only be set if type is object. | No |
required[]string | required specifies which fields of an object are required. NOTE: Can only be set if type is object. Validation: Maximum items: 1000 | No |
itemsJSONSchemaProps | items specifies fields of an array. NOTE: Can only be set if type is array. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible. Validation: Schemaless: {} | No |
maxItemsint64 | maxItems is the max length of an array variable. NOTE: Can only be set if type is array. | No |
minItemsint64 | minItems is the min length of an array variable. NOTE: Can only be set if type is array. | No |
uniqueItemsbool | uniqueItems specifies if items in an array must be unique. NOTE: Can only be set if type is array. | No |
formatstring | format is an OpenAPI v3 format string. Unknown formats are ignored. For a list of supported formats please see: (of the k8s.io/apiextensions-apiserver version we're currently using) https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go NOTE: Can only be set if type is string. Validation: Minimum length: 1 | No |
maxLengthint64 | maxLength is the max length of a string variable. NOTE: Can only be set if type is string. | No |
minLengthint64 | minLength is the min length of a string variable. NOTE: Can only be set if type is string. | No |
patternstring | pattern is the regex which a string variable must match. NOTE: Can only be set if type is string. Validation: Minimum length: 1 | No |
maximumint64 | maximum is the maximum of an integer or number variable. If ExclusiveMaximum is false, the variable is valid if it is lower than, or equal to, the value of Maximum. If ExclusiveMaximum is true, the variable is valid if it is strictly lower than the value of Maximum. NOTE: Can only be set if type is integer or number. | No |
exclusiveMaximumbool | exclusiveMaximum specifies if the Maximum is exclusive. NOTE: Can only be set if type is integer or number. | No |
minimumint64 | minimum is the minimum of an integer or number variable. If ExclusiveMinimum is false, the variable is valid if it is greater than, or equal to, the value of Minimum. If ExclusiveMinimum is true, the variable is valid if it is strictly greater than the value of Minimum. NOTE: Can only be set if type is integer or number. | No |
exclusiveMinimumbool | exclusiveMinimum specifies if the Minimum is exclusive. NOTE: Can only be set if type is integer or number. | No |
x-kubernetes-preserve-unknown-fieldsbool | x-kubernetes-preserve-unknown-fields allows setting fields in a variable object which are not defined in the variable schema. This affects fields recursively, except if nested properties or additionalProperties are specified in the schema. | No |
enum[]JSON | enum is the list of valid values of the variable. NOTE: Can be set for all types. Validation: Maximum items: 100 | No |
defaultJSON | default is the default value of the variable. NOTE: Can be set for all types. | No |
x-kubernetes-validations[]ValidationRule | x-kubernetes-validations describes a list of validation rules written in the CEL expression language. Validation: Maximum items: 100 | No |
x-metadataVariableSchemaMetadata | x-metadata is the metadata of a variable or a nested field within a variable. It can be used to add additional data for higher level tools. | No |
x-kubernetes-int-or-stringbool | x-kubernetes-int-or-string specifies that this value is either an integer or a string. If this is true, an empty type is allowed and type as child of anyOf is permitted if following one of the following patterns: 1) anyOf:
| No |
allOf[]JSONSchemaProps | allOf specifies that the variable must validate against all of the subschemas in the array. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible. Validation: Schemaless: {} | No |
oneOf[]JSONSchemaProps | oneOf specifies that the variable must validate against exactly one of the subschemas in the array. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible. Validation: Schemaless: {} | No |
anyOf[]JSONSchemaProps | anyOf specifies that the variable must validate against one or more of the subschemas in the array. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible. Validation: Schemaless: {} | No |
notJSONSchemaProps | not specifies that the variable must not validate against the subschema. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible. Validation: Schemaless: {} | No |
MachineDeploymentClassNamingStrategy
MachineDeploymentClassNamingStrategy defines the naming strategy for machine deployment objects.
Appears in: MachineDeploymentClass
| Field | Description | Required |
|---|---|---|
templatestring | template defines the template to use for generating the name of the MachineDeployment object. If not defined, it will fallback to {{ .cluster.name }}-{{ .machineDeployment.topologyName }}-{{ .random }}. If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will get concatenated with a random suffix of length 5. The templating mechanism provides the following arguments: * .cluster.name: The name of the cluster object. * .random: A random alphanumeric string, without vowels, of length 5. * .machineDeployment.topologyName: The name of the MachineDeployment topology (Cluster.spec.topology.workers.machineDeployments[].name).Validation: Minimum length: 1 | No |
MachineDeploymentClassTemplate
MachineDeploymentClassTemplate defines how a MachineDeployment generated from a MachineDeploymentClass should look like.
Appears in: MachineDeploymentClass
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment. At runtime this metadata is merged with the corresponding metadata from the topology. | No |
bootstrapLocalObjectTemplate | bootstrap contains the bootstrap template reference to be used for the creation of worker Machines. | Yes |
infrastructureLocalObjectTemplate | infrastructure contains the infrastructure template reference to be used for the creation of worker Machines. | Yes |
MachineDeploymentTopology
MachineDeploymentTopology specifies the different parameters for a set of worker nodes in the topology. This set of nodes is managed by a MachineDeployment object whose lifecycle is managed by the Cluster controller.
Appears in: WorkersTopology
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment. At runtime this metadata is merged with the corresponding metadata from the ClusterClass. | No |
classstring | class is the name of the MachineDeploymentClass used to create the set of worker nodes. This should match one of the deployment classes defined in the ClusterClass object mentioned in the Cluster.Spec.Class field.Validation: Minimum length: 1 | Yes |
namestring | name is the unique identifier for this MachineDeploymentTopology. The value is used with other unique identifiers to create a MachineDeployment's Name (e.g. cluster's name, etc). In case the name is greater than the allowed maximum length, the values are hashed together. Validation: Minimum length: 1 | Yes |
failureDomainstring | failureDomain is the failure domain the machines will be created in. Must match a key in the FailureDomains map stored on the cluster object. Validation: Minimum length: 1 | No |
replicasint32 | replicas is the number of worker nodes belonging to this set. If the value is nil, the MachineDeployment is created without the number of Replicas (defaulting to 1) and it's assumed that an external entity (like cluster autoscaler) is responsible for the management of this value. | No |
machineHealthCheckMachineHealthCheckTopology | machineHealthCheck allows to enable, disable and override the MachineHealthCheck configuration in the ClusterClass for this MachineDeployment. | No |
nodeDrainTimeoutDuration | nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from kubectl drain --timeout | No |
nodeVolumeDetachTimeoutDuration | nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. | No |
nodeDeletionTimeoutDuration | nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. Defaults to 10 seconds. | No |
taints[]MachineTaint | taints are the node taints that Cluster API will manage. This list is not necessarily complete: other Kubernetes components may add or remove other taints from nodes, e.g. the node controller might add the node.kubernetes.io/not-ready taint. Only those taints defined in this list will be added or removed by core Cluster API controllers. There can be at most 64 taints. A pod would have to tolerate all existing taints to run on the corresponding node. NOTE: This list is implemented as a "map" type, meaning that individual elements can be managed by different owners. Validation: Maximum items: 64 | No |
minReadySecondsint32 | minReadySeconds is the minimum number of seconds for which a newly created machine should be ready. Defaults to 0 (machine will be considered available as soon as it is ready) | No |
readinessGates[]MachineReadinessGate | readinessGates specifies additional conditions to include when evaluating Machine Ready condition. This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine. If this field is not defined, readinessGates from the corresponding MachineDeploymentClass will be used, if any. NOTE: This field is considered only for computing v1beta2 conditions. Validation: Maximum items: 32 | No |
rolloutMachineDeploymentTopologyRolloutSpec | rollout allows you to configure the behaviour of rolling updates to the MachineDeployment Machines. It allows you to define the strategy used during rolling replacements. | No |
strategyMachineDeploymentStrategy | strategy is the deployment strategy to use to replace existing machines with new ones. | No |
variablesMachineDeploymentVariables | variables can be used to customize the MachineDeployment through patches. | No |
MachineHealthCheckTopology
MachineHealthCheckTopology defines a MachineHealthCheck for a group of machines.
Appears in: ControlPlaneTopology, MachineDeploymentTopology
| Field | Description | Required |
|---|---|---|
enablebool | enable controls if a MachineHealthCheck should be created for the target machines. If false: No MachineHealthCheck will be created. If not set(default): A MachineHealthCheck will be created if it is defined here or in the associated ClusterClass. If no MachineHealthCheck is defined then none will be created. If true: A MachineHealthCheck is guaranteed to be created. Cluster validation will block if enable is true and no MachineHealthCheck definition is available. | No |
PatchSelector
PatchSelector defines on which templates the patch should be applied. Note: Matching on APIVersion and Kind is mandatory, to enforce that the patches are written for the correct version. The version of the references in the ClusterClass may be automatically updated during reconciliation if there is a newer version for the same contract. Note: The results of selection based on the individual fields are ANDed.
Appears in: PatchDefinition
| Field | Description | Required |
|---|---|---|
apiVersionstring | apiVersion filters templates by apiVersion. Validation: Maximum length: 512 | Yes |
kindstring | kind filters templates by kind. Validation: Minimum length: 1 | Yes |
matchResourcesPatchSelectorMatch | matchResources selects templates based on where they are referenced. | Yes |
JSONPatchValue
JSONPatchValue defines the value of a patch. Note: Only one of the fields is allowed to be set at the same time.
Appears in: JSONPatch
| Field | Description | Required |
|---|---|---|
variablestring | variable is the variable to be used as value. Variable can be one of the variables defined in .spec.variables or a builtin variable. Validation: Minimum length: 1 | No |
templatestring | template is the Go template to be used to calculate the value. A template can reference variables defined in .spec.variables and builtin variables. Note: The template must evaluate to a valid YAML or JSON value. Validation: Minimum length: 1 | No |
MachineDeploymentTopologyRolloutSpec
MachineDeploymentTopologyRolloutSpec defines the rollout behavior.
Appears in: MachineDeploymentTopology
| Field | Description | Required |
|---|---|---|
afterTime | after is a field to indicate a rollout should be performed after the specified time even if no changes have been made to the MachineDeployment. Example: In the YAML the time can be specified in the RFC3339 format. To specify the rolloutAfter target as March 9, 2023, at 9 am UTC use "2023-03-09T09:00:00Z". | No |
MachineDeploymentVariables
MachineDeploymentVariables can be used to provide variables for a specific MachineDeployment.
Appears in: MachineDeploymentTopology
| Field | Description | Required |
|---|---|---|
overrides[]ClusterVariable | overrides can be used to override Cluster level variables. Validation: Maximum items: 1000 | No |
PatchSelectorMatch
PatchSelectorMatch selects templates based on where they are referenced. Note: The selector must match at least one template. Note: The results of selection based on the individual fields are ORed.
Appears in: PatchSelector
| Field | Description | Required |
|---|---|---|
controlPlanebool | controlPlane selects templates referenced in .spec.ControlPlane. Note: this will match the controlPlane and also the controlPlane machineInfrastructure (depending on the kind and apiVersion). | No |
infrastructureClusterbool | infrastructureCluster selects templates referenced in .spec.infrastructure. | No |
machineDeploymentClassPatchSelectorMatchMachineDeploymentClass | machineDeploymentClass selects templates referenced in specific MachineDeploymentClasses in .spec.workers.machineDeployments. | No |
machinePoolClassPatchSelectorMatchMachinePoolClass | machinePoolClass selects templates referenced in specific MachinePoolClasses in .spec.workers.machinePools. | No |
ValidationRule
ValidationRule describes a validation rule written in the CEL expression language.
Appears in: JSONSchemaProps
| Field | Description | Default | Required |
|---|---|---|---|
rulestring | rule represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec The Rule is scoped to the location of the x-kubernetes-validations extension in the schema. The self variable in the CEL expression is bound to the scoped value. If the Rule is scoped to an object with properties, the accessible properties of the object are field selectable via self.field and field presence can be checked via has(self.field). If the Rule is scoped to an object with additionalProperties (i.e. a map) the value of the map are accessible via self[mapKey], map containment can be checked via mapKey in self and all entries of the map are accessible via CEL macros and functions such as self.all(...). If the Rule is scoped to an array, the elements of the array are accessible via self[i] and also by macros and functions. If the Rule is scoped to a scalar, self is bound to the scalar value. Examples:
Unknown data preserved in custom resources via x-kubernetes-preserve-unknown-fields is not accessible in CEL expressions. This includes:
Only property names of the form [a-zA-Z_.-/][a-zA-Z0-9_.-/]* are accessible. Accessible property names are escaped according to the following rules when accessed in the expression:
If rule makes use of the oldSelf variable it is implicitly a transition rule.By default, the oldSelf variable is the same type as self.Transition rules by default are applied only on UPDATE requests and are skipped if an old value could not be found. Validation: Maximum length: 4096 | Yes | |
messagestring | message represents the message displayed when validation fails. The message is required if the Rule contains line breaks. The message must not contain line breaks. If unset, the message is "failed rule: {Rule}". e.g. "must be a URL with the host matching spec.host" Validation: Minimum length: 1 | No | |
messageExpressionstring | messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. Since messageExpression is used as a failure message, it must evaluate to a string. If both message and messageExpression are present on a rule, then messageExpression will be used if validation fails. If messageExpression results in a runtime error, the validation failure message is produced as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset. messageExpression has access to all the same variables as the rule; the only difference is the return type. Example: "x must be less than max ("+string(self.max)+")" Validation: Minimum length: 1 | No | |
reasonFieldValueErrorReason | reason provides a machine-readable validation failure reason that is returned to the caller when a request fails this validation rule. The currently supported reasons are: "FieldValueInvalid", "FieldValueForbidden", "FieldValueRequired", "FieldValueDuplicate". If not set, default to use "FieldValueInvalid". All future added reasons must be accepted by clients when reading this value and unknown reasons should be treated as FieldValueInvalid. Validation: Allowed values: | FieldValueInvalid | No |
fieldPathstring | fieldPath represents the field path returned when the validation fails. It must be a relative JSON path (i.e. with array notation) scoped to the location of this x-kubernetes-validations extension in the schema and refer to an existing field. e.g. when validation checks if a specific attribute foo under a map testMap, the fieldPath could be set to .testMap.foo If the validation checks two lists must have unique attributes, the fieldPath could be set to either of the list: e.g. .testList It does not support list numeric index. It supports child operation to refer to an existing field currently. Refer to JSONPath support in Kubernetes for more info. Numeric index of array is not supported. For field name which contains special characters, use ['specialName'] to refer the field name. e.g. for attribute foo.34$ appears in a list testList, the fieldPath could be set to .testList['foo.34$']Validation: Minimum length: 1 | No |
VariableSchemaMetadata
VariableSchemaMetadata is the metadata of a variable or a nested field within a variable. It can be used to add additional data for higher level tools.
Appears in: JSONSchemaProps
| Field | Description | Required |
|---|---|---|
labelsmap[string]string | labels is a map of string keys and values that can be used to organize and categorize (scope and select) variables. | No |
annotationsmap[string]string | annotations is an unstructured key value map that can be used to store and retrieve arbitrary metadata. They are not queryable. | No |
FieldValueErrorReason
FieldValueErrorReason is a machine-readable value providing more detail about why a field failed the validation.
Appears in: ValidationRule
PatchSelectorMatchMachineDeploymentClass
PatchSelectorMatchMachineDeploymentClass selects templates referenced in specific MachineDeploymentClasses in .spec.workers.machineDeployments.
Appears in: PatchSelectorMatch
| Field | Description | Required |
|---|---|---|
names[]string | names selects templates by class names. Validation: Maximum items: 100 | No |
MachineAddressType
MachineAddressType describes a valid MachineAddress type.
Appears in: MachineAddress
cluster.x-k8s.io/v1beta2
Resource Types:
Cluster
Cluster is the Schema for the clusters API.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specClusterSpec | spec is the desired state of Cluster. | No |
statusClusterStatus | status is the observed state of Cluster. | No |
ClusterClass
ClusterClass is a template which can be used to create managed topologies. NOTE: This CRD can only be used if the ClusterTopology feature gate is enabled.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specClusterClassSpec | spec is the desired state of ClusterClass. | No |
statusClusterClassStatus | status is the observed state of ClusterClass. | No |
Machine
Machine is the Schema for the machines API.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specMachineSpec | spec is the desired state of Machine. | No |
statusMachineStatus | status is the observed state of Machine. | No |
MachineDeployment
MachineDeployment is the Schema for the machinedeployments API.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specMachineDeploymentSpec | spec is the desired state of MachineDeployment. | No |
statusMachineDeploymentStatus | status is the observed state of MachineDeployment. | No |
MachineDrainRule
MachineDrainRule is the Schema for the MachineDrainRule API.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | Yes |
specMachineDrainRuleSpec | spec defines the spec of a MachineDrainRule. | No |
MachineHealthCheck
MachineHealthCheck is the Schema for the machinehealthchecks API.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specMachineHealthCheckSpec | spec is the specification of machine health check policy | No |
statusMachineHealthCheckStatus | status is the most recently observed status of MachineHealthCheck resource | No |
MachineSet
MachineSet is the Schema for the machinesets API.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specMachineSetSpec | spec is the desired state of MachineSet. | No |
statusMachineSetStatus | status is the observed state of MachineSet. | No |
ClusterClassSpec
ClusterClassSpec describes the desired state of the ClusterClass.
Appears in: ClusterClass
| Field | Description | Required |
|---|---|---|
availabilityGates[]ClusterAvailabilityGate | availabilityGates specifies additional conditions to include when evaluating Cluster Available condition. NOTE: If a Cluster is using this ClusterClass, and this Cluster defines a custom list of availabilityGates, such list overrides availabilityGates defined in this field. Validation: Maximum items: 32 | No |
infrastructureInfrastructureClass | infrastructure is a reference to a local struct that holds the details for provisioning the infrastructure cluster for the Cluster. | No |
controlPlaneControlPlaneClass | controlPlane is a reference to a local struct that holds the details for provisioning the Control Plane for the Cluster. | No |
workersWorkersClass | workers describes the worker nodes for the cluster. It is a collection of node types which can be used to create the worker nodes of the cluster. | No |
variables[]ClusterClassVariable | variables defines the variables which can be configured in the Cluster topology and are then used in patches. Validation: Minimum items: 1 | No |
patches[]ClusterClassPatch | patches defines the patches which are applied to customize referenced templates of a ClusterClass. Note: Patches will be applied in the order of the array. Validation: Maximum items: 1000 | No |
upgradeClusterClassUpgrade | upgrade defines the upgrade configuration for clusters using this ClusterClass. | No |
kubernetesVersions[]string | kubernetesVersions is the list of Kubernetes versions that can be used for clusters using this ClusterClass. The list of version must be ordered from the older to the newer version, and there should be at least one version for every minor in between the first and the last version. Validation: Maximum items: 100 | No |
ClusterClassStatus
ClusterClassStatus defines the observed state of the ClusterClass.
Appears in: ClusterClass
| Field | Description | Required |
|---|---|---|
conditions[]Condition | conditions represents the observations of a ClusterClass's current state. Known condition types are VariablesReady, RefVersionsUpToDate, Paused. Validation: Maximum items: 32 | No |
variables[]ClusterClassStatusVariable | variables is a list of ClusterClassStatusVariable that are defined for the ClusterClass. Validation: Maximum items: 1000 | No |
observedGenerationint64 | observedGeneration is the latest generation observed by the controller. Validation: Minimum: 1 | No |
deprecatedClusterClassDeprecatedStatus | deprecated groups all the status fields that are deprecated and will be removed when all the nested field are removed. | No |
ClusterSpec
ClusterSpec defines the desired state of Cluster.
Appears in: Cluster
| Field | Description | Required |
|---|---|---|
pausedbool | paused can be used to prevent controllers from processing the Cluster and all its associated objects. | No |
clusterNetworkClusterNetwork | clusterNetwork represents the cluster network configuration. | No |
controlPlaneEndpointAPIEndpoint | controlPlaneEndpoint represents the endpoint used to communicate with the control plane. | No |
controlPlaneRefContractVersionedObjectReference | controlPlaneRef is an optional reference to a provider-specific resource that holds the details for provisioning the Control Plane for a Cluster. | No |
infrastructureRefContractVersionedObjectReference | infrastructureRef is a reference to a provider-specific resource that holds the details for provisioning infrastructure for a cluster in said provider. | No |
topologyTopology | topology encapsulates the topology for the cluster. NOTE: It is required to enable the ClusterTopology feature gate flag to activate managed topologies support. | No |
availabilityGates[]ClusterAvailabilityGate | availabilityGates specifies additional conditions to include when evaluating Cluster Available condition. If this field is not defined and the Cluster implements a managed topology, availabilityGates from the corresponding ClusterClass will be used, if any. Validation: Minimum items: 1 | No |
ClusterStatus
ClusterStatus defines the observed state of Cluster.
Appears in: Cluster
| Field | Description | Required |
|---|---|---|
conditions[]Condition | conditions represents the observations of a Cluster's current state. Known condition types are Available, InfrastructureReady, ControlPlaneInitialized, ControlPlaneAvailable, WorkersAvailable, MachinesReady MachinesUpToDate, RemoteConnectionProbe, ScalingUp, ScalingDown, Remediating, Deleting, Paused. Additionally, a TopologyReconciled condition will be added in case the Cluster is referencing a ClusterClass / defining a managed Topology. Validation: Maximum items: 32 | No |
initializationClusterInitializationStatus | initialization provides observations of the Cluster initialization process. NOTE: Fields in this struct are part of the Cluster API contract and are used to orchestrate initial Cluster provisioning. | No |
controlPlaneClusterControlPlaneStatus | controlPlane groups all the observations about Cluster's ControlPlane current state. | No |
workersWorkersStatus | workers groups all the observations about Cluster's Workers current state. | No |
failureDomains[]FailureDomain | failureDomains is a slice of failure domain objects synced from the infrastructure provider. Validation: Minimum items: 1 | No |
phasestring | phase represents the current phase of cluster actuation. Validation: Allowed values: | No |
observedGenerationint64 | observedGeneration is the latest generation observed by the controller. Validation: Minimum: 1 | No |
deprecatedClusterDeprecatedStatus | deprecated groups all the status fields that are deprecated and will be removed when all the nested field are removed. | No |
MachineDeploymentSpec
MachineDeploymentSpec defines the desired state of MachineDeployment.
Appears in: MachineDeployment
| Field | Description | Required |
|---|---|---|
clusterNamestring | clusterName is the name of the Cluster this object belongs to. Validation: Minimum length: 1 | No |
replicasint32 | replicas is the number of desired machines. This is a pointer to distinguish between explicit zero and not specified. Defaults to: * if the Kubernetes autoscaler min size and max size annotations are set:
| No |
rolloutMachineDeploymentRolloutSpec | rollout allows you to configure the behaviour of rolling updates to the MachineDeployment Machines. It allows you to require that all Machines are replaced after a certain time, and allows you to define the strategy used during rolling replacements. | No |
selectorLabelSelector | selector is the label selector for machines. Existing MachineSets whose machines are selected by this will be the ones affected by this deployment. It must match the machine template's labels. | No |
templateMachineTemplateSpec | template describes the machines that will be created. | No |
machineNamingMachineNamingSpec | machineNaming allows changing the naming pattern used when creating Machines. Note: InfraMachines & BootstrapConfigs will use the same name as the corresponding Machines. | No |
remediationMachineDeploymentRemediationSpec | remediation controls how unhealthy Machines are remediated. | No |
deletionMachineDeploymentDeletionSpec | deletion contains configuration options for MachineDeployment deletion. | No |
pausedbool | paused indicates that the deployment is paused. | No |
MachineDeploymentStatus
MachineDeploymentStatus defines the observed state of MachineDeployment.
Appears in: MachineDeployment
| Field | Description | Required |
|---|---|---|
conditions[]Condition | conditions represents the observations of a MachineDeployment's current state. Known condition types are Available, MachinesReady, MachinesUpToDate, ScalingUp, ScalingDown, Remediating, Deleting, Paused. Validation: Maximum items: 32 | No |
observedGenerationint64 | observedGeneration is the generation observed by the deployment controller. Validation: Minimum: 1 | No |
selectorstring | selector is the same as the label selector but in the string format to avoid introspection by clients. The string will be in the same format as the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors Validation: Maximum length: 4096 | No |
replicasint32 | replicas is the total number of non-terminated machines targeted by this deployment (their labels match the selector). | No |
readyReplicasint32 | readyReplicas is the number of ready replicas for this MachineDeployment. A machine is considered ready when Machine's Ready condition is true. | No |
availableReplicasint32 | availableReplicas is the number of available replicas for this MachineDeployment. A machine is considered available when Machine's Available condition is true. | No |
upToDateReplicasint32 | upToDateReplicas is the number of up-to-date replicas targeted by this deployment. A machine is considered up-to-date when Machine's UpToDate condition is true. | No |
phasestring | phase represents the current phase of a MachineDeployment (ScalingUp, ScalingDown, Running, Failed, or Unknown). Validation: Allowed values: | No |
deprecatedMachineDeploymentDeprecatedStatus | deprecated groups all the status fields that are deprecated and will be removed when all the nested field are removed. | No |
MachineDrainRuleSpec
MachineDrainRuleSpec defines the spec of a MachineDrainRule.
Appears in: MachineDrainRule
| Field | Description | Required |
|---|---|---|
drainMachineDrainRuleDrainConfig | drain configures if and how Pods are drained. | No |
machines[]MachineDrainRuleMachineSelector | machines defines to which Machines this MachineDrainRule should be applied. If machines is not set, the MachineDrainRule applies to all Machines in the Namespace. If machines contains multiple selectors, the results are ORed. Within a single Machine selector the results of selector and clusterSelector are ANDed. Machines will be selected from all Clusters in the Namespace unless otherwise restricted with the clusterSelector. Example: Selects control plane Machines in all Clusters or Machines with label "os" == "linux" in Clusters with label "stage" == "production".
Validation: Minimum items: 1 | No |
pods[]MachineDrainRulePodSelector | pods defines to which Pods this MachineDrainRule should be applied. If pods is not set, the MachineDrainRule applies to all Pods in all Namespaces. If pods contains multiple selectors, the results are ORed. Within a single Pod selector the results of selector and namespaceSelector are ANDed. Pods will be selected from all Namespaces unless otherwise restricted with the namespaceSelector. Example: Selects Pods with label "app" == "logging" in all Namespaces or Pods with label "app" == "prometheus" in the "monitoring" Namespace.
Validation: Minimum items: 1 | No |
MachineHealthCheckSpec
MachineHealthCheckSpec defines the desired state of MachineHealthCheck.
Appears in: MachineHealthCheck
| Field | Description | Required |
|---|---|---|
clusterNamestring | clusterName is the name of the Cluster this object belongs to. Validation: Minimum length: 1 | No |
selectorLabelSelector | selector is a label selector to match machines whose health will be exercised | No |
checksMachineHealthCheckChecks | checks are the checks that are used to evaluate if a Machine is healthy. Independent of this configuration the MachineHealthCheck controller will always flag Machines with cluster.x-k8s.io/remediate-machine annotation and Machines with deleted Nodes as unhealthy.Furthermore, if checks.nodeStartupTimeoutSeconds is not set it is defaulted to 10 minutes and evaluated accordingly. | No |
remediationMachineHealthCheckRemediation | remediation configures if and how remediations are triggered if a Machine is unhealthy. If remediation or remediation.triggerIf is not set, remediation will always be triggered for unhealthy Machines. If remediation or remediation.templateRef is not set, the OwnerRemediated condition will be set on unhealthy Machines to trigger remediation via the owner of the Machines, for example a MachineSet or a KubeadmControlPlane. | No |
MachineHealthCheckStatus
MachineHealthCheckStatus defines the observed state of MachineHealthCheck.
Appears in: MachineHealthCheck
| Field | Description | Required |
|---|---|---|
conditions[]Condition | conditions represents the observations of a MachineHealthCheck's current state. Known condition types are RemediationAllowed, Paused. Validation: Maximum items: 32 | No |
expectedMachinesint32 | expectedMachines is the total number of machines counted by this machine health check Validation: Minimum: 0 | No |
currentHealthyint32 | currentHealthy is the total number of healthy machines counted by this machine health check Validation: Minimum: 0 | No |
remediationsAllowedint32 | remediationsAllowed is the number of further remediations allowed by this machine health check before maxUnhealthy short circuiting will be applied Validation: Minimum: 0 | No |
observedGenerationint64 | observedGeneration is the latest generation observed by the controller. Validation: Minimum: 1 | No |
targets[]string | targets shows the current list of machines the machine health check is watching Validation: items:MinLength: 1 | No |
deprecatedMachineHealthCheckDeprecatedStatus | deprecated groups all the status fields that are deprecated and will be removed when all the nested field are removed. | No |
MachineSetSpec
MachineSetSpec defines the desired state of MachineSet.
Appears in: MachineSet
| Field | Description | Required |
|---|---|---|
clusterNamestring | clusterName is the name of the Cluster this object belongs to. Validation: Minimum length: 1 | No |
replicasint32 | replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified. Defaults to: * if the Kubernetes autoscaler min size and max size annotations are set:
| No |
selectorLabelSelector | selector is a label query over machines that should match the replica count. Label keys and values that must match in order to be controlled by this MachineSet. It must match the machine template's labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors | No |
templateMachineTemplateSpec | template is the object that describes the machine that will be created if insufficient replicas are detected. Object references to custom resources are treated as templates. | No |
machineNamingMachineNamingSpec | machineNaming allows changing the naming pattern used when creating Machines. Note: InfraMachines & BootstrapConfigs will use the same name as the corresponding Machines. | No |
deletionMachineSetDeletionSpec | deletion contains configuration options for MachineSet deletion. | No |
MachineSetStatus
MachineSetStatus defines the observed state of MachineSet.
Appears in: MachineSet
| Field | Description | Required |
|---|---|---|
conditions[]Condition | conditions represents the observations of a MachineSet's current state. Known condition types are MachinesReady, MachinesUpToDate, ScalingUp, ScalingDown, Remediating, Deleting, Paused. Validation: Maximum items: 32 | No |
selectorstring | selector is the same as the label selector but in the string format to avoid introspection by clients. The string will be in the same format as the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors Validation: Minimum length: 1 | No |
replicasint32 | replicas is the most recently observed number of replicas. | No |
readyReplicasint32 | readyReplicas is the number of ready replicas for this MachineSet. A machine is considered ready when Machine's Ready condition is true. | No |
availableReplicasint32 | availableReplicas is the number of available replicas for this MachineSet. A machine is considered available when Machine's Available condition is true. | No |
upToDateReplicasint32 | upToDateReplicas is the number of up-to-date replicas for this MachineSet. A machine is considered up-to-date when Machine's UpToDate condition is true. | No |
observedGenerationint64 | observedGeneration reflects the generation of the most recently observed MachineSet. Validation: Minimum: 1 | No |
deprecatedMachineSetDeprecatedStatus | deprecated groups all the status fields that are deprecated and will be removed when all the nested field are removed. | No |
MachineSpec
MachineSpec defines the desired state of Machine.
Appears in: Machine, MachineTemplateSpec
| Field | Description | Required |
|---|---|---|
clusterNamestring | clusterName is the name of the Cluster this object belongs to. Validation: Maximum length: 63 | No |
bootstrapBootstrap | bootstrap is a reference to a local struct which encapsulates fields to configure the Machine’s bootstrapping mechanism. | No |
infrastructureRefContractVersionedObjectReference | infrastructureRef is a required reference to a custom resource offered by an infrastructure provider. | No |
versionstring | version defines the desired Kubernetes version. This field is meant to be optionally used by bootstrap providers. Validation: Minimum length: 1 | No |
providerIDstring | providerID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a generic out-of-tree provider for autoscaler, this field is required by autoscaler to be able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver and then a comparison is done to find out unregistered machines and are marked for delete. This field will be set by the actuators and consumed by higher level entities like autoscaler that will be interfacing with cluster-api as generic provider. Validation: Minimum length: 1 | No |
failureDomainstring | failureDomain is the failure domain the machine will be created in. Must match the name of a FailureDomain from the Cluster status. Validation: Minimum length: 1 | No |
minReadySecondsint32 | minReadySeconds is the minimum number of seconds for which a Machine should be ready before considering it available. Defaults to 0 (Machine will be considered available as soon as the Machine is ready) Validation: Minimum: 0 | No |
readinessGates[]MachineReadinessGate | readinessGates specifies additional conditions to include when evaluating Machine Ready condition. This field can be used e.g. by Cluster API control plane providers to extend the semantic of the Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc. Another example are external controllers, e.g. responsible to install special software/hardware on the Machines; they can include the status of those components with a new condition and add this condition to ReadinessGates. NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those readiness gates condition are reporting the same message, when computing the Machine's Ready condition those readinessGates will be replaced by a single entry reporting "Control plane components: " + message. This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster). Validation: Minimum items: 1 | No |
deletionMachineDeletionSpec | deletion contains configuration options for Machine deletion. | No |
taints[]MachineTaint | taints are the node taints that Cluster API will manage. This list is not necessarily complete: other Kubernetes components may add or remove other taints from nodes, e.g. the node controller might add the node.kubernetes.io/not-ready taint. Only those taints defined in this list will be added or removed by core Cluster API controllers. There can be at most 64 taints. A pod would have to tolerate all existing taints to run on the corresponding node. NOTE: This list is implemented as a "map" type, meaning that individual elements can be managed by different owners. Validation: Minimum items: 1 | No |
MachineStatus
MachineStatus defines the observed state of Machine.
Appears in: Machine
| Field | Description | Required |
|---|---|---|
conditions[]Condition | conditions represents the observations of a Machine's current state. Known condition types are Available, Ready, UpToDate, BootstrapConfigReady, InfrastructureReady, NodeReady, NodeHealthy, Updating, Deleting, Paused. If a MachineHealthCheck is targeting this machine, also HealthCheckSucceeded, OwnerRemediated conditions are added. Additionally control plane Machines controlled by KubeadmControlPlane will have following additional conditions: APIServerPodHealthy, ControllerManagerPodHealthy, SchedulerPodHealthy, EtcdPodHealthy, EtcdMemberHealthy, NodeKubeadmLabelsAndTaintsSet. Validation: Maximum items: 32 | No |
initializationMachineInitializationStatus | initialization provides observations of the Machine initialization process. NOTE: Fields in this struct are part of the Cluster API contract and are used to orchestrate initial Machine provisioning. | No |
nodeRefMachineNodeReference | nodeRef will point to the corresponding Node if it exists. | No |
nodeInfoNodeSystemInfo | nodeInfo is a set of ids/uuids to uniquely identify the node. More info: https://kubernetes.io/docs/concepts/nodes/node/#info | No |
lastUpdatedTime | lastUpdated identifies when the phase of the Machine last transitioned. | No |
addressesMachineAddresses | addresses is a list of addresses assigned to the machine. This field is copied from the infrastructure provider reference. | No |
failureDomainstring | failureDomain is the failure domain where the Machine has been scheduled. Validation: Minimum length: 1 | No |
phasestring | phase represents the current phase of machine actuation. Validation: Allowed values: | No |
certificatesExpiryDateTime | certificatesExpiryDate is the expiry date of the machine certificates. This value is only set for control plane machines. | No |
observedGenerationint64 | observedGeneration is the latest generation observed by the controller. Validation: Minimum: 1 | No |
deletionMachineDeletionStatus | deletion contains information relating to removal of the Machine. Only present when the Machine has a deletionTimestamp and drain or wait for volume detach started. | No |
deprecatedMachineDeprecatedStatus | deprecated groups all the status fields that are deprecated and will be removed when all the nested field are removed. | No |
ObjectMeta
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. This is a copy of customizable fields from metav1.ObjectMeta.
ObjectMeta is embedded in Machine.Spec, MachineDeployment.Template and MachineSet.Template, which are not top-level Kubernetes objects. Given that metav1.ObjectMeta has lots of special cases and read-only fields which end up in the generated CRD validation, having it as a subset simplifies the API and some issues that can impact user experience.
During the upgrade to controller-tools@v2 for v1alpha2, we noticed a failure would occur running Cluster API test suite against the new CRDs, specifically spec.metadata.creationTimestamp in body must be of type string: "null". The investigation showed that controller-tools@v2 behaves differently than its previous version when handling types from metav1 package.
In more details, we found that embedded (non-top level) types that embedded metav1.ObjectMeta had validation properties, including for creationTimestamp (metav1.Time). The metav1.Time type specifies a custom json marshaller that, when IsZero() is true, returns null which breaks validation because the field isn't marked as nullable.
In future versions, controller-tools@v2 might allow overriding the type and validation for embedded types. When that happens, this hack should be revisited.
Appears in: Cluster, ClusterClass, ControlPlaneClass, ControlPlaneTopology, Machine, MachineDeployment, MachineDeploymentClass, MachineDeploymentTopology, MachineDrainRule, MachineHealthCheck, MachineSet, MachineTemplateSpec
| Field | Description | Required |
|---|---|---|
labelsmap[string]string | labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels | No |
annotationsmap[string]string | annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations | No |
APIEndpoint
APIEndpoint represents a reachable Kubernetes API endpoint.
Appears in: ClusterSpec
| Field | Description | Required |
|---|---|---|
hoststring | host is the hostname on which the API server is serving. Validation: Minimum length: 1 | No |
portint32 | port is the port on which the API server is serving. Validation: Minimum: 1 | No |
Bootstrap
Bootstrap encapsulates fields to configure the Machine’s bootstrapping mechanism.
Appears in: MachineSpec
| Field | Description | Required |
|---|---|---|
configRefContractVersionedObjectReference | configRef is a reference to a bootstrap provider-specific resource that holds configuration details. The reference is optional to allow users/operators to specify Bootstrap.DataSecretName without the need of a controller. | No |
dataSecretNamestring | dataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine should remain in the Pending state. Validation: Maximum length: 253 | No |
ClusterAvailabilityGate
ClusterAvailabilityGate contains the type of a Cluster condition to be used as availability gate.
Appears in: ClusterClassSpec, ClusterSpec
| Field | Description | Required |
|---|---|---|
conditionTypestring | conditionType refers to a condition with matching type in the Cluster's condition list. If the conditions doesn't exist, it will be treated as unknown. Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as availability gates. Validation: Pattern: | No |
polarityConditionPolarity | polarity of the conditionType specified in this availabilityGate. Valid values are Positive, Negative and omitted. When omitted, the default behaviour will be Positive. A positive polarity means that the condition should report a true status under normal conditions. A negative polarity means that the condition should report a false status under normal conditions. | No |
ClusterClassDeprecatedStatus
ClusterClassDeprecatedStatus groups all the status fields that are deprecated and will be removed in a future version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.
Appears in: ClusterClassStatus
| Field | Description | Required |
|---|---|---|
v1beta1ClusterClassV1Beta1DeprecatedStatus | v1beta1 groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped. | No |
ClusterClassPatch
ClusterClassPatch defines a patch which is applied to customize the referenced templates.
Appears in: ClusterClassSpec
| Field | Description | Required |
|---|---|---|
namestring | name of the patch. Validation: Minimum length: 1 | No |
descriptionstring | description is a human-readable description of this patch. Validation: Maximum length: 1024 | No |
enabledIfstring | enabledIf is a Go template to be used to calculate if a patch should be enabled. It can reference variables defined in .spec.variables and builtin variables. The patch will be enabled if the template evaluates to true, otherwise it will be disabled. If EnabledIf is not set, the patch will be enabled per default.Validation: Minimum length: 1 | No |
definitions[]PatchDefinition | definitions define inline patches. Note: Patches will be applied in the order of the array. Note: Exactly one of Definitions or External must be set. Validation: Maximum items: 100 | No |
externalExternalPatchDefinition | external defines an external patch. Note: Exactly one of Definitions or External must be set. | No |
ClusterClassStatusVariable
ClusterClassStatusVariable defines a variable which appears in the status of a ClusterClass.
Appears in: ClusterClassStatus
| Field | Description | Required |
|---|---|---|
namestring | name is the name of the variable. Validation: Minimum length: 1 | No |
definitionsConflictbool | definitionsConflict specifies whether or not there are conflicting definitions for a single variable name. | No |
definitions[]ClusterClassStatusVariableDefinition | definitions is a list of definitions for a variable. Validation: Minimum items: 1 | No |
ClusterClassUpgrade
ClusterClassUpgrade defines the upgrade configuration for clusters using the ClusterClass.
Appears in: ClusterClassSpec
| Field | Description | Required |
|---|---|---|
externalClusterClassUpgradeExternal | external defines external runtime extensions for upgrade operations. | No |
ClusterClassVariable
ClusterClassVariable defines a variable which can be configured in the Cluster topology and used in patches.
Appears in: ClusterClassSpec
| Field | Description | Required |
|---|---|---|
namestring | name of the variable. Validation: Minimum length: 1 | No |
requiredbool | required specifies if the variable is required. Note: this applies to the variable as a whole and thus the top-level object defined in the schema. If nested fields are required, this will be specified inside the schema. | No |
deprecatedV1Beta1MetadataClusterClassVariableMetadata | deprecatedV1Beta1Metadata is the metadata of a variable. It can be used to add additional data for higher level tools to a ClusterClassVariable. Deprecated: This field is deprecated and will be removed when support for v1beta1 will be dropped. Please use XMetadata in JSONSchemaProps instead. | No |
schemaVariableSchema | schema defines the schema of the variable. | No |
ClusterControlPlaneStatus
ClusterControlPlaneStatus groups all the observations about control plane current state.
Appears in: ClusterStatus
| Field | Description | Required |
|---|---|---|
desiredReplicasint32 | desiredReplicas is the total number of desired control plane machines in this cluster. | No |
replicasint32 | replicas is the total number of control plane machines in this cluster. NOTE: replicas also includes machines still being provisioned or being deleted. | No |
upToDateReplicasint32 | upToDateReplicas is the number of up-to-date control plane machines in this cluster. A machine is considered up-to-date when Machine's UpToDate condition is true. | No |
readyReplicasint32 | readyReplicas is the total number of ready control plane machines in this cluster. A machine is considered ready when Machine's Ready condition is true. | No |
availableReplicasint32 | availableReplicas is the total number of available control plane machines in this cluster. A machine is considered available when Machine's Available condition is true. | No |
ClusterDeprecatedStatus
ClusterDeprecatedStatus groups all the status fields that are deprecated and will be removed in a future version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.
Appears in: ClusterStatus
| Field | Description | Required |
|---|---|---|
v1beta1ClusterV1Beta1DeprecatedStatus | v1beta1 groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped. | No |
ClusterInitializationStatus
ClusterInitializationStatus provides observations of the Cluster initialization process. NOTE: Fields in this struct are part of the Cluster API contract and are used to orchestrate initial Cluster provisioning.
Appears in: ClusterStatus
| Field | Description | Required |
|---|---|---|
infrastructureProvisionedbool | infrastructureProvisioned is true when the infrastructure provider reports that Cluster's infrastructure is fully provisioned. NOTE: this field is part of the Cluster API contract, and it is used to orchestrate provisioning. The value of this field is never updated after provisioning is completed. | No |
controlPlaneInitializedbool | controlPlaneInitialized denotes when the control plane is functional enough to accept requests. This information is usually used as a signal for starting all the provisioning operations that depends on a functional API server, but do not require a full HA control plane to exists, like e.g. join worker Machines, install core addons like CNI, CPI, CSI etc. NOTE: this field is part of the Cluster API contract, and it is used to orchestrate provisioning. The value of this field is never updated after initialization is completed. | No |
ClusterNetwork
ClusterNetwork specifies the different networking parameters for a cluster.
Appears in: ClusterSpec
| Field | Description | Required |
|---|---|---|
apiServerPortint32 | apiServerPort specifies the port the API Server should bind to. Defaults to 6443. Validation: Minimum: 1 | No |
servicesNetworkRanges | services is the network ranges from which service VIPs are allocated. | No |
podsNetworkRanges | pods is the network ranges from which Pod networks are allocated. | No |
serviceDomainstring | serviceDomain is the domain name for services. Validation: Minimum length: 1 | No |
Condition
Condition defines an observation of a Cluster API resource operational state.
Deprecated: This type is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
Appears in: ClusterClassStatus, ClusterStatus, MachineDeploymentStatus, MachineHealthCheckStatus, MachineSetStatus, MachineStatus
| Field | Description | Required |
|---|---|---|
typeConditionType | type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. | Yes |
statusConditionStatus | status of the condition, one of True, False, Unknown. | Yes |
severityConditionSeverity | severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. | No |
lastTransitionTimeTime | lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. | Yes |
reasonstring | reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may be empty. Validation: Minimum length: 1 | No |
messagestring | message is a human readable message indicating details about the transition. This field may be empty. Validation: Minimum length: 1 | No |
ContractVersionedObjectReference
ContractVersionedObjectReference is a reference to a resource for which the version is inferred from contract labels.
Appears in: Bootstrap, ClusterSpec, MachineSpec
| Field | Description | Required |
|---|---|---|
kindstring | kind of the resource being referenced. kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character. Validation: Pattern: | No |
namestring | name of the resource being referenced. name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. Validation: Minimum length: 1 | No |
apiGroupstring | apiGroup is the group of the resource being referenced. apiGroup must be fully qualified domain name. The corresponding version for this reference will be looked up from the contract labels of the corresponding CRD of the resource being referenced. Validation: Minimum length: 1 | No |
ControlPlaneClass
ControlPlaneClass defines the class for the control plane.
Appears in: ClusterClassSpec
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane if the ControlPlaneTemplate referenced is machine based. If not, it is applied only to the ControlPlane. At runtime this metadata is merged with the corresponding metadata from the topology. This field is supported if and only if the control plane provider template referenced is Machine based. | No |
templateRefClusterClassTemplateReference | templateRef contains the reference to a provider-specific control plane template. | No |
machineInfrastructureControlPlaneClassMachineInfrastructureTemplate | machineInfrastructure defines the metadata and infrastructure information for control plane machines. This field is supported if and only if the control plane provider template referenced above is Machine based and supports setting replicas. | No |
healthCheckControlPlaneClassHealthCheck | healthCheck defines a MachineHealthCheck for this ControlPlaneClass. This field is supported if and only if the ControlPlane provider template referenced above is Machine based and supports setting replicas. | No |
namingControlPlaneClassNamingSpec | naming allows changing the naming pattern used when creating the control plane provider object. | No |
deletionControlPlaneClassMachineDeletionSpec | deletion contains configuration options for Machine deletion. | No |
taints[]MachineTaint | taints are the node taints that Cluster API will manage. This list is not necessarily complete: other Kubernetes components may add or remove other taints from nodes, e.g. the node controller might add the node.kubernetes.io/not-ready taint. Only those taints defined in this list will be added or removed by core Cluster API controllers. There can be at most 64 taints. A pod would have to tolerate all existing taints to run on the corresponding node. NOTE: This list is implemented as a "map" type, meaning that individual elements can be managed by different owners. Validation: Minimum items: 1 | No |
readinessGates[]MachineReadinessGate | readinessGates specifies additional conditions to include when evaluating Machine Ready condition. This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine. NOTE: If a Cluster defines a custom list of readinessGates for the control plane, such list overrides readinessGates defined in this field. NOTE: Specific control plane provider implementations might automatically extend the list of readinessGates; e.g. the kubeadm control provider adds ReadinessGates for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc. Validation: Minimum items: 1 | No |
FailureDomain
FailureDomain is the Schema for Cluster API failure domains. It allows controllers to understand how many failure domains a cluster can optionally span across.
Appears in: ClusterStatus
| Field | Description | Required |
|---|---|---|
namestring | name is the name of the failure domain. Validation: Minimum length: 1 | No |
controlPlanebool | controlPlane determines if this failure domain is suitable for use by control plane machines. | No |
attributesmap[string]string | attributes is a free form map of attributes an infrastructure provider might use or require. | No |
InfrastructureClass
InfrastructureClass defines the class for the infrastructure cluster.
Appears in: ClusterClassSpec
| Field | Description | Required |
|---|---|---|
templateRefClusterClassTemplateReference | templateRef contains the reference to a provider-specific infrastructure cluster template. | No |
namingInfrastructureClassNamingSpec | naming allows changing the naming pattern used when creating the infrastructure cluster object. | No |
MachineAddresses
MachineAddresses is a slice of MachineAddress items to be used by infrastructure providers.
Appears in: MachineStatus
MachineDeletionSpec
MachineDeletionSpec contains configuration options for Machine deletion.
Appears in: MachineSpec
| Field | Description | Required |
|---|---|---|
nodeDrainTimeoutSecondsint32 | nodeDrainTimeoutSeconds is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: nodeDrainTimeoutSeconds is different from kubectl drain --timeoutValidation: Minimum: 0 | No |
nodeVolumeDetachTimeoutSecondsint32 | nodeVolumeDetachTimeoutSeconds is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. Validation: Minimum: 0 | No |
nodeDeletionTimeoutSecondsint32 | nodeDeletionTimeoutSeconds defines how long the controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. Defaults to 10 seconds. Validation: Minimum: 0 | No |
MachineDeletionStatus
MachineDeletionStatus is the deletion state of the Machine.
Appears in: MachineStatus
| Field | Description | Required |
|---|---|---|
nodeDrainStartTimeTime | nodeDrainStartTime is the time when the drain of the node started and is used to determine if the nodeDrainTimeoutSeconds is exceeded. Only present when the Machine has a deletionTimestamp and draining the node had been started. | No |
waitForNodeVolumeDetachStartTimeTime | waitForNodeVolumeDetachStartTime is the time when waiting for volume detachment started and is used to determine if the nodeVolumeDetachTimeoutSeconds is exceeded. Detaching volumes from nodes is usually done by CSI implementations and the current state is observed from the node's .Status.VolumesAttached field. Only present when the Machine has a deletionTimestamp and waiting for volume detachments had been started. | No |
MachineDeploymentDeletionSpec
MachineDeploymentDeletionSpec contains configuration options for MachineDeployment deletion.
Appears in: MachineDeploymentSpec
| Field | Description | Required |
|---|---|---|
orderMachineSetDeletionOrder | order defines the order in which Machines are deleted when downscaling. Defaults to "Random". Valid values are "Random, "Newest", "Oldest" | No |
MachineDeploymentDeprecatedStatus
MachineDeploymentDeprecatedStatus groups all the status fields that are deprecated and will be removed in a future version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.
Appears in: MachineDeploymentStatus
| Field | Description | Required |
|---|---|---|
v1beta1MachineDeploymentV1Beta1DeprecatedStatus | v1beta1 groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped. | No |
MachineDeploymentRemediationSpec
MachineDeploymentRemediationSpec controls how unhealthy Machines are remediated.
Appears in: MachineDeploymentSpec
| Field | Description | Required |
|---|---|---|
maxInFlightIntOrString | maxInFlight determines how many in flight remediations should happen at the same time. Remediation only happens on the MachineSet with the most current revision, while older MachineSets (usually present during rollout operations) aren't allowed to remediate. Note: In general (independent of remediations), unhealthy machines are always prioritized during scale down operations over healthy ones. MaxInFlight can be set to a fixed number or a percentage. Example: when this is set to 20%, the MachineSet controller deletes at most 20% of the desired replicas. If not set, remediation is limited to all machines (bounded by replicas) under the active MachineSet's management. | No |
MachineDeploymentRolloutSpec
MachineDeploymentRolloutSpec defines the rollout behavior.
Appears in: MachineDeploymentSpec
| Field | Description | Required |
|---|---|---|
afterTime | after is a field to indicate a rollout should be performed after the specified time even if no changes have been made to the MachineDeployment. Example: In the YAML the time can be specified in the RFC3339 format. To specify the rolloutAfter target as March 9, 2023, at 9 am UTC use "2023-03-09T09:00:00Z". | No |
strategyMachineDeploymentRolloutStrategy | strategy specifies how to roll out control plane Machines. | No |
MachineDeprecatedStatus
MachineDeprecatedStatus groups all the status fields that are deprecated and will be removed in a future version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.
Appears in: MachineStatus
| Field | Description | Required |
|---|---|---|
v1beta1MachineV1Beta1DeprecatedStatus | v1beta1 groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. | No |
MachineDrainRuleDrainConfig
MachineDrainRuleDrainConfig configures if and how Pods are drained.
Appears in: MachineDrainRuleSpec
| Field | Description | Required |
|---|---|---|
behaviorMachineDrainRuleDrainBehavior | behavior defines the drain behavior. Can be either "Drain", "Skip", or "WaitCompleted". "Drain" means that the Pods to which this MachineDrainRule applies will be drained. If behavior is set to "Drain" the order in which Pods are drained can be configured with the order field. When draining Pods of a Node the Pods will be grouped by order and one group after another will be drained (by increasing order). Cluster API will wait until all Pods of a group are terminated / removed from the Node before starting with the next group. "Skip" means that the Pods to which this MachineDrainRule applies will be skipped during drain. "WaitCompleted" means that the pods to which this MachineDrainRule applies will never be evicted and we wait for them to be completed, it is enforced that pods marked with this behavior always have Order=0. | No |
orderint32 | order defines the order in which Pods are drained. Pods with higher order are drained after Pods with lower order. order can only be set if behavior is set to "Drain". If order is not set, 0 will be used. Valid values for order are from -2147483648 to 2147483647 (inclusive). | No |
MachineDrainRuleMachineSelector
MachineDrainRuleMachineSelector defines to which Machines this MachineDrainRule should be applied.
Appears in: MachineDrainRuleSpec
| Field | Description | Required |
|---|---|---|
selectorLabelSelector | selector is a label selector which selects Machines by their labels. This field follows standard label selector semantics; if not present or empty, it selects all Machines. If clusterSelector is also set, then the selector as a whole selects Machines matching selector belonging to Clusters selected by clusterSelector. If clusterSelector is not set, it selects all Machines matching selector in all Clusters. | No |
clusterSelectorLabelSelector | clusterSelector is a label selector which selects Machines by the labels of their Clusters. This field follows standard label selector semantics; if not present or empty, it selects Machines of all Clusters. If selector is also set, then the selector as a whole selects Machines matching selector belonging to Clusters selected by clusterSelector. If selector is not set, it selects all Machines belonging to Clusters selected by clusterSelector. | No |
MachineDrainRulePodSelector
MachineDrainRulePodSelector defines to which Pods this MachineDrainRule should be applied.
Appears in: MachineDrainRuleSpec
| Field | Description | Required |
|---|---|---|
selectorLabelSelector | selector is a label selector which selects Pods by their labels. This field follows standard label selector semantics; if not present or empty, it selects all Pods. If namespaceSelector is also set, then the selector as a whole selects Pods matching selector in Namespaces selected by namespaceSelector. If namespaceSelector is not set, it selects all Pods matching selector in all Namespaces. | No |
namespaceSelectorLabelSelector | namespaceSelector is a label selector which selects Pods by the labels of their Namespaces. This field follows standard label selector semantics; if not present or empty, it selects Pods of all Namespaces. If selector is also set, then the selector as a whole selects Pods matching selector in Namespaces selected by namespaceSelector. If selector is not set, it selects all Pods in Namespaces selected by namespaceSelector. | No |
MachineHealthCheckChecks
MachineHealthCheckChecks are the checks that are used to evaluate if a Machine is healthy.
Appears in: MachineHealthCheckSpec
| Field | Description | Required |
|---|---|---|
nodeStartupTimeoutSecondsint32 | nodeStartupTimeoutSeconds allows to set the maximum time for MachineHealthCheck to consider a Machine unhealthy if a corresponding Node isn't associated through a Spec.ProviderID field.The duration set in this field is compared to the greatest of:
Defaults to 10 minutes. If you wish to disable this feature, set the value explicitly to 0. Validation: Minimum: 0 | No |
unhealthyNodeConditions[]UnhealthyNodeCondition | unhealthyNodeConditions contains a list of conditions that determine whether a node is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy. Validation: Minimum items: 1 | No |
unhealthyMachineConditions[]UnhealthyMachineCondition | unhealthyMachineConditions contains a list of the machine conditions that determine whether a machine is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the machine is unhealthy. Validation: Minimum items: 1 | No |
MachineHealthCheckDeprecatedStatus
MachineHealthCheckDeprecatedStatus groups all the status fields that are deprecated and will be removed in a future version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.
Appears in: MachineHealthCheckStatus
| Field | Description | Required |
|---|---|---|
v1beta1MachineHealthCheckV1Beta1DeprecatedStatus | v1beta1 groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped. | No |
MachineHealthCheckRemediation
MachineHealthCheckRemediation configures if and how remediations are triggered if a Machine is unhealthy.
Appears in: MachineHealthCheckSpec
| Field | Description | Required |
|---|---|---|
triggerIfMachineHealthCheckRemediationTriggerIf | triggerIf configures if remediations are triggered. If this field is not set, remediations are always triggered. | No |
templateRefMachineHealthCheckRemediationTemplateReference | templateRef is a reference to a remediation template provided by an infrastructure provider. This field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Cluster API. | No |
MachineInitializationStatus
MachineInitializationStatus provides observations of the Machine initialization process. NOTE: Fields in this struct are part of the Cluster API contract and are used to orchestrate initial Machine provisioning.
Appears in: MachineStatus
| Field | Description | Required |
|---|---|---|
infrastructureProvisionedbool | infrastructureProvisioned is true when the infrastructure provider reports that Machine's infrastructure is fully provisioned. NOTE: this field is part of the Cluster API contract, and it is used to orchestrate provisioning. The value of this field is never updated after provisioning is completed. | No |
bootstrapDataSecretCreatedbool | bootstrapDataSecretCreated is true when the bootstrap provider reports that the Machine's boostrap secret is created. NOTE: this field is part of the Cluster API contract, and it is used to orchestrate provisioning. The value of this field is never updated after provisioning is completed. | No |
MachineNamingSpec
MachineNamingSpec allows changing the naming pattern used when creating Machines. Note: InfraMachines & BootstrapConfigs will use the same name as the corresponding Machines.
Appears in: MachineDeploymentSpec, MachineSetSpec
| Field | Description | Required |
|---|---|---|
templatestring | template defines the template to use for generating the names of the Machine objects. If not defined, it will fallback to {{ .machineSet.name }}-{{ .random }}. If the generated name string exceeds 63 characters, it will be trimmed to 58 characters and will get concatenated with a random suffix of length 5. Length of the template string must not exceed 256 characters. The template allows the following variables .cluster.name, .machineSet.name and .random. The variable .cluster.name retrieves the name of the cluster object that owns the Machines being created. The variable .machineSet.name retrieves the name of the MachineSet object that owns the Machines being created. The variable .random is substituted with random alphanumeric string, without vowels, of length 5. This variable is required part of the template. If not provided, validation will fail.Validation: Maximum length: 256 | No |
MachineNodeReference
MachineNodeReference is a reference to the node running on the machine.
Appears in: MachineStatus
| Field | Description | Required |
|---|---|---|
namestring | name of the node. name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. Validation: Maximum length: 253 | No |
MachineReadinessGate
MachineReadinessGate contains the type of a Machine condition to be used as a readiness gate.
Appears in: ControlPlaneClass, ControlPlaneTopology, MachineDeploymentClass, MachineDeploymentTopology, MachineSpec
| Field | Description | Required |
|---|---|---|
conditionTypestring | conditionType refers to a condition with matching type in the Machine's condition list. If the conditions doesn't exist, it will be treated as unknown. Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. Validation: Pattern: | No |
polarityConditionPolarity | polarity of the conditionType specified in this readinessGate. Valid values are Positive, Negative and omitted. When omitted, the default behaviour will be Positive. A positive polarity means that the condition should report a true status under normal conditions. A negative polarity means that the condition should report a false status under normal conditions. | No |
MachineSetDeletionSpec
MachineSetDeletionSpec contains configuration options for MachineSet deletion.
Appears in: MachineSetSpec
| Field | Description | Required |
|---|---|---|
orderMachineSetDeletionOrder | order defines the order in which Machines are deleted when downscaling. Defaults to "Random". Valid values are "Random, "Newest", "Oldest" | No |
MachineSetDeprecatedStatus
MachineSetDeprecatedStatus groups all the status fields that are deprecated and will be removed in a future version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.
Appears in: MachineSetStatus
| Field | Description | Required |
|---|---|---|
v1beta1MachineSetV1Beta1DeprecatedStatus | v1beta1 groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped. | No |
MachineTaint
MachineTaint defines a taint equivalent to corev1.Taint, but additionally having a propagation field.
Appears in: ControlPlaneClass, ControlPlaneTopology, MachineDeploymentClass, MachineDeploymentTopology, MachineSpec
| Field | Description | Required |
|---|---|---|
keystring | key is the taint key to be applied to a node. Must be a valid qualified name of maximum size 63 characters with an optional subdomain prefix of maximum size 253 characters, separated by a /.Validation: Minimum length: 1 | No |
valuestring | value is the taint value corresponding to the taint key. It must be a valid label value of maximum size 63 characters. Validation: Minimum length: 1 | No |
effectTaintEffect | effect is the effect for the taint. Valid values are NoSchedule, PreferNoSchedule and NoExecute. Validation: Allowed values: | No |
propagationMachineTaintPropagation | propagation defines how this taint should be propagated to nodes. Valid values are 'Always' and 'OnInitialization'. Always: The taint will be continuously reconciled. If it is not set for a node, it will be added during reconciliation. OnInitialization: The taint will be added during node initialization. If it gets removed from the node later on it will not get added again. | No |
MachineTemplateSpec
MachineTemplateSpec describes the data needed to create a Machine from a template.
Appears in: MachineDeploymentSpec, MachineSetSpec
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specMachineSpec | spec is the specification of the desired behavior of the machine. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | No |
Topology
Topology encapsulates the information of the managed resources.
Appears in: ClusterSpec
| Field | Description | Required |
|---|---|---|
classRefClusterClassRef | classRef is the ref to the ClusterClass that should be used for the topology. | No |
versionstring | version is the Kubernetes version of the cluster. Validation: Minimum length: 1 | No |
controlPlaneControlPlaneTopology | controlPlane describes the cluster control plane. | No |
workersWorkersTopology | workers encapsulates the different constructs that form the worker nodes for the cluster. | No |
variables[]ClusterVariable | variables can be used to customize the Cluster through patches. They must comply to the corresponding VariableClasses defined in the ClusterClass. Validation: Maximum items: 1000 | No |
WorkersClass
WorkersClass is a collection of deployment classes.
Appears in: ClusterClassSpec
| Field | Description | Required |
|---|---|---|
machineDeployments[]MachineDeploymentClass | machineDeployments is a list of machine deployment classes that can be used to create a set of worker nodes. Validation: Minimum items: 1 | No |
machinePools[]MachinePoolClass | machinePools is a list of machine pool classes that can be used to create a set of worker nodes. Validation: Minimum items: 1 | No |
WorkersStatus
WorkersStatus groups all the observations about workers current state.
Appears in: ClusterStatus
| Field | Description | Required |
|---|---|---|
desiredReplicasint32 | desiredReplicas is the total number of desired worker machines in this cluster. | No |
replicasint32 | replicas is the total number of worker machines in this cluster. NOTE: replicas also includes machines still being provisioned or being deleted. | No |
upToDateReplicasint32 | upToDateReplicas is the number of up-to-date worker machines in this cluster. A machine is considered up-to-date when Machine's UpToDate condition is true. | No |
readyReplicasint32 | readyReplicas is the total number of ready worker machines in this cluster. A machine is considered ready when Machine's Ready condition is true. | No |
availableReplicasint32 | availableReplicas is the total number of available worker machines in this cluster. A machine is considered available when Machine's Available condition is true. | No |
ClusterClassRef
ClusterClassRef is the ref to the ClusterClass that should be used for the topology.
Appears in: Topology
| Field | Description | Required |
|---|---|---|
namestring | name is the name of the ClusterClass that should be used for the topology. name must be a valid ClusterClass name and because of that be at most 253 characters in length and it must consist only of lower case alphanumeric characters, hyphens (-) and periods (.), and must start and end with an alphanumeric character. Validation: Maximum length: 253 | No |
namespacestring | namespace is the namespace of the ClusterClass that should be used for the topology. If namespace is empty or not set, it is defaulted to the namespace of the Cluster object. namespace must be a valid namespace name and because of that be at most 63 characters in length and it must consist only of lower case alphanumeric characters or hyphens (-), and must start and end with an alphanumeric character. Validation: Minimum length: 1 | No |
ClusterClassStatusVariableDefinition
ClusterClassStatusVariableDefinition defines a variable which appears in the status of a ClusterClass.
Appears in: ClusterClassStatusVariable
| Field | Description | Required |
|---|---|---|
fromstring | from specifies the origin of the variable definition. This will be inline for variables defined in the ClusterClass or the name of a patch defined in the ClusterClass for variables discovered from a DiscoverVariables runtime extensions.Validation: Minimum length: 1 | No |
requiredbool | required specifies if the variable is required. Note: this applies to the variable as a whole and thus the top-level object defined in the schema. If nested fields are required, this will be specified inside the schema. | No |
deprecatedV1Beta1MetadataClusterClassVariableMetadata | deprecatedV1Beta1Metadata is the metadata of a variable. It can be used to add additional data for higher level tools to a ClusterClassVariable. Deprecated: This field is deprecated and will be removed when support for v1beta1 will be dropped. Please use XMetadata in JSONSchemaProps instead. | No |
schemaVariableSchema | schema defines the schema of the variable. | No |
ClusterClassTemplateReference
ClusterClassTemplateReference is a reference to a ClusterClass template.
Appears in: ControlPlaneClass, ControlPlaneClassMachineInfrastructureTemplate, InfrastructureClass, MachineDeploymentClassBootstrapTemplate, MachineDeploymentClassInfrastructureTemplate
| Field | Description | Required |
|---|---|---|
kindstring | kind of the template. kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character. Validation: Minimum length: 1 | No |
namestring | name of the template. name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. Validation: Minimum length: 1 | No |
apiVersionstring | apiVersion of the template. apiVersion must be fully qualified domain name followed by / and a version. Validation: Maximum length: 317 | No |
ClusterClassUpgradeExternal
ClusterClassUpgradeExternal defines external runtime extensions for upgrade operations.
Appears in: ClusterClassUpgrade
| Field | Description | Required |
|---|---|---|
generateUpgradePlanExtensionstring | generateUpgradePlanExtension references an extension which is called to generate upgrade plan. Validation: Minimum length: 1 | No |
ClusterClassV1Beta1DeprecatedStatus
ClusterClassV1Beta1DeprecatedStatus groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.
Appears in: ClusterClassDeprecatedStatus
| Field | Description | Required |
|---|---|---|
conditionsConditions | conditions defines current observed state of the ClusterClass. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. | No |
ClusterClassVariableMetadata
ClusterClassVariableMetadata is the metadata of a variable. It can be used to add additional data for higher level tools to a ClusterClassVariable.
Deprecated: This struct is deprecated and is going to be removed in the next apiVersion.
Appears in: ClusterClassStatusVariableDefinition, ClusterClassVariable
| Field | Description | Required |
|---|---|---|
labelsmap[string]string | labels is a map of string keys and values that can be used to organize and categorize (scope and select) variables. | No |
annotationsmap[string]string | annotations is an unstructured key value map that can be used to store and retrieve arbitrary metadata. They are not queryable. | No |
ClusterV1Beta1DeprecatedStatus
ClusterV1Beta1DeprecatedStatus groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.
Appears in: ClusterDeprecatedStatus
| Field | Description | Required |
|---|---|---|
conditionsConditions | conditions defines current service state of the cluster. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. | No |
failureReasonClusterStatusError | failureReason indicates that there is a fatal problem reconciling the state, and will be set to a token value suitable for programmatic interpretation. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. | No |
failureMessagestring | failureMessage indicates that there is a fatal problem reconciling the state, and will be set to a descriptive error message. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. Validation: Minimum length: 1 | No |
ClusterVariable
ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a Variable definition in the ClusterClass status variables.
Appears in: ControlPlaneVariables, MachineDeploymentVariables, Topology
| Field | Description | Required |
|---|---|---|
namestring | name of the variable. Validation: Minimum length: 1 | No |
valueJSON | value of the variable. Note: the value will be validated against the schema of the corresponding ClusterClassVariable from the ClusterClass. Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools, i.e. it is not possible to have no type field. Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 | No |
ConditionPolarity
ConditionPolarity defines the polarity for a metav1.Condition.
Appears in: ClusterAvailabilityGate, MachineReadinessGate
ConditionSeverity
ConditionSeverity expresses the severity of a Condition Type failing.
Deprecated: This type is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
Appears in: Condition
ConditionType
ConditionType is a valid value for Condition.Type.
Deprecated: This type is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
Appears in: Condition
ControlPlaneClassHealthCheck
ControlPlaneClassHealthCheck defines a MachineHealthCheck for control plane machines.
Appears in: ControlPlaneClass
| Field | Description | Required |
|---|---|---|
checksControlPlaneClassHealthCheckChecks | checks are the checks that are used to evaluate if a Machine is healthy. Independent of this configuration the MachineHealthCheck controller will always flag Machines with cluster.x-k8s.io/remediate-machine annotation and Machines with deleted Nodes as unhealthy.Furthermore, if checks.nodeStartupTimeoutSeconds is not set it is defaulted to 10 minutes and evaluated accordingly. | No |
remediationControlPlaneClassHealthCheckRemediation | remediation configures if and how remediations are triggered if a Machine is unhealthy. If remediation or remediation.triggerIf is not set, remediation will always be triggered for unhealthy Machines. If remediation or remediation.templateRef is not set, the OwnerRemediated condition will be set on unhealthy Machines to trigger remediation via the owner of the Machines, for example a MachineSet or a KubeadmControlPlane. | No |
ControlPlaneClassMachineDeletionSpec
ControlPlaneClassMachineDeletionSpec contains configuration options for Machine deletion.
Appears in: ControlPlaneClass
| Field | Description | Required |
|---|---|---|
nodeDrainTimeoutSecondsint32 | nodeDrainTimeoutSeconds is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: nodeDrainTimeoutSeconds is different from kubectl drain --timeout NOTE: This value can be overridden while defining a Cluster.Topology.Validation: Minimum: 0 | No |
nodeVolumeDetachTimeoutSecondsint32 | nodeVolumeDetachTimeoutSeconds is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. NOTE: This value can be overridden while defining a Cluster.Topology. Validation: Minimum: 0 | No |
nodeDeletionTimeoutSecondsint32 | nodeDeletionTimeoutSeconds defines how long the controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. Defaults to 10 seconds. NOTE: This value can be overridden while defining a Cluster.Topology. Validation: Minimum: 0 | No |
ControlPlaneClassMachineInfrastructureTemplate
ControlPlaneClassMachineInfrastructureTemplate defines the template for a MachineInfrastructure of a ControlPlane.
Appears in: ControlPlaneClass
| Field | Description | Required |
|---|---|---|
templateRefClusterClassTemplateReference | templateRef is a required reference to the template for a MachineInfrastructure of a ControlPlane. | No |
ControlPlaneClassNamingSpec
ControlPlaneClassNamingSpec defines the naming strategy for control plane objects.
Appears in: ControlPlaneClass
| Field | Description | Required |
|---|---|---|
templatestring | template defines the template to use for generating the name of the ControlPlane object. If not defined, it will fallback to {{ .cluster.name }}-{{ .random }}. If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will get concatenated with a random suffix of length 5. The templating mechanism provides the following arguments: * .cluster.name: The name of the cluster object. * .random: A random alphanumeric string, without vowels, of length 5.Validation: Minimum length: 1 | No |
ControlPlaneTopology
ControlPlaneTopology specifies the parameters for the control plane nodes in the cluster.
Appears in: Topology
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane if the ControlPlaneTemplate referenced by the ClusterClass is machine based. If not, it is applied only to the ControlPlane. At runtime this metadata is merged with the corresponding metadata from the ClusterClass. | No |
replicasint32 | replicas is the number of control plane nodes. If the value is not set, the ControlPlane object is created without the number of Replicas and it's assumed that the control plane controller does not implement support for this field. When specified against a control plane provider that lacks support for this field, this value will be ignored. | No |
rolloutControlPlaneTopologyRolloutSpec | rollout allows you to configure the behavior of rolling updates to the control plane. | No |
healthCheckControlPlaneTopologyHealthCheck | healthCheck allows to enable, disable and override control plane health check configuration from the ClusterClass for this control plane. | No |
deletionControlPlaneTopologyMachineDeletionSpec | deletion contains configuration options for Machine deletion. | No |
taints[]MachineTaint | taints are the node taints that Cluster API will manage. This list is not necessarily complete: other Kubernetes components may add or remove other taints from nodes, e.g. the node controller might add the node.kubernetes.io/not-ready taint. Only those taints defined in this list will be added or removed by core Cluster API controllers. There can be at most 64 taints. A pod would have to tolerate all existing taints to run on the corresponding node. NOTE: This list is implemented as a "map" type, meaning that individual elements can be managed by different owners. Validation: Maximum items: 64 | No |
readinessGates[]MachineReadinessGate | readinessGates specifies additional conditions to include when evaluating Machine Ready condition. This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine. If this field is not defined, readinessGates from the corresponding ControlPlaneClass will be used, if any. NOTE: Specific control plane provider implementations might automatically extend the list of readinessGates; e.g. the kubeadm control provider adds ReadinessGates for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc. Validation: Minimum items: 1 | No |
variablesControlPlaneVariables | variables can be used to customize the ControlPlane through patches. | No |
ExternalPatchDefinition
ExternalPatchDefinition defines an external patch. Note: At least one of GeneratePatchesExtension or ValidateTopologyExtension must be set.
Appears in: ClusterClassPatch
| Field | Description | Required |
|---|---|---|
generatePatchesExtensionstring | generatePatchesExtension references an extension which is called to generate patches. Validation: Minimum length: 1 | No |
validateTopologyExtensionstring | validateTopologyExtension references an extension which is called to validate the topology. Validation: Minimum length: 1 | No |
discoverVariablesExtensionstring | discoverVariablesExtension references an extension which is called to discover variables. Validation: Minimum length: 1 | No |
settingsmap[string]string | settings defines key value pairs to be passed to the extensions. Values defined here take precedence over the values defined in the corresponding ExtensionConfig. | No |
InfrastructureClassNamingSpec
InfrastructureClassNamingSpec defines the naming strategy for infrastructure objects.
Appears in: InfrastructureClass
| Field | Description | Required |
|---|---|---|
templatestring | template defines the template to use for generating the name of the Infrastructure object. If not defined, it will fallback to {{ .cluster.name }}-{{ .random }}. If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will get concatenated with a random suffix of length 5. The templating mechanism provides the following arguments: * .cluster.name: The name of the cluster object. * .random: A random alphanumeric string, without vowels, of length 5.Validation: Minimum length: 1 | No |
MachineDeploymentClass
MachineDeploymentClass serves as a template to define a set of worker nodes of the cluster provisioned using the ClusterClass.
Appears in: WorkersClass
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment. At runtime this metadata is merged with the corresponding metadata from the topology. | No |
classstring | class denotes a type of worker node present in the cluster, this name MUST be unique within a ClusterClass and can be referenced in the Cluster to create a managed MachineDeployment. Validation: Minimum length: 1 | No |
bootstrapMachineDeploymentClassBootstrapTemplate | bootstrap contains the bootstrap template reference to be used for the creation of worker Machines. | No |
infrastructureMachineDeploymentClassInfrastructureTemplate | infrastructure contains the infrastructure template reference to be used for the creation of worker Machines. | No |
healthCheckMachineDeploymentClassHealthCheck | healthCheck defines a MachineHealthCheck for this MachineDeploymentClass. | No |
failureDomainstring | failureDomain is the failure domain the machines will be created in. Must match the name of a FailureDomain from the Cluster status. NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. Validation: Minimum length: 1 | No |
namingMachineDeploymentClassNamingSpec | naming allows changing the naming pattern used when creating the MachineDeployment. | No |
deletionMachineDeploymentClassMachineDeletionSpec | deletion contains configuration options for Machine deletion. | No |
taints[]MachineTaint | taints are the node taints that Cluster API will manage. This list is not necessarily complete: other Kubernetes components may add or remove other taints from nodes, e.g. the node controller might add the node.kubernetes.io/not-ready taint. Only those taints defined in this list will be added or removed by core Cluster API controllers. There can be at most 64 taints. A pod would have to tolerate all existing taints to run on the corresponding node. NOTE: This list is implemented as a "map" type, meaning that individual elements can be managed by different owners. Validation: Minimum items: 1 | No |
minReadySecondsint32 | minReadySeconds is the minimum number of seconds for which a newly created machine should be ready. Defaults to 0 (machine will be considered available as soon as it is ready) NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. Validation: Minimum: 0 | No |
readinessGates[]MachineReadinessGate | readinessGates specifies additional conditions to include when evaluating Machine Ready condition. This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine. NOTE: If a Cluster defines a custom list of readinessGates for a MachineDeployment using this MachineDeploymentClass, such list overrides readinessGates defined in this field. Validation: Minimum items: 1 | No |
rolloutMachineDeploymentClassRolloutSpec | rollout allows you to configure the behaviour of rolling updates to the MachineDeployment Machines. It allows you to define the strategy used during rolling replacements. | No |
MachineDeploymentRolloutStrategy
MachineDeploymentRolloutStrategy describes how to replace existing machines with new ones.
Appears in: MachineDeploymentRolloutSpec
| Field | Description | Required |
|---|---|---|
typeMachineDeploymentRolloutStrategyType | type of rollout. Allowed values are RollingUpdate and OnDelete. Default is RollingUpdate. | No |
rollingUpdateMachineDeploymentRolloutStrategyRollingUpdate | rollingUpdate is the rolling update config params. Present only if type = RollingUpdate. | No |
MachineDeploymentV1Beta1DeprecatedStatus
MachineDeploymentV1Beta1DeprecatedStatus groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.
Appears in: MachineDeploymentDeprecatedStatus
| Field | Description | Required |
|---|---|---|
conditionsConditions | conditions defines current service state of the MachineDeployment. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. | No |
updatedReplicasint32 | updatedReplicas is the total number of non-terminated machines targeted by this deployment that have the desired template spec. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. | No |
readyReplicasint32 | readyReplicas is the total number of ready machines targeted by this deployment. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. | No |
availableReplicasint32 | availableReplicas is the total number of available machines (ready for at least minReadySeconds) targeted by this deployment. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. | No |
unavailableReplicasint32 | unavailableReplicas is the total number of unavailable machines targeted by this deployment. This is the total number of machines that are still required for the deployment to have 100% available capacity. They may either be machines that are running but not yet available or machines that still have not been created. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. | No |
MachineDrainRuleDrainBehavior
MachineDrainRuleDrainBehavior defines the drain behavior. Can be either "Drain", "Skip", or "WaitCompleted".
Appears in: MachineDrainRuleDrainConfig
MachineHealthCheckRemediationTemplateReference
MachineHealthCheckRemediationTemplateReference is a reference to a remediation template.
Appears in: ControlPlaneClassHealthCheckRemediation, ControlPlaneTopologyHealthCheckRemediation, MachineDeploymentClassHealthCheckRemediation, MachineDeploymentTopologyHealthCheckRemediation, MachineHealthCheckRemediation
| Field | Description | Required |
|---|---|---|
kindstring | kind of the remediation template. kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character. Validation: Minimum length: 1 | No |
namestring | name of the remediation template. name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. Validation: Minimum length: 1 | No |
apiVersionstring | apiVersion of the remediation template. apiVersion must be fully qualified domain name followed by / and a version. NOTE: This field must be kept in sync with the APIVersion of the remediation template. Validation: Minimum length: 1 | No |
MachineHealthCheckRemediationTriggerIf
MachineHealthCheckRemediationTriggerIf configures if remediations are triggered.
Appears in: MachineHealthCheckRemediation
| Field | Description | Required |
|---|---|---|
unhealthyLessThanOrEqualToIntOrString | unhealthyLessThanOrEqualTo specifies that remediations are only triggered if the number of unhealthy Machines is less than or equal to the configured value. unhealthyInRange takes precedence if set. | No |
unhealthyInRangestring | unhealthyInRange specifies that remediations are only triggered if the number of unhealthy Machines is in the configured range. Takes precedence over unhealthyLessThanOrEqualTo. Eg. "[3-5]" - This means that remediation will be allowed only when: (a) there are at least 3 unhealthy Machines (and) (b) there are at most 5 unhealthy Machines Validation: Maximum length: 32 | No |
MachineHealthCheckV1Beta1DeprecatedStatus
MachineHealthCheckV1Beta1DeprecatedStatus groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.
Appears in: MachineHealthCheckDeprecatedStatus
| Field | Description | Required |
|---|---|---|
conditionsConditions | conditions defines current service state of the MachineHealthCheck. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. | No |
MachineSetDeletionOrder
MachineSetDeletionOrder defines how priority is assigned to nodes to delete when downscaling a MachineSet. Defaults to "Random".
Appears in: MachineDeploymentClassMachineDeletionSpec, MachineDeploymentDeletionSpec, MachineDeploymentTopologyMachineDeletionSpec, MachineSetDeletionSpec
MachineSetV1Beta1DeprecatedStatus
MachineSetV1Beta1DeprecatedStatus groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.
Appears in: MachineSetDeprecatedStatus
| Field | Description | Required |
|---|---|---|
conditionsConditions | conditions defines current service state of the MachineSet. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. | No |
failureReasonMachineSetStatusError | failureReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation. In the event that there is a terminal problem reconciling the replicas, both FailureReason and FailureMessage will be set. FailureReason will be populated with a succinct value suitable for machine interpretation, while FailureMessage will contain a more verbose string suitable for logging and human consumption. These fields should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the MachineTemplate's spec or the configuration of the machine controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the machine controller, or the responsible machine controller itself being critically misconfigured. Any transient errors that occur during the reconciliation of Machines can be added as events to the MachineSet object and/or logged in the controller's output. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. | No |
failureMessagestring | failureMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. Validation: Minimum length: 1 | No |
fullyLabeledReplicasint32 | fullyLabeledReplicas is the number of replicas that have labels matching the labels of the machine template of the MachineSet. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. | No |
readyReplicasint32 | readyReplicas is the number of ready replicas for this MachineSet. A machine is considered ready when the node has been created and is "Ready". Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. | No |
availableReplicasint32 | availableReplicas is the number of available replicas (ready for at least minReadySeconds) for this MachineSet. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. | No |
MachineTaintPropagation
MachineTaintPropagation defines when a taint should be propagated to nodes.
Appears in: MachineTaint
MachineV1Beta1DeprecatedStatus
MachineV1Beta1DeprecatedStatus groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.
Appears in: MachineDeprecatedStatus
| Field | Description | Required |
|---|---|---|
conditionsConditions | conditions defines current service state of the Machine. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. | No |
failureReasonMachineStatusError | failureReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation. This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. | No |
failureMessagestring | failureMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption. This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. Validation: Maximum length: 10240 | No |
NetworkRanges
NetworkRanges represents ranges of network addresses.
Appears in: ClusterNetwork
| Field | Description | Required |
|---|---|---|
cidrBlocks[]string | cidrBlocks is a list of CIDR blocks. Validation: Minimum items: 1 | No |
PatchDefinition
PatchDefinition defines a patch which is applied to customize the referenced templates.
Appears in: ClusterClassPatch
| Field | Description | Required |
|---|---|---|
selectorPatchSelector | selector defines on which templates the patch should be applied. | No |
jsonPatches[]JSONPatch | jsonPatches defines the patches which should be applied on the templates matching the selector. Note: Patches will be applied in the order of the array. Validation: Maximum items: 100 | No |
UnhealthyMachineCondition
UnhealthyMachineCondition represents a Machine condition type and value with a timeout specified as a duration. When the named condition has been in the given status for at least the timeout value, a machine is considered unhealthy.
Appears in: ControlPlaneClassHealthCheckChecks, ControlPlaneTopologyHealthCheckChecks, MachineDeploymentClassHealthCheckChecks, MachineDeploymentTopologyHealthCheckChecks, MachineHealthCheckChecks
| Field | Description | Required |
|---|---|---|
typestring | type of Machine condition Validation: Pattern: | No |
statusConditionStatus | status of the condition, one of True, False, Unknown. Validation: Allowed values: | No |
timeoutSecondsint32 | timeoutSeconds is the duration that a machine must be in a given status for, after which the machine is considered unhealthy. For example, with a value of "3600", the machine must match the status for at least 1 hour before being considered unhealthy. Validation: Minimum: 0 | No |
UnhealthyNodeCondition
UnhealthyNodeCondition represents a Node condition type and value with a timeout specified as a duration. When the named condition has been in the given status for at least the timeout value, a node is considered unhealthy.
Appears in: ControlPlaneClassHealthCheckChecks, ControlPlaneTopologyHealthCheckChecks, MachineDeploymentClassHealthCheckChecks, MachineDeploymentTopologyHealthCheckChecks, MachineHealthCheckChecks
| Field | Description | Required |
|---|---|---|
typeNodeConditionType | type of Node condition Validation: Type: string | No |
statusConditionStatus | status of the condition, one of True, False, Unknown. Validation: Type: string | No |
timeoutSecondsint32 | timeoutSeconds is the duration that a node must be in a given status for, after which the node is considered unhealthy. For example, with a value of "3600", the node must match the status for at least 1 hour before being considered unhealthy. Validation: Minimum: 0 | No |
VariableSchema
VariableSchema defines the schema of a variable.
Appears in: ClusterClassStatusVariableDefinition, ClusterClassVariable
| Field | Description | Required |
|---|---|---|
openAPIV3SchemaJSONSchemaProps | openAPIV3Schema defines the schema of a variable via OpenAPI v3 schema. The schema is a subset of the schema used in Kubernetes CRDs. | No |
WorkersTopology
WorkersTopology represents the different sets of worker nodes in the cluster.
Appears in: Topology
| Field | Description | Required |
|---|---|---|
machineDeployments[]MachineDeploymentTopology | machineDeployments is a list of machine deployments in the cluster. Validation: Minimum items: 1 | No |
machinePools[]MachinePoolTopology | machinePools is a list of machine pools in the cluster. Validation: Minimum items: 1 | No |
Conditions
Conditions provide observations of the operational state of a Cluster API resource.
Deprecated: This type is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
Appears in: ClusterClassV1Beta1DeprecatedStatus, ClusterV1Beta1DeprecatedStatus, MachineDeploymentV1Beta1DeprecatedStatus, MachineHealthCheckV1Beta1DeprecatedStatus, MachineSetV1Beta1DeprecatedStatus, MachineV1Beta1DeprecatedStatus
ControlPlaneClassHealthCheckChecks
ControlPlaneClassHealthCheckChecks are the checks that are used to evaluate if a control plane Machine is healthy.
Appears in: ControlPlaneClassHealthCheck
| Field | Description | Required |
|---|---|---|
nodeStartupTimeoutSecondsint32 | nodeStartupTimeoutSeconds allows to set the maximum time for MachineHealthCheck to consider a Machine unhealthy if a corresponding Node isn't associated through a Spec.ProviderID field.The duration set in this field is compared to the greatest of:
Defaults to 10 minutes. If you wish to disable this feature, set the value explicitly to 0. Validation: Minimum: 0 | No |
unhealthyNodeConditions[]UnhealthyNodeCondition | unhealthyNodeConditions contains a list of conditions that determine whether a node is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy. Validation: Minimum items: 1 | No |
unhealthyMachineConditions[]UnhealthyMachineCondition | unhealthyMachineConditions contains a list of the machine conditions that determine whether a machine is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the machine is unhealthy. Validation: Minimum items: 1 | No |
ControlPlaneClassHealthCheckRemediation
ControlPlaneClassHealthCheckRemediation configures if and how remediations are triggered if a control plane Machine is unhealthy.
Appears in: ControlPlaneClassHealthCheck
| Field | Description | Required |
|---|---|---|
triggerIfControlPlaneClassHealthCheckRemediationTriggerIf | triggerIf configures if remediations are triggered. If this field is not set, remediations are always triggered. | No |
templateRefMachineHealthCheckRemediationTemplateReference | templateRef is a reference to a remediation template provided by an infrastructure provider. This field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Cluster API. | No |
ControlPlaneTopologyHealthCheck
ControlPlaneTopologyHealthCheck defines a MachineHealthCheck for control plane machines.
Appears in: ControlPlaneTopology
| Field | Description | Required |
|---|---|---|
enabledbool | enabled controls if a MachineHealthCheck should be created for the target machines. If false: No MachineHealthCheck will be created. If not set(default): A MachineHealthCheck will be created if it is defined here or in the associated ClusterClass. If no MachineHealthCheck is defined then none will be created. If true: A MachineHealthCheck is guaranteed to be created. Cluster validation will block if enable is true and no MachineHealthCheck definition is available. | No |
checksControlPlaneTopologyHealthCheckChecks | checks are the checks that are used to evaluate if a Machine is healthy. If one of checks and remediation fields are set, the system assumes that an healthCheck override is defined, and as a consequence the checks and remediation fields from Cluster will be used instead of the corresponding fields in ClusterClass. Independent of this configuration the MachineHealthCheck controller will always flag Machines with cluster.x-k8s.io/remediate-machine annotation and Machines with deleted Nodes as unhealthy.Furthermore, if checks.nodeStartupTimeoutSeconds is not set it is defaulted to 10 minutes and evaluated accordingly. | No |
remediationControlPlaneTopologyHealthCheckRemediation | remediation configures if and how remediations are triggered if a Machine is unhealthy. If one of checks and remediation fields are set, the system assumes that an healthCheck override is defined, and as a consequence the checks and remediation fields from cluster will be used instead of the corresponding fields in ClusterClass. If an health check override is defined and remediation or remediation.triggerIf is not set, remediation will always be triggered for unhealthy Machines. If an health check override is defined and remediation or remediation.templateRef is not set, the OwnerRemediated condition will be set on unhealthy Machines to trigger remediation via the owner of the Machines, for example a MachineSet or a KubeadmControlPlane. | No |
ControlPlaneTopologyMachineDeletionSpec
ControlPlaneTopologyMachineDeletionSpec contains configuration options for Machine deletion.
Appears in: ControlPlaneTopology
| Field | Description | Required |
|---|---|---|
nodeDrainTimeoutSecondsint32 | nodeDrainTimeoutSeconds is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: nodeDrainTimeoutSeconds is different from kubectl drain --timeoutValidation: Minimum: 0 | No |
nodeVolumeDetachTimeoutSecondsint32 | nodeVolumeDetachTimeoutSeconds is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. Validation: Minimum: 0 | No |
nodeDeletionTimeoutSecondsint32 | nodeDeletionTimeoutSeconds defines how long the controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. Defaults to 10 seconds. Validation: Minimum: 0 | No |
ControlPlaneTopologyRolloutSpec
ControlPlaneTopologyRolloutSpec defines the rollout behavior.
Appears in: ControlPlaneTopology
| Field | Description | Required |
|---|---|---|
afterTime | after is a field to indicate a rollout should be performed after the specified time even if no changes have been made to the ControlPlane. Example: In the YAML the time can be specified in the RFC3339 format. To specify the rolloutAfter target as March 9, 2023, at 9 am UTC use "2023-03-09T09:00:00Z". | No |
ControlPlaneVariables
ControlPlaneVariables can be used to provide variables for the ControlPlane.
Appears in: ControlPlaneTopology
| Field | Description | Required |
|---|---|---|
overrides[]ClusterVariable | overrides can be used to override Cluster level variables. Validation: Minimum items: 1 | No |
JSONPatch
JSONPatch defines a JSON patch.
Appears in: PatchDefinition
| Field | Description | Required |
|---|---|---|
opstring | op defines the operation of the patch. Note: Only add, replace and remove are supported.Validation: Allowed values: | No |
pathstring | path defines the path of the patch. Note: Only the spec of a template can be patched, thus the path has to start with /spec/. Note: For now the only allowed array modifications are append and prepend, i.e.: * for op: add: only index 0 (prepend) and - (append) are allowed * for op: replace or remove: no indexes are allowedValidation: Minimum length: 1 | No |
valueJSON | value defines the value of the patch. Note: Either Value or ValueFrom is required for add and replace operations. Only one of them is allowed to be set at the same time. Note: We have to use apiextensionsv1.JSON instead of our JSON type, because controller-tools has a hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type (unset type field). Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 | No |
valueFromJSONPatchValue | valueFrom defines the value of the patch. Note: Either Value or ValueFrom is required for add and replace operations. Only one of them is allowed to be set at the same time. | No |
JSONSchemaProps
JSONSchemaProps is a JSON-Schema following Specification Draft 4 (http://json-schema.org/). This struct has been initially copied from apiextensionsv1.JSONSchemaProps, but all fields which are not supported in CAPI have been removed.
Appears in: JSONSchemaProps, VariableSchema
| Field | Description | Required |
|---|---|---|
descriptionstring | description is a human-readable description of this variable. Validation: Minimum length: 1 | No |
exampleJSON | example is an example for this variable. | No |
typestring | type is the type of the variable. Valid values are: object, array, string, integer, number or boolean. Validation: Allowed values: | No |
propertiesmap[string]JSONSchemaProps | properties specifies fields of an object. NOTE: Can only be set if type is object. NOTE: Properties is mutually exclusive with AdditionalProperties. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible. Validation: Schemaless: {} | No |
additionalPropertiesJSONSchemaProps | additionalProperties specifies the schema of values in a map (keys are always strings). NOTE: Can only be set if type is object. NOTE: AdditionalProperties is mutually exclusive with Properties. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible. Validation: Schemaless: {} | No |
maxPropertiesint64 | maxProperties is the maximum amount of entries in a map or properties in an object. NOTE: Can only be set if type is object. | No |
minPropertiesint64 | minProperties is the minimum amount of entries in a map or properties in an object. NOTE: Can only be set if type is object. | No |
required[]string | required specifies which fields of an object are required. NOTE: Can only be set if type is object. Validation: Minimum items: 1 | No |
itemsJSONSchemaProps | items specifies fields of an array. NOTE: Can only be set if type is array. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible. Validation: Schemaless: {} | No |
maxItemsint64 | maxItems is the max length of an array variable. NOTE: Can only be set if type is array. | No |
minItemsint64 | minItems is the min length of an array variable. NOTE: Can only be set if type is array. | No |
uniqueItemsbool | uniqueItems specifies if items in an array must be unique. NOTE: Can only be set if type is array. | No |
formatstring | format is an OpenAPI v3 format string. Unknown formats are ignored. For a list of supported formats please see: (of the k8s.io/apiextensions-apiserver version we're currently using) https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go NOTE: Can only be set if type is string. Validation: Minimum length: 1 | No |
maxLengthint64 | maxLength is the max length of a string variable. NOTE: Can only be set if type is string. | No |
minLengthint64 | minLength is the min length of a string variable. NOTE: Can only be set if type is string. | No |
patternstring | pattern is the regex which a string variable must match. NOTE: Can only be set if type is string. Validation: Minimum length: 1 | No |
maximumint64 | maximum is the maximum of an integer or number variable. If ExclusiveMaximum is false, the variable is valid if it is lower than, or equal to, the value of Maximum. If ExclusiveMaximum is true, the variable is valid if it is strictly lower than the value of Maximum. NOTE: Can only be set if type is integer or number. | No |
exclusiveMaximumbool | exclusiveMaximum specifies if the Maximum is exclusive. NOTE: Can only be set if type is integer or number. | No |
minimumint64 | minimum is the minimum of an integer or number variable. If ExclusiveMinimum is false, the variable is valid if it is greater than, or equal to, the value of Minimum. If ExclusiveMinimum is true, the variable is valid if it is strictly greater than the value of Minimum. NOTE: Can only be set if type is integer or number. | No |
exclusiveMinimumbool | exclusiveMinimum specifies if the Minimum is exclusive. NOTE: Can only be set if type is integer or number. | No |
x-kubernetes-preserve-unknown-fieldsbool | x-kubernetes-preserve-unknown-fields allows setting fields in a variable object which are not defined in the variable schema. This affects fields recursively, except if nested properties or additionalProperties are specified in the schema. | No |
enum[]JSON | enum is the list of valid values of the variable. NOTE: Can be set for all types. Validation: Maximum items: 100 | No |
defaultJSON | default is the default value of the variable. NOTE: Can be set for all types. | No |
x-kubernetes-validations[]ValidationRule | x-kubernetes-validations describes a list of validation rules written in the CEL expression language. Validation: Minimum items: 1 | No |
x-metadataVariableSchemaMetadata | x-metadata is the metadata of a variable or a nested field within a variable. It can be used to add additional data for higher level tools. | No |
x-kubernetes-int-or-stringbool | x-kubernetes-int-or-string specifies that this value is either an integer or a string. If this is true, an empty type is allowed and type as child of anyOf is permitted if following one of the following patterns: 1) anyOf:
| No |
allOf[]JSONSchemaProps | allOf specifies that the variable must validate against all of the subschemas in the array. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible. Validation: Schemaless: {} | No |
oneOf[]JSONSchemaProps | oneOf specifies that the variable must validate against exactly one of the subschemas in the array. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible. Validation: Schemaless: {} | No |
anyOf[]JSONSchemaProps | anyOf specifies that the variable must validate against one or more of the subschemas in the array. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible. Validation: Schemaless: {} | No |
notJSONSchemaProps | not specifies that the variable must not validate against the subschema. NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive validation is not possible. Validation: Schemaless: {} | No |
MachineDeploymentClassBootstrapTemplate
MachineDeploymentClassBootstrapTemplate defines the BootstrapTemplate for a MachineDeployment.
Appears in: MachineDeploymentClass
| Field | Description | Required |
|---|---|---|
templateRefClusterClassTemplateReference | templateRef is a required reference to the BootstrapTemplate for a MachineDeployment. | No |
MachineDeploymentClassHealthCheck
MachineDeploymentClassHealthCheck defines a MachineHealthCheck for MachineDeployment machines.
Appears in: MachineDeploymentClass
| Field | Description | Required |
|---|---|---|
checksMachineDeploymentClassHealthCheckChecks | checks are the checks that are used to evaluate if a Machine is healthy. Independent of this configuration the MachineHealthCheck controller will always flag Machines with cluster.x-k8s.io/remediate-machine annotation and Machines with deleted Nodes as unhealthy.Furthermore, if checks.nodeStartupTimeoutSeconds is not set it is defaulted to 10 minutes and evaluated accordingly. | No |
remediationMachineDeploymentClassHealthCheckRemediation | remediation configures if and how remediations are triggered if a Machine is unhealthy. If remediation or remediation.triggerIf is not set, remediation will always be triggered for unhealthy Machines. If remediation or remediation.templateRef is not set, the OwnerRemediated condition will be set on unhealthy Machines to trigger remediation via the owner of the Machines, for example a MachineSet or a KubeadmControlPlane. | No |
MachineDeploymentClassInfrastructureTemplate
MachineDeploymentClassInfrastructureTemplate defines the InfrastructureTemplate for a MachineDeployment.
Appears in: MachineDeploymentClass
| Field | Description | Required |
|---|---|---|
templateRefClusterClassTemplateReference | templateRef is a required reference to the InfrastructureTemplate for a MachineDeployment. | No |
MachineDeploymentClassMachineDeletionSpec
MachineDeploymentClassMachineDeletionSpec contains configuration options for Machine deletion.
Appears in: MachineDeploymentClass
| Field | Description | Required |
|---|---|---|
orderMachineSetDeletionOrder | order defines the order in which Machines are deleted when downscaling. Defaults to "Random". Valid values are "Random, "Newest", "Oldest" | No |
nodeDrainTimeoutSecondsint32 | nodeDrainTimeoutSeconds is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: nodeDrainTimeoutSeconds is different from kubectl drain --timeout NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.Validation: Minimum: 0 | No |
nodeVolumeDetachTimeoutSecondsint32 | nodeVolumeDetachTimeoutSeconds is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. Validation: Minimum: 0 | No |
nodeDeletionTimeoutSecondsint32 | nodeDeletionTimeoutSeconds defines how long the controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. Defaults to 10 seconds. NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. Validation: Minimum: 0 | No |
MachineDeploymentClassNamingSpec
MachineDeploymentClassNamingSpec defines the naming strategy for machine deployment objects.
Appears in: MachineDeploymentClass
| Field | Description | Required |
|---|---|---|
templatestring | template defines the template to use for generating the name of the MachineDeployment object. If not defined, it will fallback to {{ .cluster.name }}-{{ .machineDeployment.topologyName }}-{{ .random }}. If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will get concatenated with a random suffix of length 5. The templating mechanism provides the following arguments: * .cluster.name: The name of the cluster object. * .random: A random alphanumeric string, without vowels, of length 5. * .machineDeployment.topologyName: The name of the MachineDeployment topology (Cluster.spec.topology.workers.machineDeployments[].name).Validation: Minimum length: 1 | No |
MachineDeploymentClassRolloutSpec
MachineDeploymentClassRolloutSpec defines the rollout behavior.
Appears in: MachineDeploymentClass
| Field | Description | Required |
|---|---|---|
strategyMachineDeploymentClassRolloutStrategy | strategy specifies how to roll out control plane Machines. | No |
MachineDeploymentRolloutStrategyRollingUpdate
MachineDeploymentRolloutStrategyRollingUpdate is used to control the desired behavior of rolling update.
Appears in: MachineDeploymentRolloutStrategy
| Field | Description | Required |
|---|---|---|
maxUnavailableIntOrString | maxUnavailable is the maximum number of machines that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 0. Example: when this is set to 30%, the old MachineSet can be scaled down to 70% of desired machines immediately when the rolling update starts. Once new machines are ready, old MachineSet can be scaled down further, followed by scaling up the new MachineSet, ensuring that the total number of machines available at all times during the update is at least 70% of desired machines. | No |
maxSurgeIntOrString | maxSurge is the maximum number of machines that can be scheduled above the desired number of machines. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 1. Example: when this is set to 30%, the new MachineSet can be scaled up immediately when the rolling update starts, such that the total number of old and new machines do not exceed 130% of desired machines. Once old machines have been killed, new MachineSet can be scaled up further, ensuring that total number of machines running at any time during the update is at most 130% of desired machines. | No |
MachineDeploymentRolloutStrategyType
MachineDeploymentRolloutStrategyType defines the type of MachineDeployment rollout strategies.
Appears in: MachineDeploymentClassRolloutStrategy, MachineDeploymentRolloutStrategy, MachineDeploymentTopologyRolloutStrategy
MachineDeploymentTopology
MachineDeploymentTopology specifies the different parameters for a set of worker nodes in the topology. This set of nodes is managed by a MachineDeployment object whose lifecycle is managed by the Cluster controller.
Appears in: WorkersTopology
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment. At runtime this metadata is merged with the corresponding metadata from the ClusterClass. | No |
classstring | class is the name of the MachineDeploymentClass used to create the set of worker nodes. This should match one of the deployment classes defined in the ClusterClass object mentioned in the Cluster.Spec.Class field.Validation: Minimum length: 1 | No |
namestring | name is the unique identifier for this MachineDeploymentTopology. The value is used with other unique identifiers to create a MachineDeployment's Name (e.g. cluster's name, etc). In case the name is greater than the allowed maximum length, the values are hashed together. Validation: Minimum length: 1 | No |
failureDomainstring | failureDomain is the failure domain the machines will be created in. Must match a key in the FailureDomains map stored on the cluster object. Validation: Minimum length: 1 | No |
replicasint32 | replicas is the number of worker nodes belonging to this set. If the value is nil, the MachineDeployment is created without the number of Replicas (defaulting to 1) and it's assumed that an external entity (like cluster autoscaler) is responsible for the management of this value. | No |
healthCheckMachineDeploymentTopologyHealthCheck | healthCheck allows to enable, disable and override MachineDeployment health check configuration from the ClusterClass for this MachineDeployment. | No |
deletionMachineDeploymentTopologyMachineDeletionSpec | deletion contains configuration options for Machine deletion. | No |
taints[]MachineTaint | taints are the node taints that Cluster API will manage. This list is not necessarily complete: other Kubernetes components may add or remove other taints from nodes, e.g. the node controller might add the node.kubernetes.io/not-ready taint. Only those taints defined in this list will be added or removed by core Cluster API controllers. There can be at most 64 taints. A pod would have to tolerate all existing taints to run on the corresponding node. NOTE: This list is implemented as a "map" type, meaning that individual elements can be managed by different owners. Validation: Minimum items: 1 | No |
minReadySecondsint32 | minReadySeconds is the minimum number of seconds for which a newly created machine should be ready. Defaults to 0 (machine will be considered available as soon as it is ready) Validation: Minimum: 0 | No |
readinessGates[]MachineReadinessGate | readinessGates specifies additional conditions to include when evaluating Machine Ready condition. This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine. If this field is not defined, readinessGates from the corresponding MachineDeploymentClass will be used, if any. Validation: Minimum items: 1 | No |
rolloutMachineDeploymentTopologyRolloutSpec | rollout allows you to configure the behaviour of rolling updates to the MachineDeployment Machines. It allows you to define the strategy used during rolling replacements. | No |
variablesMachineDeploymentVariables | variables can be used to customize the MachineDeployment through patches. | No |
PatchSelector
PatchSelector defines on which templates the patch should be applied. Note: Matching on APIVersion and Kind is mandatory, to enforce that the patches are written for the correct version. The version of the references in the ClusterClass may be automatically updated during reconciliation if there is a newer version for the same contract. Note: The results of selection based on the individual fields are ANDed.
Appears in: PatchDefinition
| Field | Description | Required |
|---|---|---|
apiVersionstring | apiVersion filters templates by apiVersion. apiVersion must be fully qualified domain name followed by / and a version. Validation: Maximum length: 317 | No |
kindstring | kind filters templates by kind. kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character. Validation: Minimum length: 1 | No |
matchResourcesPatchSelectorMatch | matchResources selects templates based on where they are referenced. | No |
ControlPlaneClassHealthCheckRemediationTriggerIf
ControlPlaneClassHealthCheckRemediationTriggerIf configures if remediations are triggered.
Appears in: ControlPlaneClassHealthCheckRemediation
| Field | Description | Required |
|---|---|---|
unhealthyLessThanOrEqualToIntOrString | unhealthyLessThanOrEqualTo specifies that remediations are only triggered if the number of unhealthy Machines is less than or equal to the configured value. unhealthyInRange takes precedence if set. | No |
unhealthyInRangestring | unhealthyInRange specifies that remediations are only triggered if the number of unhealthy Machines is in the configured range. Takes precedence over unhealthyLessThanOrEqualTo. Eg. "[3-5]" - This means that remediation will be allowed only when: (a) there are at least 3 unhealthy Machines (and) (b) there are at most 5 unhealthy Machines Validation: Pattern: | No |
ControlPlaneTopologyHealthCheckChecks
ControlPlaneTopologyHealthCheckChecks are the checks that are used to evaluate if a control plane Machine is healthy.
Appears in: ControlPlaneTopologyHealthCheck
| Field | Description | Required |
|---|---|---|
nodeStartupTimeoutSecondsint32 | nodeStartupTimeoutSeconds allows to set the maximum time for MachineHealthCheck to consider a Machine unhealthy if a corresponding Node isn't associated through a Spec.ProviderID field.The duration set in this field is compared to the greatest of:
Defaults to 10 minutes. If you wish to disable this feature, set the value explicitly to 0. Validation: Minimum: 0 | No |
unhealthyNodeConditions[]UnhealthyNodeCondition | unhealthyNodeConditions contains a list of conditions that determine whether a node is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy. Validation: Minimum items: 1 | No |
unhealthyMachineConditions[]UnhealthyMachineCondition | unhealthyMachineConditions contains a list of the machine conditions that determine whether a machine is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the machine is unhealthy. Validation: Minimum items: 1 | No |
ControlPlaneTopologyHealthCheckRemediation
ControlPlaneTopologyHealthCheckRemediation configures if and how remediations are triggered if a control plane Machine is unhealthy.
Appears in: ControlPlaneTopologyHealthCheck
| Field | Description | Required |
|---|---|---|
triggerIfControlPlaneTopologyHealthCheckRemediationTriggerIf | triggerIf configures if remediations are triggered. If this field is not set, remediations are always triggered. | No |
templateRefMachineHealthCheckRemediationTemplateReference | templateRef is a reference to a remediation template provided by an infrastructure provider. This field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Cluster API. | No |
JSONPatchValue
JSONPatchValue defines the value of a patch. Note: Only one of the fields is allowed to be set at the same time.
Appears in: JSONPatch
| Field | Description | Required |
|---|---|---|
variablestring | variable is the variable to be used as value. Variable can be one of the variables defined in .spec.variables or a builtin variable. Validation: Minimum length: 1 | No |
templatestring | template is the Go template to be used to calculate the value. A template can reference variables defined in .spec.variables and builtin variables. Note: The template must evaluate to a valid YAML or JSON value. Validation: Minimum length: 1 | No |
MachineDeploymentClassHealthCheckChecks
MachineDeploymentClassHealthCheckChecks are the checks that are used to evaluate if a MachineDeployment Machine is healthy.
Appears in: MachineDeploymentClassHealthCheck
| Field | Description | Required |
|---|---|---|
nodeStartupTimeoutSecondsint32 | nodeStartupTimeoutSeconds allows to set the maximum time for MachineHealthCheck to consider a Machine unhealthy if a corresponding Node isn't associated through a Spec.ProviderID field.The duration set in this field is compared to the greatest of:
Defaults to 10 minutes. If you wish to disable this feature, set the value explicitly to 0. Validation: Minimum: 0 | No |
unhealthyNodeConditions[]UnhealthyNodeCondition | unhealthyNodeConditions contains a list of conditions that determine whether a node is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy. Validation: Minimum items: 1 | No |
unhealthyMachineConditions[]UnhealthyMachineCondition | unhealthyMachineConditions contains a list of the machine conditions that determine whether a machine is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the machine is unhealthy. Validation: Minimum items: 1 | No |
MachineDeploymentClassHealthCheckRemediation
MachineDeploymentClassHealthCheckRemediation configures if and how remediations are triggered if a MachineDeployment Machine is unhealthy.
Appears in: MachineDeploymentClassHealthCheck
| Field | Description | Required |
|---|---|---|
maxInFlightIntOrString | maxInFlight determines how many in flight remediations should happen at the same time. Remediation only happens on the MachineSet with the most current revision, while older MachineSets (usually present during rollout operations) aren't allowed to remediate. Note: In general (independent of remediations), unhealthy machines are always prioritized during scale down operations over healthy ones. MaxInFlight can be set to a fixed number or a percentage. Example: when this is set to 20%, the MachineSet controller deletes at most 20% of the desired replicas. If not set, remediation is limited to all machines (bounded by replicas) under the active MachineSet's management. | No |
triggerIfMachineDeploymentClassHealthCheckRemediationTriggerIf | triggerIf configures if remediations are triggered. If this field is not set, remediations are always triggered. | No |
templateRefMachineHealthCheckRemediationTemplateReference | templateRef is a reference to a remediation template provided by an infrastructure provider. This field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Cluster API. | No |
MachineDeploymentClassRolloutStrategy
MachineDeploymentClassRolloutStrategy describes how to replace existing machines with new ones.
Appears in: MachineDeploymentClassRolloutSpec
| Field | Description | Required |
|---|---|---|
typeMachineDeploymentRolloutStrategyType | type of rollout. Allowed values are RollingUpdate and OnDelete. Default is RollingUpdate. | No |
rollingUpdateMachineDeploymentClassRolloutStrategyRollingUpdate | rollingUpdate is the rolling update config params. Present only if type = RollingUpdate. | No |
MachineDeploymentTopologyHealthCheck
MachineDeploymentTopologyHealthCheck defines a MachineHealthCheck for MachineDeployment machines.
Appears in: MachineDeploymentTopology
| Field | Description | Required |
|---|---|---|
enabledbool | enabled controls if a MachineHealthCheck should be created for the target machines. If false: No MachineHealthCheck will be created. If not set(default): A MachineHealthCheck will be created if it is defined here or in the associated ClusterClass. If no MachineHealthCheck is defined then none will be created. If true: A MachineHealthCheck is guaranteed to be created. Cluster validation will block if enable is true and no MachineHealthCheck definition is available. | No |
checksMachineDeploymentTopologyHealthCheckChecks | checks are the checks that are used to evaluate if a Machine is healthy. If one of checks and remediation fields are set, the system assumes that an healthCheck override is defined, and as a consequence the checks and remediation fields from Cluster will be used instead of the corresponding fields in ClusterClass. Independent of this configuration the MachineHealthCheck controller will always flag Machines with cluster.x-k8s.io/remediate-machine annotation and Machines with deleted Nodes as unhealthy.Furthermore, if checks.nodeStartupTimeoutSeconds is not set it is defaulted to 10 minutes and evaluated accordingly. | No |
remediationMachineDeploymentTopologyHealthCheckRemediation | remediation configures if and how remediations are triggered if a Machine is unhealthy. If one of checks and remediation fields are set, the system assumes that an healthCheck override is defined, and as a consequence the checks and remediation fields from cluster will be used instead of the corresponding fields in ClusterClass. If an health check override is defined and remediation or remediation.triggerIf is not set, remediation will always be triggered for unhealthy Machines. If an health check override is defined and remediation or remediation.templateRef is not set, the OwnerRemediated condition will be set on unhealthy Machines to trigger remediation via the owner of the Machines, for example a MachineSet or a KubeadmControlPlane. | No |
MachineDeploymentTopologyMachineDeletionSpec
MachineDeploymentTopologyMachineDeletionSpec contains configuration options for Machine deletion.
Appears in: MachineDeploymentTopology
| Field | Description | Required |
|---|---|---|
orderMachineSetDeletionOrder | order defines the order in which Machines are deleted when downscaling. Defaults to "Random". Valid values are "Random, "Newest", "Oldest" | No |
nodeDrainTimeoutSecondsint32 | nodeDrainTimeoutSeconds is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: nodeDrainTimeoutSeconds is different from kubectl drain --timeoutValidation: Minimum: 0 | No |
nodeVolumeDetachTimeoutSecondsint32 | nodeVolumeDetachTimeoutSeconds is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. Validation: Minimum: 0 | No |
nodeDeletionTimeoutSecondsint32 | nodeDeletionTimeoutSeconds defines how long the controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. Defaults to 10 seconds. Validation: Minimum: 0 | No |
MachineDeploymentTopologyRolloutSpec
MachineDeploymentTopologyRolloutSpec defines the rollout behavior.
Appears in: MachineDeploymentTopology
| Field | Description | Required |
|---|---|---|
afterTime | after is a field to indicate a rollout should be performed after the specified time even if no changes have been made to the MachineDeployment. Example: In the YAML the time can be specified in the RFC3339 format. To specify the rolloutAfter target as March 9, 2023, at 9 am UTC use "2023-03-09T09:00:00Z". | No |
strategyMachineDeploymentTopologyRolloutStrategy | strategy specifies how to roll out control plane Machines. | No |
MachineDeploymentVariables
MachineDeploymentVariables can be used to provide variables for a specific MachineDeployment.
Appears in: MachineDeploymentTopology
| Field | Description | Required |
|---|---|---|
overrides[]ClusterVariable | overrides can be used to override Cluster level variables. Validation: Minimum items: 1 | No |
PatchSelectorMatch
PatchSelectorMatch selects templates based on where they are referenced. Note: The selector must match at least one template. Note: The results of selection based on the individual fields are ORed.
Appears in: PatchSelector
| Field | Description | Required |
|---|---|---|
controlPlanebool | controlPlane selects templates referenced in .spec.ControlPlane. Note: this will match the controlPlane and also the controlPlane machineInfrastructure (depending on the kind and apiVersion). | No |
infrastructureClusterbool | infrastructureCluster selects templates referenced in .spec.infrastructure. | No |
machineDeploymentClassPatchSelectorMatchMachineDeploymentClass | machineDeploymentClass selects templates referenced in specific MachineDeploymentClasses in .spec.workers.machineDeployments. | No |
machinePoolClassPatchSelectorMatchMachinePoolClass | machinePoolClass selects templates referenced in specific MachinePoolClasses in .spec.workers.machinePools. | No |
ValidationRule
ValidationRule describes a validation rule written in the CEL expression language.
Appears in: JSONSchemaProps
| Field | Description | Default | Required |
|---|---|---|---|
rulestring | rule represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec The Rule is scoped to the location of the x-kubernetes-validations extension in the schema. The self variable in the CEL expression is bound to the scoped value. If the Rule is scoped to an object with properties, the accessible properties of the object are field selectable via self.field and field presence can be checked via has(self.field). If the Rule is scoped to an object with additionalProperties (i.e. a map) the value of the map are accessible via self[mapKey], map containment can be checked via mapKey in self and all entries of the map are accessible via CEL macros and functions such as self.all(...). If the Rule is scoped to an array, the elements of the array are accessible via self[i] and also by macros and functions. If the Rule is scoped to a scalar, self is bound to the scalar value. Examples:
Unknown data preserved in custom resources via x-kubernetes-preserve-unknown-fields is not accessible in CEL expressions. This includes:
Only property names of the form [a-zA-Z_.-/][a-zA-Z0-9_.-/]* are accessible. Accessible property names are escaped according to the following rules when accessed in the expression:
If rule makes use of the oldSelf variable it is implicitly a transition rule.By default, the oldSelf variable is the same type as self.Transition rules by default are applied only on UPDATE requests and are skipped if an old value could not be found. Validation: Minimum length: 1 | No | |
messagestring | message represents the message displayed when validation fails. The message is required if the Rule contains line breaks. The message must not contain line breaks. If unset, the message is "failed rule: {Rule}". e.g. "must be a URL with the host matching spec.host" Validation: Minimum length: 1 | No | |
messageExpressionstring | messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. Since messageExpression is used as a failure message, it must evaluate to a string. If both message and messageExpression are present on a rule, then messageExpression will be used if validation fails. If messageExpression results in a runtime error, the validation failure message is produced as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset. messageExpression has access to all the same variables as the rule; the only difference is the return type. Example: "x must be less than max ("+string(self.max)+")" Validation: Minimum length: 1 | No | |
reasonFieldValueErrorReason | reason provides a machine-readable validation failure reason that is returned to the caller when a request fails this validation rule. The currently supported reasons are: "FieldValueInvalid", "FieldValueForbidden", "FieldValueRequired", "FieldValueDuplicate". If not set, default to use "FieldValueInvalid". All future added reasons must be accepted by clients when reading this value and unknown reasons should be treated as FieldValueInvalid. Validation: Allowed values: | FieldValueInvalid | No |
fieldPathstring | fieldPath represents the field path returned when the validation fails. It must be a relative JSON path (i.e. with array notation) scoped to the location of this x-kubernetes-validations extension in the schema and refer to an existing field. e.g. when validation checks if a specific attribute foo under a map testMap, the fieldPath could be set to .testMap.foo If the validation checks two lists must have unique attributes, the fieldPath could be set to either of the list: e.g. .testList It does not support list numeric index. It supports child operation to refer to an existing field currently. Refer to JSONPath support in Kubernetes for more info. Numeric index of array is not supported. For field name which contains special characters, use ['specialName'] to refer the field name. e.g. for attribute foo.34$ appears in a list testList, the fieldPath could be set to .testList['foo.34$']Validation: Minimum length: 1 | No |
VariableSchemaMetadata
VariableSchemaMetadata is the metadata of a variable or a nested field within a variable. It can be used to add additional data for higher level tools.
Appears in: JSONSchemaProps
| Field | Description | Required |
|---|---|---|
labelsmap[string]string | labels is a map of string keys and values that can be used to organize and categorize (scope and select) variables. | No |
annotationsmap[string]string | annotations is an unstructured key value map that can be used to store and retrieve arbitrary metadata. They are not queryable. | No |
ControlPlaneTopologyHealthCheckRemediationTriggerIf
ControlPlaneTopologyHealthCheckRemediationTriggerIf configures if remediations are triggered.
Appears in: ControlPlaneTopologyHealthCheckRemediation
| Field | Description | Required |
|---|---|---|
unhealthyLessThanOrEqualToIntOrString | unhealthyLessThanOrEqualTo specifies that remediations are only triggered if the number of unhealthy Machines is less than or equal to the configured value. unhealthyInRange takes precedence if set. | No |
unhealthyInRangestring | unhealthyInRange specifies that remediations are only triggered if the number of unhealthy Machines is in the configured range. Takes precedence over unhealthyLessThanOrEqualTo. Eg. "[3-5]" - This means that remediation will be allowed only when: (a) there are at least 3 unhealthy Machines (and) (b) there are at most 5 unhealthy Machines Validation: Pattern: | No |
FieldValueErrorReason
FieldValueErrorReason is a machine-readable value providing more detail about why a field failed the validation.
Appears in: ValidationRule
MachineDeploymentClassHealthCheckRemediationTriggerIf
MachineDeploymentClassHealthCheckRemediationTriggerIf configures if remediations are triggered.
Appears in: MachineDeploymentClassHealthCheckRemediation
| Field | Description | Required |
|---|---|---|
unhealthyLessThanOrEqualToIntOrString | unhealthyLessThanOrEqualTo specifies that remediations are only triggered if the number of unhealthy Machines is less than or equal to the configured value. unhealthyInRange takes precedence if set. | No |
unhealthyInRangestring | unhealthyInRange specifies that remediations are only triggered if the number of unhealthy Machines is in the configured range. Takes precedence over unhealthyLessThanOrEqualTo. Eg. "[3-5]" - This means that remediation will be allowed only when: (a) there are at least 3 unhealthy Machines (and) (b) there are at most 5 unhealthy Machines Validation: Pattern: | No |
MachineDeploymentClassRolloutStrategyRollingUpdate
MachineDeploymentClassRolloutStrategyRollingUpdate is used to control the desired behavior of rolling update.
Appears in: MachineDeploymentClassRolloutStrategy
| Field | Description | Required |
|---|---|---|
maxUnavailableIntOrString | maxUnavailable is the maximum number of machines that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 0. Example: when this is set to 30%, the old MachineSet can be scaled down to 70% of desired machines immediately when the rolling update starts. Once new machines are ready, old MachineSet can be scaled down further, followed by scaling up the new MachineSet, ensuring that the total number of machines available at all times during the update is at least 70% of desired machines. | No |
maxSurgeIntOrString | maxSurge is the maximum number of machines that can be scheduled above the desired number of machines. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 1. Example: when this is set to 30%, the new MachineSet can be scaled up immediately when the rolling update starts, such that the total number of old and new machines do not exceed 130% of desired machines. Once old machines have been killed, new MachineSet can be scaled up further, ensuring that total number of machines running at any time during the update is at most 130% of desired machines. | No |
MachineDeploymentTopologyHealthCheckChecks
MachineDeploymentTopologyHealthCheckChecks are the checks that are used to evaluate if a MachineDeployment Machine is healthy.
Appears in: MachineDeploymentTopologyHealthCheck
| Field | Description | Required |
|---|---|---|
nodeStartupTimeoutSecondsint32 | nodeStartupTimeoutSeconds allows to set the maximum time for MachineHealthCheck to consider a Machine unhealthy if a corresponding Node isn't associated through a Spec.ProviderID field.The duration set in this field is compared to the greatest of:
Defaults to 10 minutes. If you wish to disable this feature, set the value explicitly to 0. Validation: Minimum: 0 | No |
unhealthyNodeConditions[]UnhealthyNodeCondition | unhealthyNodeConditions contains a list of conditions that determine whether a node is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy. Validation: Maximum items: 100 | No |
unhealthyMachineConditions[]UnhealthyMachineCondition | unhealthyMachineConditions contains a list of the machine conditions that determine whether a machine is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the machine is unhealthy. Validation: Minimum items: 1 | No |
MachineDeploymentTopologyHealthCheckRemediation
MachineDeploymentTopologyHealthCheckRemediation configures if and how remediations are triggered if a MachineDeployment Machine is unhealthy.
Appears in: MachineDeploymentTopologyHealthCheck
| Field | Description | Required |
|---|---|---|
maxInFlightIntOrString | maxInFlight determines how many in flight remediations should happen at the same time. Remediation only happens on the MachineSet with the most current revision, while older MachineSets (usually present during rollout operations) aren't allowed to remediate. Note: In general (independent of remediations), unhealthy machines are always prioritized during scale down operations over healthy ones. MaxInFlight can be set to a fixed number or a percentage. Example: when this is set to 20%, the MachineSet controller deletes at most 20% of the desired replicas. If not set, remediation is limited to all machines (bounded by replicas) under the active MachineSet's management. | No |
triggerIfMachineDeploymentTopologyHealthCheckRemediationTriggerIf | triggerIf configures if remediations are triggered. If this field is not set, remediations are always triggered. | No |
templateRefMachineHealthCheckRemediationTemplateReference | templateRef is a reference to a remediation template provided by an infrastructure provider. This field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Cluster API. | No |
MachineDeploymentTopologyRolloutStrategy
MachineDeploymentTopologyRolloutStrategy describes how to replace existing machines with new ones.
Appears in: MachineDeploymentTopologyRolloutSpec
| Field | Description | Required |
|---|---|---|
typeMachineDeploymentRolloutStrategyType | type of rollout. Allowed values are RollingUpdate and OnDelete. Default is RollingUpdate. | No |
rollingUpdateMachineDeploymentTopologyRolloutStrategyRollingUpdate | rollingUpdate is the rolling update config params. Present only if type = RollingUpdate. | No |
PatchSelectorMatchMachineDeploymentClass
PatchSelectorMatchMachineDeploymentClass selects templates referenced in specific MachineDeploymentClasses in .spec.workers.machineDeployments.
Appears in: PatchSelectorMatch
| Field | Description | Required |
|---|---|---|
names[]string | names selects templates by class names. Validation: Maximum items: 100 | No |
MachineDeploymentTopologyHealthCheckRemediationTriggerIf
MachineDeploymentTopologyHealthCheckRemediationTriggerIf configures if remediations are triggered.
Appears in: MachineDeploymentTopologyHealthCheckRemediation
| Field | Description | Required |
|---|---|---|
unhealthyLessThanOrEqualToIntOrString | unhealthyLessThanOrEqualTo specifies that remediations are only triggered if the number of unhealthy Machines is less than or equal to the configured value. unhealthyInRange takes precedence if set. | No |
unhealthyInRangestring | unhealthyInRange specifies that remediations are only triggered if the number of unhealthy Machines is in the configured range. Takes precedence over unhealthyLessThanOrEqualTo. Eg. "[3-5]" - This means that remediation will be allowed only when: (a) there are at least 3 unhealthy Machines (and) (b) there are at most 5 unhealthy Machines Validation: Minimum length: 1 | No |
MachineDeploymentTopologyRolloutStrategyRollingUpdate
MachineDeploymentTopologyRolloutStrategyRollingUpdate is used to control the desired behavior of rolling update.
Appears in: MachineDeploymentTopologyRolloutStrategy
| Field | Description | Required |
|---|---|---|
maxUnavailableIntOrString | maxUnavailable is the maximum number of machines that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 0. Example: when this is set to 30%, the old MachineSet can be scaled down to 70% of desired machines immediately when the rolling update starts. Once new machines are ready, old MachineSet can be scaled down further, followed by scaling up the new MachineSet, ensuring that the total number of machines available at all times during the update is at least 70% of desired machines. | No |
maxSurgeIntOrString | maxSurge is the maximum number of machines that can be scheduled above the desired number of machines. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 1. Example: when this is set to 30%, the new MachineSet can be scaled up immediately when the rolling update starts, such that the total number of old and new machines do not exceed 130% of desired machines. Once old machines have been killed, new MachineSet can be scaled up further, ensuring that total number of machines running at any time during the update is at most 130% of desired machines. | No |
MachineAddressType
MachineAddressType describes a valid MachineAddress type.
Appears in: MachineAddress
cni.tanzu.vmware.com/v1alpha1
Resource Types:
AntreaConfig
AntreaConfig is the Schema for the antreaconfigs API.
Deprecated: use AddonConfig (addons.kubernetes.vmware.com) to configure Antrea on Kubernetes 1.35+ clusters.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | No | |
specAntreaConfigSpec | Yes | |
statusAntreaConfigStatus | No |
CalicoConfig
CalicoConfig is the Schema for the calicoconfigs API.
Deprecated: use AddonConfig (addons.kubernetes.vmware.com) to configure Calico on Kubernetes 1.35+ clusters.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | No | |
specCalicoConfigSpec | Yes | |
statusCalicoConfigStatus | No |
AntreaConfigSpec
AntreaConfigSpec defines the desired state of AntreaConfig
Appears in: AntreaConfig
| Field | Description | Default | Required |
|---|---|---|---|
antreaAntrea | : {} | No | |
antreaNSXAntreaNSX | AntreaNSX defines nsxt adapter related configurations | : {} | No |
antreaIPFIXAntreaIPFIX | : {} | No |
AntreaConfigStatus
AntreaConfigStatus defines the observed state of AntreaConfig
Appears in: AntreaConfig
| Field | Description | Required |
|---|---|---|
messagestring | Message to indicate failure reason | No |
secretRefstring | Reference to the data value secret created by controller | No |
CalicoConfigSpec
CalicoConfigSpec defines the desired state of CalicoConfig.
Appears in: CalicoConfig
| Field | Description | Required |
|---|---|---|
calicoCalico | No |
CalicoConfigStatus
CalicoConfigStatus defines the observed state of CalicoConfig.
Appears in: CalicoConfig
| Field | Description | Required |
|---|---|---|
secretRefstring | SecretRef is the name of the data value secret created by calico controller. | No |
Antrea
Appears in: AntreaConfigSpec
| Field | Description | Default | Required |
|---|---|---|---|
configAntreaConfigDataValue | : {} | No | |
windowsAntreaWindowsConfigDataValue | : {} | No |
AntreaIPFIX
Appears in: AntreaConfigSpec
| Field | Description | Required |
|---|---|---|
enablebool | Enable indicates AntreaIPFIX shall be enabled in the cluster | No |
AntreaNSX
Appears in: AntreaConfigSpec
| Field | Description | Default | Required |
|---|---|---|---|
enablebool | Enable indicates whether nsxt adapter shall be enabled in the cluster. | No | |
configAntreaNSXConfig | Config is configuration for nsxt adapter. | : {} | No |
Calico
Calico stores the configurations for Calico.
Appears in: CalicoConfigSpec
| Field | Description | Required |
|---|---|---|
configCalicoConfigDataValue | No |
AntreaConfigDataValue
Appears in: Antrea
| Field | Description | Default | Required |
|---|---|---|---|
egressAntreaEgress | Specifies Egress related configuration. | No | |
nodePortLocalAntreaNodePortLocal | Specifies NodePortLocal related configuration. | No | |
antreaProxyAntreaProxy | Specifies AntreaProxy related configuration. | No | |
flowExporterAntreaFlowExporter | Specifies FlowExporter related configuration. | No | |
kubeAPIServerOverridestring | Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig. | No | |
multicastAntreaMulticast | Multicast related configuration. | No | |
multiclusterAntreaMultiCluster | MultiCluster realted configuration. | No | |
cloudProviderAntreaCloudProvider | CloudProvider realted configuration. | No | |
transportInterfacestring | The name of the interface on Node which is used for tunneling or routing. | No | |
transportInterfaceCIDRs[]string | The network CIDRs of the interface on Node which is used for tunneling or routing. | No | |
multicastInterfaces[]string | The names of the interfaces on Nodes that are used to forward multicast traffic. | No | |
tunnelTypestring | Tunnel protocols used for encapsulating traffic across Nodes. One of the following options =:> geneve, vxlan, gre, stt | No | |
tunnelPortint | TunnelPort is the destination port for UDP and TCP based tunnel protocols (Geneve, VXLAN, and STT).If zero, it will use the assigned IANA port for the protocol. | 0 | No |
tunnelCsumbool | TunnelCsum determines whether to compute UDP encapsulation header (Geneve or VXLAN) checksums on outgoing packets | false | No |
trafficEncryptionModestring | Determines how tunnel traffic is encrypted. One of the following options =:> none, ipsec, wireguard | No | |
enableUsageReportingbool | Enable usage reporting (telemetry) to VMware. | false | No |
wireGuardAntreaWireGuard | Specifies WireGuard related configuration. | No | |
serviceCIDRstring | ClusterIP CIDR range for Services. | No | |
trafficEncapModestring | The traffic encapsulation mode. One of the following options → encap, noEncap, hybrid, networkPolicyOnly Validation: Allowed values: | encap | No |
noSNATbool | Flag to enable/disable SNAT for the egress traffic from a Pod to the external network | false | No |
disableUdpTunnelOffloadbool | Disable UDP tunnel offload feature on default NIC | false | No |
defaultMTUstring | Default MTU to use for the host gateway interface and the network interface of each Pod. If omitted, antrea-agent will discover the MTU of the Node's primary interface | No | |
tlsCipherSuitesstring | List of allowed cipher suites. If omitted, the default Go Cipher Suites will be used | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | No |
enableBridgingModebool | Enable bridging mode of Pod network on Nodes | false | No |
disableTXChecksumOffloadbool | Disable TX checksum offloading for container network interfaces | false | No |
dnsServerOverridestring | Provide the address of DNS server, to override the kube-dns service | No | |
fqdnCacheMinTTLint | fqdnCacheMinTTL helps address the issue of applications caching DNS response IPs beyond the TTL value for the DNS record. It is used to enforce FQDN policy rules, ensuring that resolved IPs are included in datapath rules for as long as the application caches them. Ideally, this value should be set to the maximum caching duration across all applications. | No | |
snatFullyRandomPortsbool | Fully randomize source port mapping in SNAT rules used for egress traffic from Pods to the external network. | No | |
featureGatesAntreaFeatureGates | FeatureGates is a map of feature names to flags that enable or disable experimental features | : {} | No |
packetInRateint | PacketInRate defines the OVS controller packet rate limits for different features. The number stands for the rate as packets per second(pps) and the burst size will be automatically set to twice the rate. | No | |
auditLoggingAuditLogging | Log rotation configuration for audit logs. | No | |
secondaryNetworkAntreaSecondaryNetwork | Configuration of OVS bridges for secondary network. At the moment, at most one OVS bridge can be specified. If the specified bridge does not exist on the Node, antrea-agent will create it based on the configuration. | No |
AntreaNSXConfig
Appears in: AntreaNSX
| Field | Description | Default | Required |
|---|---|---|---|
bootstrapFromstring | BootstrapFrom is used to specify the bootstrap method: either Inline or SupervisorCluster. | No | |
nsxCertstring | One line base64 encoded data. Can be generated by command: cat tls.crt | base64 -w 0 | No | |
nsxKeystring | NSXKey is base64 encoded NSX client key data.One line base64 encoded data. Can be generated by command: cat tls.key | base64 -w 0 | No | |
clusterNamestring | ClusterName is the name of the cluster. | No | |
nsxManagers[]string | NSXManagers is a string slice that contains the IP address or domain name of the NSX Managers. | No | |
vpcPath[]string | VPCPath is the VPC configuration path. | No | |
proxyEndpointsProxyEndpoints | ProxyEndpoints is a struct for proxy endpoints containing the information needed to access the API server. | No | |
mpAdapterConfMPAdapterConf | : {} | No | |
ccpAdapterConfCCPAdapterConf | : {} | No |
AntreaWindowsConfigDataValue
Appears in: Antrea
| Field | Description | Default | Required |
|---|---|---|---|
configAntreaWindowsConfig | : {} | No | |
enablebool | Enable windows config | No |
CalicoConfigDataValue
CalicoConfigDataValue contains the specific configurations for the Calico package.
Appears in: Calico
| Field | Description | Default | Required |
|---|---|---|---|
vethMTUint64 | VethMTU defines maximum transmission unit. "0" as default means MTU will be auto detected. Validation: Minimum: 0 | 0 | No |
skipCNIBinariesbool | SkipCNIBinaries allows to skip the cni plugin binaries installation. Default to false. Set to true for providers who already installed cni plugin binaries in their OVAs and do not want Calico to overwrite them. | false | No |
ipv4AutodetectionMethodstring | The method to use to autodetect the IPv4 address for this host. If it is empty then the first-found method is used. | No | |
ipv6AutodetectionMethodstring | The method to use to autodetect the IPv6 address for this host. If it is empty then the first-found method is used. | No |
AntreaCloudProvider
Appears in: AntreaConfigDataValue
| Field | Description | Required |
|---|---|---|
namestring | Name is the cloud provider name. Disable the cloud controller if it is empty. At the moment, the only supported value is "aws". | No |
AntreaEgress
Appears in: AntreaConfigDataValue
| Field | Description | Required |
|---|---|---|
exceptCIDRs[]string | EgressExceptCIDRs is a list of CIDR ranges to which outbound Pod traffic will not be SNAT'd by Egresses, e.g. ["192.168.0.0/16", "172.16.0.0/12"]. | No |
maxEgressIPsPerNodeint | MaxEgressIPsPerNode is the maximum number of Egress IPs that can be assigned to a Node. It's useful when the Node network restricts the number of secondary IPs a Node can have. It must not be greater than 255. | No |
snatFullyRandomPortsbool | SnatFullyRandomPorts fully randomizes source port mapping in Egress SNAT rules. This has no impact on the default SNAT rules enforced by each Node for local Pod traffic. By default, we use the same value as for the top-level snatFullyRandomPorts configuration, but this field can be used as an override. | No |
AntreaFeatureGates
Appears in: AntreaConfigDataValue
| Field | Description | Default | Required |
|---|---|---|---|
AntreaProxybool | Enable AntreaProxy which provides ServiceLB for in-cluster Services in antrea-agent. Note that this feature gate is deprecated since this feature was promoted to GA in v1.14. | true | No |
EndpointSlicebool | Flag to enable/disable EndpointSlice support in AntreaProxy. If AntreaProxy is not enabled, this flag will not take effect | false | No |
AntreaPolicybool | Flag to enable/disable antrea policy | true | No |
FlowExporterbool | Flag to enable/disable flow exporter | false | No |
Egressbool | Flag to enable/disable SNAT IPs of Pod egress traffic | true | No |
NodePortLocalbool | Flag to enable/disable NodePortLocal feature to make the pods reachable externally through NodePort | true | No |
AntreaTraceflowbool | Flag to enable/disable antrea traceflow | true | No |
NetworkPolicyStatsbool | Flag to enable/disable network policy stats | false | No |
AntreaIPAMbool | Flag to enable/disable antrea IPAM | false | No |
ServiceExternalIPbool | Flag to enable/disable service external IP | false | No |
Multicastbool | Flag to enable/disable multicast | false | No |
Multiclusterbool | Enable Antrea Multi-cluster Gateway to support cross-cluster traffic. | false | No |
SecondaryNetworkbool | Enable support for provisioning secondary network interfaces for Pods (using Pod annotations). | false | No |
TrafficControlbool | Enable mirroring or redirecting the traffic Pods send or receive. | false | No |
TopologyAwareHintsbool | Enable TopologyAwareHints in AntreaProxy. This requires AntreaProxy and EndpointSlice to be enabled, otherwise this flag will not take effect. | false | No |
SupportBundleCollectionbool | Enable collecting support bundle files with SupportBundleCollection CRD. | No | |
L7NetworkPolicybool | Enable users to protect their applications by specifying how they are allowed to communicate with others. | No | |
AdminNetworkPolicybool | Enable the use of Network Policy APIs which helps administrators set security postures for their clusters. | No | |
CleanupStaleUDPSvcConntrackbool | Enable support for cleaning up stale UDP Service conntrack connections in AntreaProxy | No | |
NodeLatencyMonitorbool | Enable NodeLatencyMonitor to monitor the latency between Nodes. | No | |
EgressTrafficShapingbool | Enable Egress traffic shaping. | No | |
EgressSeparateSubnetbool | Allow users to allocate Egress IPs from a different subnet from the default Node subnet. | No | |
NodeNetworkPolicybool | Allow users to apply ClusterNetworkPolicy to Kubernetes Nodes. | No | |
L7FlowExporterbool | Enable L7FlowExporter on Pods and Namespaces to export the application layer flows such as HTTP flows. | No | |
PacketCapturebool | Enable PacketCapture feature which supports capturing packets to diagnose network issues. | No | |
ServiceTrafficDistributionbool | Enable ServiceTrafficDistribution in AntreaProxy. This requires AntreaProxy and EndpointSlice to be enabled, otherwise this flag will not take effect. | No |
AntreaFlowExporter
Appears in: AntreaConfigDataValue, AntreaWindowsConfig
| Field | Description | Required |
|---|---|---|
enablebool | Enable FlowExporter, a feature used to export polled conntrack connections as IPFIX flow records from each agent to a configured collector. To enable this feature, you need to set "enable" to true, and ensure that the FlowExporter feature gate is also enabled. | No |
collectorAddressstring | CollectorAddress provides the IPFIX collector address as a string with format <HOST>:[<PORT>][:<PROTO>]. HOST can either be the DNS name, IP, or Service name of the Flow Collector. If using an IP, it can be either IPv4 or IPv6. However, IPv6 address should be wrapped with []. When the collector is running in-cluster as a Service, set <HOST> to <Service namespace>/<Service name>. For example, "flow-aggregator/flow-aggregator" can be provided to connect to the Antrea Flow Aggregator Service. If PORT is empty, we default to 14739. If no PROTO is given, we consider "grpc" as default. We support "grpc", "tls", "tcp" and "udp" protocols. "grpc", "tls" are used for securing communication between flow exporter and flow aggregator. | No |
pollIntervalstring | PollInterval provides flow poll interval as a duration string. This determines how often the flow exporter dumps connections from the conntrack module. Flow poll interval should be greater than or equal to 1s (one second). Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". | No |
activeFlowTimeoutstring | ActiveFlowTimeout provides the active flow export timeout, which is the timeout after which a flow record is sent to the collector for active flows. Thus, for flows with a continuous stream of packets, a flow record will be exported to the collector once the elapsed time since the last export event is equal to the value of this timeout. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". | No |
idleFlowTimeoutstring | IdleFlowTimeout provides the idle flow export timeout, which is the timeout after which a flow record is sent to the collector for idle flows. A flow is considered idle if no packet matching this flow has been observed since the last export event. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". | No |
AntreaMultiCluster
Appears in: AntreaConfigDataValue
| Field | Description | Required |
|---|---|---|
enablebool | Enable indicates whether to enable Antrea Multi-cluster Gateway to support cross-cluster traffic. This feature is supported only with encap mode. | No |
namespacestring | Namespace is the Namespace where Antrea Multi-cluster Controller is running. The default is antrea-agent's Namespace. | No |
enableStretchedNetworkPolicybool | EnableStretchedNetworkPolicy enables Multi-cluster NetworkPolicy (ingress rules). Multi-cluster Gateway must be enabled to enable StretchedNetworkPolicy. | No |
enablePodToPodConnectivitybool | EnablePodToPodConnectivity enables Pod to Pod connectivity. | No |
AntreaMulticast
Appears in: AntreaConfigDataValue
| Field | Description | Required |
|---|---|---|
enablebool | Enable is used to enable Multicast. You need to set "enable" to true, and ensure that the Multicast feature gate is also enabled (which is the default). | No |
igmpQueryIntervalstring | IGMPQueryInterval is the interval at which the antrea-agent sends IGMP queries to Pods. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". | No |
igmpQueryVersions[]int | IGMPQueryVersions specifies the versions of IGMP queries antrea-agent sends to Pods. Valid versions are 1, 2 and 3. | No |
AntreaNodePortLocal
Appears in: AntreaConfigDataValue, AntreaWindowsConfig
| Field | Description | Required |
|---|---|---|
enabledbool | Enabled enables NodePortLocal, a feature used to make Pods reachable using port forwarding on the host. | No |
portRangestring | PortRange provides the port range used by NodePortLocal. When the NodePortLocal feature is enabled, a port from that range will be assigned whenever a Pod's container defines a specific port to be exposed (each container can define a list of ports as pod.spec.containers[].ports), and all Node traffic directed to that port will be forwarded to the Pod. Format: "61000-62000". | No |
AntreaProxy
Appears in: AntreaConfigDataValue
| Field | Description | Required |
|---|---|---|
proxyAllbool | ProxyAll tells antrea-agent to proxy all Service traffic, including NodePort, LoadBalancer, and ClusterIP traffic, regardless of where they come from. Therefore, running kube-proxy is no longer required. Note that this option is experimental. If kube-proxy is removed, option kubeAPIServerOverride must be used to access apiserver directly. | No |
nodePortAddresses[]string | NodePortAddresses is a string array of values which specifies the host IPv4/IPv6 addresses for NodePort. Values can be valid IP blocks. (e.g. 1.2.3.0/24, 1.2.3.4/32). An empty string slice is meant to select all host IPv4/IPv6 addresses. Note that the option is only valid when proxyAll is true. | No |
skipServices[]string | SkipServices is an array of string values to specify a list of Services which should be ignored by AntreaProxy (traffic to these Services will not be load-balanced). Values can be a valid ClusterIP (e.g. 10.11.1.2) or a Service name with Namespace (e.g. kube-system/kube-dns) | No |
proxyLoadBalancerIPsbool | ProxyLoadBalancerIPs when set to false, AntreaProxy no longer load-balances traffic destined to the External IPs of LoadBalancer Services. This is useful when the external LoadBalancer provides additional capabilities (e.g. TLS termination) and it is desirable for Pod-to-ExternalIP traffic to be sent to the external LoadBalancer instead of being load-balanced to an Endpoint directly by AntreaProxy. Note that setting ProxyLoadBalancerIPs to false usually only makes sense when proxyAll is set to true and kube-proxy is removed from the cluster, otherwise kube-proxy will still load-balance this traffic. | No |
serviceProxyNamestring | ServiceProxyName is the value of the "service.kubernetes.io/service-proxy-name" label for AntreaProxy to match. If it is set, then AntreaProxy will only handle Services with the label that equals the provided value. If it is not set, then AntreaProxy will only handle Services without the "service.kubernetes.io/service-proxy-name" label, ignoring Services with the label regardless of the value. | No |
enablebool | Enable controls whether to disable AntreaProxy. Set this to false to disable AntreaProxy. | No |
disableServiceHealthCheckServerbool | DisableServiceHealthCheckServer disables the health check server run by Antrea Proxy, which provides health information about Services of type LoadBalancer with externalTrafficPolicy set to Local, when proxyAll is enabled. This avoids race conditions between kube-proxy and Antrea proxy, with both trying to bind to the same addresses, when proxyAll is enabled while kube-proxy has not been removed. | No |
AntreaSecondaryNetwork
Appears in: AntreaConfigDataValue
| Field | Description | Required |
|---|---|---|
ovsBridges[]OVSBridge | OVSBridges is the configuration of OVS bridges for secondary network. At the moment, at most one OVS bridge can be specified. If the specified bridge does not exist on the Node, antrea-agent will create it based on the configuration. | No |
AntreaWindowsConfig
Appears in: AntreaWindowsConfigDataValue
| Field | Description | Default | Required |
|---|---|---|---|
antreaProxyAntreaWindowsProxy | Specifies AntreaProxy related configuration. | No | |
nodePortLocalAntreaNodePortLocal | Specifies NodePortLocal related configuration. | No | |
flowExporterAntreaFlowExporter | Specifies FlowExporter related configuration. | No | |
kubeAPIServerOverridestring | Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig. | No | |
transportInterfacestring | The name of the interface on Node which is used for tunneling or routing. | No | |
transportInterfaceCIDRs[]string | The network CIDRs of the interface on Node which is used for tunneling or routing. | No | |
tlsCipherSuitesstring | List of allowed cipher suites. If omitted, the default Go Cipher Suites will be used | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | No |
featureGatesAntreaWindowsFeatureGates | FeatureGates is a map of feature names to flags that enable or disable experimental features | No |
AntreaWireGuard
Appears in: AntreaConfigDataValue
| Field | Description | Required |
|---|---|---|
portint | Port is the port for WireGuard to receive traffic. | No |
AuditLogging
Appears in: AntreaConfigDataValue
| Field | Description | Required |
|---|---|---|
maxSizeint | MaxSize is the maximum size in MB of a log file before it gets rotated. | No |
maxBackupsint | MaxBackups is the maximum number of old log files to retain. If set to 0, all log files will be retained (unless MaxAge causes them to be deleted). | No |
maxAgeint | MaxAge is the maximum number of days to retain old log files based on the timestamp encoded in their filename. If set to 0, old log files are not removed based on age. | No |
compressbool | Compress enables gzip compression on rotated files. | No |
CCPAdapterConf
Appears in: AntreaNSXConfig
| Field | Description | Required |
|---|---|---|
enableDebugServerbool | EnableDebugServer indicates whether to enable the debug server. | No |
apiServerPortint | Port on which the API server listens. | No |
debugServerPortint | DebugServerPort is the port for the APIServer to serve on. Defaults to 16667. | No |
nsxRPCDebugbool | NSXRPCDebug indicates whether to enable NSX RPC debug mode. | No |
realizeTimeoutSecondsint | Time to wait for realization. | No |
realizeErrorSyncIntervalSecondsint | An interval for regularly report latest realization error in background. | No |
reconcilerWorkerCountint | Number of workers for reconciler. | No |
reconcilerQPSint | Average QPS = ReconcilerWorkerCount * ReconcilerQPS | No |
reconcilerBurstint | Peak QPS = ReconcilerWorkerCount * ReconcilerBurst | No |
reconcilerResyncSecondsint | Period for Reconciler to rsync downstream events. | No |
MPAdapterConf
Appears in: AntreaNSXConfig
| Field | Description | Required |
|---|---|---|
nsxClientAuthCertFilestring | Path to the client authentication certificate file. | No |
nsxClientAuthKeyFilestring | Path to the client authentication key file. | No |
nsxRemoteAuthbool | NSXRemoteAuth indicates whether to use remote authentication. | No |
nsxCAFilestring | Path to the CA file. | No |
nsxInsecurebool | NSXInsecure indicates whether to enable insecure connections. | No |
nsxRPCConnTypestring | NsxRpcConnType is the NSX connection type: either mock or tnproxy. | No |
clusterTypestring | ClusterType represents the type of the cluster. | No |
nsxClientTimeoutint | Timeout for NSX client. | No |
inventoryBatchSizeint | InventoryBatchSize is the max objects in one inventory update request. | No |
inventoryBatchPeriodint | InventoryBatchPeriod is the time in seconds to send out request even if the max batch size is not reached. | No |
enableDebugServerbool | EnableDebugServer indicates whether to enable the debug server. | No |
apiServerPortint | Port on which the API server listens. | No |
debugServerPortint | DebugServerPort is the port for the APIServer to serve on. Defaults to 16666. | No |
nsxRPCDebugbool | NSXRPCDebug indicates whether to enable NSX RPC debug mode. | No |
conditionTimeoutint | Monitor for determine the timeout. | No |
nsxVerifyServerNamebool | NSXVerifyServerName indicates whether to validate NSX server name when NSXInsecure is false. | No |
ProxyEndpoints
ProxyEndpoints is a struct for proxy endpoints containing the information needed to access the API server.
Appears in: AntreaNSXConfig
| Field | Description | Required |
|---|---|---|
restApi[]string | RestAPI is a string slice that contains the IP address or domain name of the REST API endpoint. | No |
nsxRpcFwdProxy[]string | NSXRPCFwdProxy is a string slice that contains the IP address or domain name of the NSX RPC forward proxy. | No |
AntreaWindowsFeatureGates
Appears in: AntreaWindowsConfig
| Field | Description | Required |
|---|---|---|
AntreaProxybool | Enable antrea proxy which provides ServiceLB for in-cluster services in antrea agent. It should be enabled on Windows, otherwise NetworkPolicy will not take effect on Service traffic. Note that this feature gate is deprecated since this feature was promoted to GA in v1.14. | No |
NodePortLocalbool | Enable NodePortLocal feature to make the Pods reachable externally through NodePort | No |
FlowExporterbool | Enable flowexporter which exports polled conntrack connections as IPFIX flow records from each agent to a configured collector. | No |
AntreaWindowsProxy
Appears in: AntreaWindowsConfig
| Field | Description | Required |
|---|---|---|
enablebool | Enable controls whether to enable AntreaProxy on Windows nodes. Set this to true to enable AntreaProxy. To disable AntreaProxy, set this to false. It should be enabled on Windows, otherwise NetworkPolicy will not take effect on Service traffic. | No |
proxyAllbool | ProxyAll tells antrea-agent to proxy ClusterIP Service traffic, regardless of where they come from. Therefore, running kube-proxy is no longer required. This requires the AntreaProxy feature to be enabled. Note that this option is experimental. If kube-proxy is removed, option kubeAPIServerOverride must be used to access apiserver directly. | No |
serviceProxyNamestring | The value of the "service.kubernetes.io/service-proxy-name" label for AntreaProxy to match. If it is set, then AntreaProxy will only handle Services with the label that equals the provided value. If it is not set, then AntreaProxy will only handle Services without the "service.kubernetes.io/service-proxy-name" label, but ignore Services with the label no matter what is the value. | No |
OVSBridge
Appears in: AntreaSecondaryNetwork
| Field | Description | Required |
|---|---|---|
bridgeNamestring | BridgeName is the name of the OVS bridge for secondary network. At the moment, at most one OVS bridge can be specified. If the specified bridge does not exist on the Node, antrea-agent will create it based on the configuration. | No |
physicalInterfaces[]string | PhysicalInterfaces is a list of physical interfaces to be connected to the OVS bridge. These interfaces will serve as uplinks for the bridge. For now, at most one interface should be specified on VKS cluster | No |
enableMulticastSnoopingbool | EnableMulticastSnooping enables multicast snooping on the OVS bridge, allowing the bridge to learn about multicast group memberships and forward multicast traffic only to ports that have interested receivers. When disabled, multicast traffic is flooded to all ports in the bridge. The default value is false | No |
controlplane.cluster.x-k8s.io/v1beta1
Resource Types:
KubeadmControlPlane
KubeadmControlPlane is the Schema for the KubeadmControlPlane API.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specKubeadmControlPlaneSpec | spec is the desired state of KubeadmControlPlane. | No |
statusKubeadmControlPlaneStatus | status is the observed state of KubeadmControlPlane. | No |
KubeadmControlPlaneTemplate
KubeadmControlPlaneTemplate is the Schema for the kubeadmcontrolplanetemplates API.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specKubeadmControlPlaneTemplateSpec | spec is the desired state of KubeadmControlPlaneTemplate. | No |
KubeadmControlPlaneSpec
KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane.
Appears in: KubeadmControlPlane
| Field | Description | Default | Required |
|---|---|---|---|
replicasint32 | replicas is the number of desired machines. Defaults to 1. When stacked etcd is used only odd numbers are permitted, as per etcd best practice. This is a pointer to distinguish between explicit zero and not specified. | No | |
versionstring | version defines the desired Kubernetes version. Please note that if kubeadmConfigSpec.ClusterConfiguration.imageRepository is not set we don't allow upgrades to versions ≥ v1.22.0 for which kubeadm uses the old registry (k8s.gcr.io). Please use a newer patch version with the new registry instead. The default registries of kubeadm are: * registry.k8s.io (new registry): ≥ v1.22.17, ≥ v1.23.15, ≥ v1.24.9, ≥ v1.25.0 * k8s.gcr.io (old registry): all older versions Validation: Maximum length: 256 | Yes | |
machineTemplateKubeadmControlPlaneMachineTemplate | machineTemplate contains information about how machines should be shaped when creating or updating a control plane. | Yes | |
kubeadmConfigSpecKubeadmConfigSpec | kubeadmConfigSpec is a KubeadmConfigSpec to use for initializing and joining machines to the control plane. | Yes | |
rolloutBeforeRolloutBefore | rolloutBefore is a field to indicate a rollout should be performed if the specified criteria is met. | No | |
rolloutAfterTime | rolloutAfter is a field to indicate a rollout should be performed after the specified time even if no changes have been made to the KubeadmControlPlane. Example: In the YAML the time can be specified in the RFC3339 format. To specify the rolloutAfter target as March 9, 2023, at 9 am UTC use "2023-03-09T09:00:00Z". | No | |
rolloutStrategyRolloutStrategy | rolloutStrategy is the RolloutStrategy to use to replace control plane machines with new ones. | rollingUpdate.maxSurge: 1 type: RollingUpdate | No |
remediationStrategyRemediationStrategy | remediationStrategy is the RemediationStrategy that controls how control plane machine remediation happens. | No | |
machineNamingStrategyMachineNamingStrategy | machineNamingStrategy allows changing the naming pattern used when creating Machines. InfraMachines & KubeadmConfigs will use the same name as the corresponding Machines. | No |
KubeadmControlPlaneStatus
KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane.
Appears in: KubeadmControlPlane
| Field | Description | Required |
|---|---|---|
selectorstring | selector is the label selector in string format to avoid introspection by clients, and is used to provide the CRD-based integration for the scale subresource and additional integrations for things like kubectl describe.. The string will be in the same format as the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors Validation: Minimum length: 1 | No |
replicasint32 | replicas is the total number of non-terminated machines targeted by this control plane (their labels match the selector). | No |
versionstring | version represents the minimum Kubernetes version for the control plane machines in the cluster. Validation: Minimum length: 1 | No |
updatedReplicasint32 | updatedReplicas is the total number of non-terminated machines targeted by this control plane that have the desired template spec. | No |
readyReplicasint32 | readyReplicas is the total number of fully running and ready control plane machines. | No |
unavailableReplicasint32 | unavailableReplicas is the total number of unavailable machines targeted by this control plane. This is the total number of machines that are still required for the deployment to have 100% available capacity. They may either be machines that are running but not yet ready or machines that still have not been created. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. | No |
initializedbool | initialized denotes that the KubeadmControlPlane API Server is initialized and thus it can accept requests. NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning. The value of this field is never updated after provisioning is completed. Please use conditions to check the operational state of the control plane. | No |
readybool | ready denotes that the KubeadmControlPlane API Server became ready during initial provisioning to receive requests. NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning. The value of this field is never updated after provisioning is completed. Please use conditions to check the operational state of the control plane. | No |
failureReasonKubeadmControlPlaneStatusError | failureReason indicates that there is a terminal problem reconciling the state, and will be set to a token value suitable for programmatic interpretation. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. | No |
failureMessagestring | failureMessage indicates that there is a terminal problem reconciling the state, and will be set to a descriptive error message. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. Validation: Minimum length: 1 | No |
observedGenerationint64 | observedGeneration is the latest generation observed by the controller. | No |
conditionsConditions | conditions defines current service state of the KubeadmControlPlane. | No |
lastRemediationLastRemediationStatus | lastRemediation stores info about last remediation performed. | No |
v1beta2KubeadmControlPlaneV1Beta2Status | v1beta2 groups all the fields that will be added or modified in KubeadmControlPlane's status with the V1Beta2 version. | No |
KubeadmControlPlaneTemplateSpec
KubeadmControlPlaneTemplateSpec defines the desired state of KubeadmControlPlaneTemplate.
Appears in: KubeadmControlPlaneTemplate
| Field | Description | Required |
|---|---|---|
templateKubeadmControlPlaneTemplateResource | template defines the desired state of KubeadmControlPlaneTemplate. | Yes |
KubeadmControlPlaneMachineTemplate
KubeadmControlPlaneMachineTemplate defines the template for Machines in a KubeadmControlPlane object.
Appears in: KubeadmControlPlaneSpec
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
infrastructureRefObjectReference | infrastructureRef is a required reference to a custom resource offered by an infrastructure provider. | Yes |
readinessGates[]MachineReadinessGate | readinessGates specifies additional conditions to include when evaluating Machine Ready condition; KubeadmControlPlane will always add readinessGates for the condition it is setting on the Machine: APIServerPodHealthy, SchedulerPodHealthy, ControllerManagerPodHealthy, and if etcd is managed by CKP also EtcdPodHealthy, EtcdMemberHealthy. This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine. NOTE: This field is considered only for computing v1beta2 conditions. Validation: Maximum items: 32 | No |
nodeDrainTimeoutDuration | nodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from kubectl drain --timeout | No |
nodeVolumeDetachTimeoutDuration | nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. | No |
nodeDeletionTimeoutDuration | nodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. If no value is provided, the default value for this property of the Machine resource will be used. | No |
taints[]MachineTaint | taints are the node taints that Cluster API will manage. This list is not necessarily complete: other Kubernetes components may add or remove other taints from nodes, e.g. the node controller might add the node.kubernetes.io/not-ready taint. Only those taints defined in this list will be added or removed by core Cluster API controllers. There can be at most 64 taints. A pod would have to tolerate all existing taints to run on the corresponding node. NOTE: This list is implemented as a "map" type, meaning that individual elements can be managed by different owners. Validation: Minimum items: 1 | No |
KubeadmControlPlaneTemplateResource
KubeadmControlPlaneTemplateResource describes the data needed to create a KubeadmControlPlane from a template.
Appears in: KubeadmControlPlaneTemplateSpec
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specKubeadmControlPlaneTemplateResourceSpec | spec is the desired state of KubeadmControlPlaneTemplateResource. | Yes |
KubeadmControlPlaneV1Beta2Status
KubeadmControlPlaneV1Beta2Status Groups all the fields that will be added or modified in KubeadmControlPlane with the V1Beta2 version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.
Appears in: KubeadmControlPlaneStatus
| Field | Description | Required |
|---|---|---|
conditions[]Condition | conditions represents the observations of a KubeadmControlPlane's current state. Known condition types are Available, CertificatesAvailable, EtcdClusterAvailable, MachinesReady, MachinesUpToDate, ScalingUp, ScalingDown, Remediating, Deleting, Paused. Validation: Maximum items: 32 | No |
readyReplicasint32 | readyReplicas is the number of ready replicas for this KubeadmControlPlane. A machine is considered ready when Machine's Ready condition is true. | No |
availableReplicasint32 | availableReplicas is the number of available replicas targeted by this KubeadmControlPlane. A machine is considered available when Machine's Available condition is true. | No |
upToDateReplicasint32 | upToDateReplicas is the number of up-to-date replicas targeted by this KubeadmControlPlane. A machine is considered up-to-date when Machine's UpToDate condition is true. | No |
LastRemediationStatus
LastRemediationStatus stores info about last remediation performed. NOTE: if for any reason information about last remediation are lost, RetryCount is going to restart from 0 and thus more remediations than expected might happen.
Appears in: KubeadmControlPlaneStatus
| Field | Description | Required |
|---|---|---|
machinestring | machine is the machine name of the latest machine being remediated. Validation: Minimum length: 1 | Yes |
timestampTime | timestamp is when last remediation happened. It is represented in RFC3339 form and is in UTC. | Yes |
retryCountint32 | retryCount used to keep track of remediation retry for the last remediated machine. A retry happens when a machine that was created as a replacement for an unhealthy machine also fails. | Yes |
MachineNamingStrategy
MachineNamingStrategy allows changing the naming pattern used when creating Machines. InfraMachines & KubeadmConfigs will use the same name as the corresponding Machines.
Appears in: KubeadmControlPlaneSpec, KubeadmControlPlaneTemplateResourceSpec
| Field | Description | Required |
|---|---|---|
templatestring | template defines the template to use for generating the names of the Machine objects. If not defined, it will fallback to {{ .kubeadmControlPlane.name }}-{{ .random }}. If the generated name string exceeds 63 characters, it will be trimmed to 58 characters and will get concatenated with a random suffix of length 5. Length of the template string must not exceed 256 characters. The template allows the following variables .cluster.name, .kubeadmControlPlane.name and .random. The variable .cluster.name retrieves the name of the cluster object that owns the Machines being created. The variable .kubeadmControlPlane.name retrieves the name of the KubeadmControlPlane object that owns the Machines being created. The variable .random is substituted with random alphanumeric string, without vowels, of length 5. This variable is required part of the template. If not provided, validation will fail.Validation: Minimum length: 1 | No |
RemediationStrategy
RemediationStrategy allows to define how control plane machine remediation happens.
Appears in: KubeadmControlPlaneSpec, KubeadmControlPlaneTemplateResourceSpec
| Field | Description | Required |
|---|---|---|
maxRetryint32 | maxRetry is the Max number of retries while attempting to remediate an unhealthy machine. A retry happens when a machine that was created as a replacement for an unhealthy machine also fails. For example, given a control plane with three machines M1, M2, M3: M1 become unhealthy; remediation happens, and M1-1 is created as a replacement. If M1-1 (replacement of M1) has problems while bootstrapping it will become unhealthy, and then be remediated; such operation is considered a retry, remediation-retry #1. If M1-2 (replacement of M1-1) becomes unhealthy, remediation-retry #2 will happen, etc. A retry could happen only after RetryPeriod from the previous retry. If a machine is marked as unhealthy after MinHealthyPeriod from the previous remediation expired, this is not considered a retry anymore because the new issue is assumed unrelated from the previous one. If not set, the remedation will be retried infinitely. | No |
retryPeriodDuration | retryPeriod is the duration that KCP should wait before remediating a machine being created as a replacement for an unhealthy machine (a retry). If not set, a retry will happen immediately. | No |
minHealthyPeriodDuration | minHealthyPeriod defines the duration after which KCP will consider any failure to a machine unrelated from the previous one. In this case the remediation is not considered a retry anymore, and thus the retry counter restarts from 0. For example, assuming MinHealthyPeriod is set to 1h (default) M1 become unhealthy; remediation happens, and M1-1 is created as a replacement. If M1-1 (replacement of M1) has problems within the 1hr after the creation, also this machine will be remediated and this operation is considered a retry - a problem related to the original issue happened to M1 -. If instead the problem on M1-1 is happening after MinHealthyPeriod expired, e.g. four days after m1-1 has been created as a remediation of M1, the problem on M1-1 is considered unrelated to the original issue happened to M1. If not set, this value is defaulted to 1h. | No |
RolloutBefore
RolloutBefore describes when a rollout should be performed on the KCP machines.
Appears in: KubeadmControlPlaneSpec, KubeadmControlPlaneTemplateResourceSpec
| Field | Description | Required |
|---|---|---|
certificatesExpiryDaysint32 | certificatesExpiryDays indicates a rollout needs to be performed if the certificates of the machine will expire within the specified days. | No |
RolloutStrategy
RolloutStrategy describes how to replace existing machines with new ones.
Appears in: KubeadmControlPlaneSpec, KubeadmControlPlaneTemplateResourceSpec
| Field | Description | Required |
|---|---|---|
typeRolloutStrategyType | type of rollout. Currently the only supported strategy is "RollingUpdate". Default is RollingUpdate. | No |
rollingUpdateRollingUpdate | rollingUpdate is the rolling update config params. Present only if RolloutStrategyType = RollingUpdate. | No |
KubeadmControlPlaneTemplateResourceSpec
KubeadmControlPlaneTemplateResourceSpec defines the desired state of KubeadmControlPlane. NOTE: KubeadmControlPlaneTemplateResourceSpec is similar to KubeadmControlPlaneSpec but omits Replicas and Version fields. These fields do not make sense on the KubeadmControlPlaneTemplate, because they are calculated by the Cluster topology reconciler during reconciliation and thus cannot be configured on the KubeadmControlPlaneTemplate.
Appears in: KubeadmControlPlaneTemplateResource
| Field | Description | Default | Required |
|---|---|---|---|
machineTemplateKubeadmControlPlaneTemplateMachineTemplate | machineTemplate contains information about how machines should be shaped when creating or updating a control plane. | No | |
kubeadmConfigSpecKubeadmConfigSpec | kubeadmConfigSpec is a KubeadmConfigSpec to use for initializing and joining machines to the control plane. | Yes | |
rolloutBeforeRolloutBefore | rolloutBefore is a field to indicate a rollout should be performed if the specified criteria is met. | No | |
rolloutAfterTime | rolloutAfter is a field to indicate a rollout should be performed after the specified time even if no changes have been made to the KubeadmControlPlane. | No | |
rolloutStrategyRolloutStrategy | rolloutStrategy is the RolloutStrategy to use to replace control plane machines with new ones. | rollingUpdate.maxSurge: 1 type: RollingUpdate | No |
remediationStrategyRemediationStrategy | remediationStrategy is the RemediationStrategy that controls how control plane machine remediation happens. | No | |
machineNamingStrategyMachineNamingStrategy | machineNamingStrategy allows changing the naming pattern used when creating Machines. InfraMachines & KubeadmConfigs will use the same name as the corresponding Machines. | No |
RollingUpdate
RollingUpdate is used to control the desired behavior of rolling update.
Appears in: RolloutStrategy
| Field | Description | Required |
|---|---|---|
maxSurgeIntOrString | maxSurge is the maximum number of control planes that can be scheduled above or under the desired number of control planes. Value can be an absolute number 1 or 0. Defaults to 1. Example: when this is set to 1, the control plane can be scaled up immediately when the rolling update starts. | No |
RolloutStrategyType
RolloutStrategyType defines the rollout strategies for a KubeadmControlPlane.
Appears in: RolloutStrategy
KubeadmControlPlaneTemplateMachineTemplate
KubeadmControlPlaneTemplateMachineTemplate defines the template for Machines in a KubeadmControlPlaneTemplate object. NOTE: KubeadmControlPlaneTemplateMachineTemplate is similar to KubeadmControlPlaneMachineTemplate but omits ObjectMeta and InfrastructureRef fields. These fields do not make sense on the KubeadmControlPlaneTemplate, because they are calculated by the Cluster topology reconciler during reconciliation and thus cannot be configured on the KubeadmControlPlaneTemplate.
Appears in: KubeadmControlPlaneTemplateResourceSpec
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
nodeDrainTimeoutDuration | nodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from kubectl drain --timeout | No |
nodeVolumeDetachTimeoutDuration | nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. | No |
nodeDeletionTimeoutDuration | nodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. If no value is provided, the default value for this property of the Machine resource will be used. | No |
taints[]MachineTaint | taints are the node taints that Cluster API will manage. This list is not necessarily complete: other Kubernetes components may add or remove other taints from nodes, e.g. the node controller might add the node.kubernetes.io/not-ready taint. Only those taints defined in this list will be added or removed by core Cluster API controllers. There can be at most 64 taints. A pod would have to tolerate all existing taints to run on the corresponding node. NOTE: This list is implemented as a "map" type, meaning that individual elements can be managed by different owners. Validation: Minimum items: 1 | No |
controlplane.cluster.x-k8s.io/v1beta2
Resource Types:
KubeadmControlPlane
KubeadmControlPlane is the Schema for the KubeadmControlPlane API.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specKubeadmControlPlaneSpec | spec is the desired state of KubeadmControlPlane. | No |
statusKubeadmControlPlaneStatus | status is the observed state of KubeadmControlPlane. | No |
KubeadmControlPlaneTemplate
KubeadmControlPlaneTemplate is the Schema for the kubeadmcontrolplanetemplates API. NOTE: This CRD can only be used if the ClusterTopology feature gate is enabled.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specKubeadmControlPlaneTemplateSpec | spec is the desired state of KubeadmControlPlaneTemplate. | No |
KubeadmControlPlaneSpec
KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane.
Appears in: KubeadmControlPlane
| Field | Description | Required |
|---|---|---|
replicasint32 | replicas is the number of desired machines. Defaults to 1. When stacked etcd is used only odd numbers are permitted, as per etcd best practice. This is a pointer to distinguish between explicit zero and not specified. | No |
versionstring | version defines the desired Kubernetes version. Validation: Minimum length: 1 | No |
machineTemplateKubeadmControlPlaneMachineTemplate | machineTemplate contains information about how machines should be shaped when creating or updating a control plane. | No |
kubeadmConfigSpecKubeadmConfigSpec | kubeadmConfigSpec is a KubeadmConfigSpec to use for initializing and joining machines to the control plane. | No |
rolloutKubeadmControlPlaneRolloutSpec | rollout allows you to configure the behaviour of rolling updates to the control plane Machines. It allows you to require that all Machines are replaced before or after a certain time, and allows you to define the strategy used during rolling replacements. | No |
remediationKubeadmControlPlaneRemediationSpec | remediation controls how unhealthy Machines are remediated. | No |
machineNamingMachineNamingSpec | machineNaming allows changing the naming pattern used when creating Machines. InfraMachines & KubeadmConfigs will use the same name as the corresponding Machines. | No |
KubeadmControlPlaneStatus
KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane.
Appears in: KubeadmControlPlane
| Field | Description | Required |
|---|---|---|
conditions[]Condition | conditions represents the observations of a KubeadmControlPlane's current state. Known condition types are Available, CertificatesAvailable, EtcdClusterAvailable, MachinesReady, MachinesUpToDate, ScalingUp, ScalingDown, Remediating, Deleting, Paused. Validation: Maximum items: 32 | No |
initializationKubeadmControlPlaneInitializationStatus | initialization provides observations of the KubeadmControlPlane initialization process. NOTE: Fields in this struct are part of the Cluster API contract and are used to orchestrate initial Machine provisioning. | No |
selectorstring | selector is the label selector in string format to avoid introspection by clients, and is used to provide the CRD-based integration for the scale subresource and additional integrations for things like kubectl describe.. The string will be in the same format as the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors Validation: Minimum length: 1 | No |
replicasint32 | replicas is the total number of non-terminated machines targeted by this control plane (their labels match the selector). | No |
readyReplicasint32 | readyReplicas is the number of ready replicas for this KubeadmControlPlane. A machine is considered ready when Machine's Ready condition is true. | No |
availableReplicasint32 | availableReplicas is the number of available replicas targeted by this KubeadmControlPlane. A machine is considered available when Machine's Available condition is true. | No |
upToDateReplicasint32 | upToDateReplicas is the number of up-to-date replicas targeted by this KubeadmControlPlane. A machine is considered up-to-date when Machine's UpToDate condition is true. | No |
versionstring | version represents the minimum Kubernetes version for the control plane machines in the cluster. Validation: Minimum length: 1 | No |
observedGenerationint64 | observedGeneration is the latest generation observed by the controller. Validation: Minimum: 1 | No |
lastRemediationLastRemediationStatus | lastRemediation stores info about last remediation performed. | No |
deprecatedKubeadmControlPlaneDeprecatedStatus | deprecated groups all the status fields that are deprecated and will be removed when all the nested field are removed. | No |
KubeadmControlPlaneTemplateSpec
KubeadmControlPlaneTemplateSpec defines the desired state of KubeadmControlPlaneTemplate.
Appears in: KubeadmControlPlaneTemplate
| Field | Description | Required |
|---|---|---|
templateKubeadmControlPlaneTemplateResource | template defines the desired state of KubeadmControlPlaneTemplate. | No |
KubeadmControlPlaneDeprecatedStatus
KubeadmControlPlaneDeprecatedStatus groups all the status fields that are deprecated and will be removed in a future version. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.
Appears in: KubeadmControlPlaneStatus
| Field | Description | Required |
|---|---|---|
v1beta1KubeadmControlPlaneV1Beta1DeprecatedStatus | v1beta1 groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped. | No |
KubeadmControlPlaneInitializationStatus
KubeadmControlPlaneInitializationStatus provides observations of the KubeadmControlPlane initialization process.
Appears in: KubeadmControlPlaneStatus
| Field | Description | Required |
|---|---|---|
controlPlaneInitializedbool | controlPlaneInitialized is true when the KubeadmControlPlane provider reports that the Kubernetes control plane is initialized; A control plane is considered initialized when it can accept requests, no matter if this happens before the control plane is fully provisioned or not. NOTE: this field is part of the Cluster API contract, and it is used to orchestrate initial Machine provisioning. | No |
KubeadmControlPlaneMachineTemplate
KubeadmControlPlaneMachineTemplate defines the template for Machines in a KubeadmControlPlane object.
Appears in: KubeadmControlPlaneSpec
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specKubeadmControlPlaneMachineTemplateSpec | spec defines the spec for Machines in a KubeadmControlPlane object. | No |
KubeadmControlPlaneRemediationSpec
KubeadmControlPlaneRemediationSpec controls how unhealthy control plane Machines are remediated.
Appears in: KubeadmControlPlaneSpec, KubeadmControlPlaneTemplateResourceSpec
| Field | Description | Required |
|---|---|---|
maxRetryint32 | maxRetry is the Max number of retries while attempting to remediate an unhealthy machine. A retry happens when a machine that was created as a replacement for an unhealthy machine also fails. For example, given a control plane with three machines M1, M2, M3: M1 become unhealthy; remediation happens, and M1-1 is created as a replacement. If M1-1 (replacement of M1) has problems while bootstrapping it will become unhealthy, and then be remediated; such operation is considered a retry, remediation-retry #1. If M1-2 (replacement of M1-1) becomes unhealthy, remediation-retry #2 will happen, etc. A retry could happen only after retryPeriodSeconds from the previous retry. If a machine is marked as unhealthy after minHealthyPeriodSeconds from the previous remediation expired, this is not considered a retry anymore because the new issue is assumed unrelated from the previous one. If not set, the remedation will be retried infinitely. | No |
retryPeriodSecondsint32 | retryPeriodSeconds is the duration that KCP should wait before remediating a machine being created as a replacement for an unhealthy machine (a retry). If not set, a retry will happen immediately. Validation: Minimum: 0 | No |
minHealthyPeriodSecondsint32 | minHealthyPeriodSeconds defines the duration after which KCP will consider any failure to a machine unrelated from the previous one. In this case the remediation is not considered a retry anymore, and thus the retry counter restarts from 0. For example, assuming minHealthyPeriodSeconds is set to 1h (default) M1 become unhealthy; remediation happens, and M1-1 is created as a replacement. If M1-1 (replacement of M1) has problems within the 1hr after the creation, also this machine will be remediated and this operation is considered a retry - a problem related to the original issue happened to M1 -. If instead the problem on M1-1 is happening after minHealthyPeriodSeconds expired, e.g. four days after m1-1 has been created as a remediation of M1, the problem on M1-1 is considered unrelated to the original issue happened to M1. If not set, this value is defaulted to 1h. Validation: Minimum: 0 | No |
KubeadmControlPlaneRolloutSpec
KubeadmControlPlaneRolloutSpec allows you to configure the behaviour of rolling updates to the control plane Machines. It allows you to require that all Machines are replaced before or after a certain time, and allows you to define the strategy used during rolling replacements.
Appears in: KubeadmControlPlaneSpec, KubeadmControlPlaneTemplateResourceSpec
| Field | Description | Required |
|---|---|---|
beforeKubeadmControlPlaneRolloutBeforeSpec | before is a field to indicate a rollout should be performed if the specified criteria is met. | No |
afterTime | after is a field to indicate a rollout should be performed after the specified time even if no changes have been made to the KubeadmControlPlane. Example: In the YAML the time can be specified in the RFC3339 format. To specify the rolloutAfter target as March 9, 2023, at 9 am UTC use "2023-03-09T09:00:00Z". | No |
strategyKubeadmControlPlaneRolloutStrategy | strategy specifies how to roll out control plane Machines. | No |
KubeadmControlPlaneTemplateResource
KubeadmControlPlaneTemplateResource describes the data needed to create a KubeadmControlPlane from a template.
Appears in: KubeadmControlPlaneTemplateSpec
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specKubeadmControlPlaneTemplateResourceSpec | spec is the desired state of KubeadmControlPlaneTemplateResource. | No |
LastRemediationStatus
LastRemediationStatus stores info about last remediation performed. NOTE: if for any reason information about last remediation are lost, RetryCount is going to restart from 0 and thus more remediations than expected might happen.
Appears in: KubeadmControlPlaneStatus
| Field | Description | Required |
|---|---|---|
machinestring | machine is the machine name of the latest machine being remediated. Validation: Minimum length: 1 | No |
timeTime | time is when last remediation happened. It is represented in RFC3339 form and is in UTC. | No |
retryCountint32 | retryCount used to keep track of remediation retry for the last remediated machine. A retry happens when a machine that was created as a replacement for an unhealthy machine also fails. Validation: Minimum: 0 | No |
MachineNamingSpec
MachineNamingSpec allows changing the naming pattern used when creating Machines. InfraMachines & KubeadmConfigs will use the same name as the corresponding Machines.
Appears in: KubeadmControlPlaneSpec, KubeadmControlPlaneTemplateResourceSpec
| Field | Description | Required |
|---|---|---|
templatestring | template defines the template to use for generating the names of the Machine objects. If not defined, it will fallback to {{ .kubeadmControlPlane.name }}-{{ .random }}. If the generated name string exceeds 63 characters, it will be trimmed to 58 characters and will get concatenated with a random suffix of length 5. Length of the template string must not exceed 256 characters. The template allows the following variables .cluster.name, .kubeadmControlPlane.name and .random. The variable .cluster.name retrieves the name of the cluster object that owns the Machines being created. The variable .kubeadmControlPlane.name retrieves the name of the KubeadmControlPlane object that owns the Machines being created. The variable .random is substituted with random alphanumeric string, without vowels, of length 5. This variable is required part of the template. If not provided, validation will fail.Validation: Minimum length: 1 | No |
KubeadmControlPlaneMachineTemplateSpec
KubeadmControlPlaneMachineTemplateSpec defines the spec for Machines in a KubeadmControlPlane object.
Appears in: KubeadmControlPlaneMachineTemplate
| Field | Description | Required |
|---|---|---|
infrastructureRefContractVersionedObjectReference | infrastructureRef is a required reference to a custom resource offered by an infrastructure provider. | No |
readinessGates[]MachineReadinessGate | readinessGates specifies additional conditions to include when evaluating Machine Ready condition; KubeadmControlPlane will always add readinessGates for the condition it is setting on the Machine: NodeKubeadmLabelsAndTaintsSet, APIServerPodHealthy, SchedulerPodHealthy, ControllerManagerPodHealthy, and if etcd is managed by CKP also EtcdPodHealthy, EtcdMemberHealthy. This field can be used e.g. to instruct the machine controller to include in the computation for Machine's ready computation a condition, managed by an external controllers, reporting the status of special software/hardware installed on the Machine. Validation: Minimum items: 1 | No |
deletionKubeadmControlPlaneMachineTemplateDeletionSpec | deletion contains configuration options for Machine deletion. | No |
taints[]MachineTaint | taints are the node taints that Cluster API will manage. This list is not necessarily complete: other Kubernetes components may add or remove other taints from nodes, e.g. the node controller might add the node.kubernetes.io/not-ready taint. Only those taints defined in this list will be added or removed by core Cluster API controllers. There can be at most 64 taints. A pod would have to tolerate all existing taints to run on the corresponding node. NOTE: This list is implemented as a "map" type, meaning that individual elements can be managed by different owners. Validation: Minimum items: 1 | No |
KubeadmControlPlaneRolloutBeforeSpec
KubeadmControlPlaneRolloutBeforeSpec describes when a rollout should be performed on the KCP machines.
Appears in: KubeadmControlPlaneRolloutSpec
| Field | Description | Required |
|---|---|---|
certificatesExpiryDaysint32 | certificatesExpiryDays indicates a rollout needs to be performed if the certificates of the machine will expire within the specified days. The minimum for this field is 7. Validation: Minimum: 7 | No |
KubeadmControlPlaneRolloutStrategy
KubeadmControlPlaneRolloutStrategy describes how to replace existing machines with new ones.
Appears in: KubeadmControlPlaneRolloutSpec
| Field | Description | Required |
|---|---|---|
typeKubeadmControlPlaneRolloutStrategyType | type of rollout. Currently the only supported strategy is "RollingUpdate". Default is RollingUpdate. | No |
rollingUpdateKubeadmControlPlaneRolloutStrategyRollingUpdate | rollingUpdate is the rolling update config params. Present only if type = RollingUpdate. | No |
KubeadmControlPlaneTemplateResourceSpec
KubeadmControlPlaneTemplateResourceSpec defines the desired state of KubeadmControlPlane. NOTE: KubeadmControlPlaneTemplateResourceSpec is similar to KubeadmControlPlaneSpec but omits Replicas and Version fields. These fields do not make sense on the KubeadmControlPlaneTemplate, because they are calculated by the Cluster topology reconciler during reconciliation and thus cannot be configured on the KubeadmControlPlaneTemplate.
Appears in: KubeadmControlPlaneTemplateResource
| Field | Description | Required |
|---|---|---|
machineTemplateKubeadmControlPlaneTemplateMachineTemplate | machineTemplate contains information about how machines should be shaped when creating or updating a control plane. | No |
kubeadmConfigSpecKubeadmConfigSpec | kubeadmConfigSpec is a KubeadmConfigSpec to use for initializing and joining machines to the control plane. | No |
rolloutKubeadmControlPlaneRolloutSpec | rollout allows you to configure the behaviour of rolling updates to the control plane Machines. It allows you to require that all Machines are replaced before or after a certain time, and allows you to define the strategy used during rolling replacements. | No |
remediationKubeadmControlPlaneRemediationSpec | remediation controls how unhealthy Machines are remediated. | No |
machineNamingMachineNamingSpec | machineNaming allows changing the naming pattern used when creating Machines. InfraMachines & KubeadmConfigs will use the same name as the corresponding Machines. | No |
KubeadmControlPlaneV1Beta1DeprecatedStatus
KubeadmControlPlaneV1Beta1DeprecatedStatus groups all the status fields that are deprecated and will be removed when support for v1beta1 will be dropped. See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.
Appears in: KubeadmControlPlaneDeprecatedStatus
| Field | Description | Required |
|---|---|---|
conditionsConditions | conditions defines current service state of the KubeadmControlPlane. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. | No |
failureReasonKubeadmControlPlaneStatusError | failureReason indicates that there is a terminal problem reconciling the state, and will be set to a token value suitable for programmatic interpretation. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. | No |
failureMessagestring | failureMessage indicates that there is a terminal problem reconciling the state, and will be set to a descriptive error message. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. Validation: Minimum length: 1 | No |
updatedReplicasint32 | updatedReplicas is the total number of non-terminated machines targeted by this control plane that have the desired template spec. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. | No |
readyReplicasint32 | readyReplicas is the total number of fully running and ready control plane machines. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. | No |
unavailableReplicasint32 | unavailableReplicas is the total number of unavailable machines targeted by this control plane. This is the total number of machines that are still required for the deployment to have 100% available capacity. They may either be machines that are running but not yet ready or machines that still have not been created. Deprecated: This field is deprecated and is going to be removed when support for v1beta1 will be dropped. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. | No |
KubeadmControlPlaneMachineTemplateDeletionSpec
KubeadmControlPlaneMachineTemplateDeletionSpec contains configuration options for Machine deletion.
Appears in: KubeadmControlPlaneMachineTemplateSpec
| Field | Description | Required |
|---|---|---|
nodeDrainTimeoutSecondsint32 | nodeDrainTimeoutSeconds is the total amount of time that the controller will spend on draining a controlplane node The default value is 0, meaning that the node can be drained without any time limitations. NOTE: nodeDrainTimeoutSeconds is different from kubectl drain --timeoutValidation: Minimum: 0 | No |
nodeVolumeDetachTimeoutSecondsint32 | nodeVolumeDetachTimeoutSeconds is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. Validation: Minimum: 0 | No |
nodeDeletionTimeoutSecondsint32 | nodeDeletionTimeoutSeconds defines how long the machine controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. If no value is provided, the default value for this property of the Machine resource will be used. Validation: Minimum: 0 | No |
KubeadmControlPlaneRolloutStrategyRollingUpdate
KubeadmControlPlaneRolloutStrategyRollingUpdate is used to control the desired behavior of rolling update.
Appears in: KubeadmControlPlaneRolloutStrategy
| Field | Description | Required |
|---|---|---|
maxSurgeIntOrString | maxSurge is the maximum number of control planes that can be scheduled above or under the desired number of control planes. Value can be an absolute number 1 or 0. Defaults to 1. Example: when this is set to 1, the control plane can be scaled up immediately when the rolling update starts. | No |
KubeadmControlPlaneRolloutStrategyType
KubeadmControlPlaneRolloutStrategyType defines the rollout strategies for a KubeadmControlPlane.
Appears in: KubeadmControlPlaneRolloutStrategy
KubeadmControlPlaneTemplateMachineTemplate
KubeadmControlPlaneTemplateMachineTemplate defines the template for Machines in a KubeadmControlPlaneTemplate object. NOTE: KubeadmControlPlaneTemplateMachineTemplate is similar to KubeadmControlPlaneMachineTemplate but omits ObjectMeta and InfrastructureRef fields. These fields do not make sense on the KubeadmControlPlaneTemplate, because they are calculated by the Cluster topology reconciler during reconciliation and thus cannot be configured on the KubeadmControlPlaneTemplate.
Appears in: KubeadmControlPlaneTemplateResourceSpec
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | No |
specKubeadmControlPlaneTemplateMachineTemplateSpec | spec defines the spec for Machines in a KubeadmControlPlane object. | No |
KubeadmControlPlaneTemplateMachineTemplateSpec
KubeadmControlPlaneTemplateMachineTemplateSpec defines the spec for Machines in a KubeadmControlPlane object.
Appears in: KubeadmControlPlaneTemplateMachineTemplate
| Field | Description | Required |
|---|---|---|
deletionKubeadmControlPlaneTemplateMachineTemplateDeletionSpec | deletion contains configuration options for Machine deletion. | No |
taints[]MachineTaint | taints are the node taints that Cluster API will manage. This list is not necessarily complete: other Kubernetes components may add or remove other taints from nodes, e.g. the node controller might add the node.kubernetes.io/not-ready taint. Only those taints defined in this list will be added or removed by core Cluster API controllers. There can be at most 64 taints. A pod would have to tolerate all existing taints to run on the corresponding node. NOTE: This list is implemented as a "map" type, meaning that individual elements can be managed by different owners. Validation: Maximum items: 64 | No |
KubeadmControlPlaneTemplateMachineTemplateDeletionSpec
KubeadmControlPlaneTemplateMachineTemplateDeletionSpec contains configuration options for Machine deletion.
Appears in: KubeadmControlPlaneTemplateMachineTemplateSpec
| Field | Description | Required |
|---|---|---|
nodeDrainTimeoutSecondsint32 | nodeDrainTimeoutSeconds is the total amount of time that the controller will spend on draining a controlplane node The default value is 0, meaning that the node can be drained without any time limitations. NOTE: nodeDrainTimeoutSeconds is different from kubectl drain --timeoutValidation: Minimum: 0 | No |
nodeVolumeDetachTimeoutSecondsint32 | nodeVolumeDetachTimeoutSeconds is the total amount of time that the controller will spend on waiting for all volumes to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. Validation: Minimum: 0 | No |
nodeDeletionTimeoutSecondsint32 | nodeDeletionTimeoutSeconds defines how long the machine controller will attempt to delete the Node that the Machine hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. If no value is provided, the default value for this property of the Machine resource will be used. Validation: Minimum: 0 | No |
cpi.tanzu.vmware.com/v1alpha1
Resource Types:
KubevipCPIConfig
KubevipCPIConfig is the Schema for the kubevipcpiconfigs API
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | No | |
specKubevipCPIConfigSpec | No | |
statusKubevipCPIConfigStatus | No |
VSphereCPIConfig
VSphereCPIConfig is the Schema for the VSphereCPIConfig API
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | No | |
specVSphereCPIConfigSpec | No | |
statusVSphereCPIConfigStatus | No |
KubevipCPIConfigSpec
KubevipCPIConfigSpec defines the desired state of KubevipCPIConfig
Appears in: KubevipCPIConfig
| Field | Description | Required |
|---|---|---|
loadbalancerCIDRsstring | loadbalancerCIDRs is a list of comma separated cidrs will be used to allocate IP for external load balancer. For example 192.168.0.200/29,192.168.1.200/29 | No |
loadbalancerIPRangesstring | loadbalancerIPRanges is a list of comma separated IP ranges will be used to allocate IP for external load balancer. For example 192.168.0.10-192.168.0.11,192.168.0.10-192.168.0.13 | No |
KubevipCPIConfigStatus
KubevipCPIConfigStatus defines the observed state of KubevipCPIConfig
Appears in: KubevipCPIConfig
| Field | Description | Required |
|---|---|---|
secretRefstring | Name of the secret created by kubevip cloudprovider config controller | No |
VSphereCPIConfigSpec
VSphereCPIConfigSpec defines the desired state of VSphereCPIConfig
Appears in: VSphereCPIConfig
| Field | Description | Required |
|---|---|---|
vsphereCPIVSphereCPI | Yes |
VSphereCPIConfigStatus
VSphereCPIConfigStatus defines the observed state of VSphereCPIConfig
Appears in: VSphereCPIConfig
| Field | Description | Required |
|---|---|---|
messagestring | Message to indicate failure reason | No |
secretRefstring | Name of the data value secret created by vSphere CPI controller | No |
VSphereCPI
Appears in: VSphereCPIConfigSpec
| Field | Description | Required |
|---|---|---|
modestring | The vSphere mode. Either vsphereCPI or vsphereParavirtualCPI.Validation: Allowed values: | No |
NonParavirtualConfigNonParavirtualConfig | No | |
ParavirtualConfigParavirtualConfig | No |
ParavirtualConfig
ParavirtualConfig represents the configuration in the paravirtual mode
Appears in: VSphereCPI
| Field | Description | Default | Required |
|---|---|---|---|
antreaNSXPodRoutingEnabledbool | A flag that enables pod routing by Antrea NSX for paravirtual mode | false | No |
nsxVPCNSXVPC | No |
NSXVPC
NSXVPC represents the configuration in the VPC network
Appears in: ParavirtualConfig
| Field | Description | Required |
|---|---|---|
podIPPoolTypestring | The type of IP pool for routable Pods: Public, Private Validation: Allowed values: | No |
NSXTRouteConfig
Appears in: NSXT
| Field | Description | Required |
|---|---|---|
routerPathstring | NSX-T T0/T1 logical router path | No |
csi.tanzu.vmware.com/v1alpha1
Resource Types:
VSphereCSIConfig
VSphereCSIConfig is the Schema for the vspherecsiconfigs API
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | No | |
specVSphereCSIConfigSpec | No | |
statusVSphereCSIConfigStatus | No |
VSphereCSIConfigSpec
VSphereCSIConfigSpec defines the desired state of VSphereCSIConfig
Appears in: VSphereCSIConfig
| Field | Description | Required |
|---|---|---|
vsphereCSIVSphereCSI | Yes |
VSphereCSIConfigStatus
VSphereCSIConfigStatus defines the observed state of VSphereCSIConfig
Appears in: VSphereCSIConfig
| Field | Description | Required |
|---|---|---|
secretRefstring | Name of the secret created by csi controller | No |
VSphereCSI
Appears in: VSphereCSIConfigSpec
| Field | Description | Required |
|---|---|---|
modestring | The vSphere mode. Either vsphereCSI or vsphereParavirtualCSI.Validation: Allowed values: | Yes |
configNonParavirtualConfig | No |
kubernetes.vmware.com/v1alpha1
Resource Types:
KubernetesRelease
KubernetesRelease is the schema for the kubernetesreleases API. KubernetesRelease objects represent Kubernetes releases available via Kubernetes Service, which can be used to create KubernetesCluster instances. KRs are immutable to end-users. They are created and managed by Kubernetes Service to provide discovery of Kubernetes releases to Kubernetes Service users.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | No | |
specKubernetesReleaseSpec | No | |
statusKubernetesReleaseStatus | No |
KubernetesReleaseSpec
KubernetesReleaseSpec defines the desired state of KubernetesRelease
Appears in: KubernetesRelease
| Field | Description | Required |
|---|---|---|
versionstring | Version is the fully qualified Semantic Versioning conformant version of the KubernetesRelease. Version MUST be unique across all KubernetesRelease objects. | Yes |
kubernetesKubernetesSpec | Kubernetes is Kubernetes | Yes |
osImages[]LocalObjectReference | OSImages lists references to all OSImage objects shipped with this KubernetesRelease. | No |
bootstrapPackages[]LocalObjectReference | BootstrapPackages lists references to all bootstrap packages shipped with this KubernetesRelease. | No |
KubernetesReleaseStatus
KubernetesReleaseStatus defines the observed state of KubernetesRelease
Appears in: KubernetesRelease
| Field | Description | Required |
|---|---|---|
conditions[]Condition | No |
KubernetesSpec
KubernetesSpec specifies the details about the Kubernetes distribution shipped by this KubernetesRelease.
Appears in: KubernetesReleaseSpec
| Field | Description | Required |
|---|---|---|
versionstring | Version is Semantic Versioning conformant version of the Kubernetes build shipped by this KubernetesRelease. The same Kubernetes build MAY be shipped by multiple KubernetesReleases. | Yes |
imageRepositorystring | ImageRepository specifies container image registry to pull images from. | No |
etcdContainerImageInfo | Etcd specifies the container image repository and tag for etcd. | No |
pauseContainerImageInfo | Pause specifies the container image repository and tag for pause. | No |
corednsContainerImageInfo | CoreDNS specifies the container image repository and tag for coredns. | No |
kube-vipContainerImageInfo | KubeVIP specifies the container image repository and tag for kube-vip. | No |
ContainerImageInfo
ContainerImageInfo allows to customize the image used for components that are not originated from the Kubernetes/Kubernetes release process (such as etcd and coredns).
Appears in: KubernetesSpec
| Field | Description | Required |
|---|---|---|
imageRepositorystring | ImageRepository sets the container registry to pull images from. if not set, defaults to the ImageRepository defined in KubernetesSpec. | No |
imageTagstring | ImageTag specifies a tag for the image. | No |
run.tanzu.vmware.com/v1alpha3
Resource Types:
- ClusterBootstrap
- ClusterBootstrap
- ClusterBootstrapTemplate
- ClusterBootstrapTemplate
- KappControllerConfig
- OSImage
- OSImage
- TanzuKubernetesAddon
- TanzuKubernetesCluster
- TanzuKubernetesRelease
- TanzuKubernetesRelease
- TkgServiceConfiguration
ClusterBootstrap
ClusterBootstrap is the Schema for the ClusterBootstraps API
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | No | |
specClusterBootstrapTemplateSpec | Yes | |
statusClusterBootstrapStatus | No |
ClusterBootstrapTemplate
ClusterBootstrapTemplate is the Schema for the ClusterBootstraptemplates API
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | No | |
specClusterBootstrapTemplateSpec | Yes |
KappControllerConfig
KappControllerConfig is the Schema for the kappcontrollerconfigs API
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | No | |
specKappControllerConfigSpec | Yes | |
statusKappControllerConfigStatus | No |
OSImage
OSImage is the schema for the OSImages API. OSImage objects represent OSImages shipped as parts of TKRs. OSImages are immutable to end-users. They are created and managed by TKG to provide discovery of Kubernetes releases to TKG users and OS image details for infrastructure Machines.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | No | |
specOSImageSpec | No | |
statusOSImageStatus | No |
TanzuKubernetesAddon
TanzuKubernetesAddon is the schema for the tanzukubernetesaddons API. TanzuKubernetesAddon objects represent Kubernetes addons available via TKG Service, which can be used to create TanzuKubernetesCluster instances. TKAs are immutable to end-users. They are created and managed by TKG Service to provide discovery of Kubernetes addons to TKG Service users.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | No | |
specTanzuKubernetesAddonSpec | No | |
statusTanzuKubernetesAddonStatus | No |
TanzuKubernetesCluster
TanzuKubernetesCluster is the schema for the Tanzu Kubernetes Grid service for vSphere API.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | No | |
specTanzuKubernetesClusterSpec | No | |
statusTanzuKubernetesClusterStatus | No |
TanzuKubernetesRelease
TanzuKubernetesRelease is the schema for the tanzukubernetesreleases API. TanzuKubernetesRelease objects represent Kubernetes releases available via TKG, which can be used to create TanzuKubernetesCluster instances. TKRs are immutable to end-users. They are created and managed by TKG to provide discovery of Kubernetes releases to TKG users.
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | No | |
specTanzuKubernetesReleaseSpec | No | |
statusTanzuKubernetesReleaseStatus | No |
TkgServiceConfiguration
TkgServiceConfiguration is the Schema for the tkgserviceconfigurations API
| Field | Description | Required |
|---|---|---|
metadataObjectMeta | No | |
specTkgServiceConfigurationSpec | No | |
statusTkgServiceConfigurationStatus | No |
ClusterBootstrapStatus
ClusterBootstrapStatus defines the observed state of ClusterBootstrap
Appears in: ClusterBootstrap
| Field | Description | Required |
|---|---|---|
resolvedTKRstring | No | |
conditionsConditions | No |
ClusterBootstrapTemplateSpec
ClusterBootstrapTemplateSpec defines the desired state of ClusterBootstrapTemplate
Appears in: ClusterBootstrap, ClusterBootstrapTemplate
| Field | Description | Default | Required |
|---|---|---|---|
pausedbool | Paused can be used to prevent controllers from processing the ClusterBootstrap and all its associated objects. | false | No |
cniClusterBootstrapPackage | No | ||
csiClusterBootstrapPackage | No | ||
cpiClusterBootstrapPackage | No | ||
kappClusterBootstrapPackage | No | ||
additionalPackages[]ClusterBootstrapPackage | No |
KappControllerConfigSpec
KappControllerConfigSpec defines the desired state of KappControllerConfig
Appears in: KappControllerConfig
| Field | Description | Default | Required |
|---|---|---|---|
namespacestring | The namespace in which kapp-controller is deployed | tkg-system | No |
deploymentDeployment | No | ||
kappControllerKappController | deployment.hostNetwork: true | No |
KappControllerConfigStatus
KappControllerConfigStatus defines the observed state of KappControllerConfig
Appears in: KappControllerConfig
| Field | Description | Required |
|---|---|---|
secretRefstring | Name of the data value secret created by controller | No |
OSImageSpec
OSImageSpec defines the desired state of OSImage
Appears in: OSImage
| Field | Description | Required |
|---|---|---|
kubernetesVersionstring | KubernetesVersion specifies the build version of the Kubernetes shipped with this OSImage. | Yes |
osOSInfo | OS specifies the "OS" part of the OSImage. | Yes |
imageMachineImageInfo | Image specifies the "Image" part of the OSImage. | Yes |
OSImageStatus
OSImageStatus defines the observed state of OSImage
Appears in: OSImage
| Field | Description | Required |
|---|---|---|
conditions[]Condition | No |
TanzuKubernetesAddonSpec
TanzuKubernetesAddonSpec defines the desired state of TanzuKubernetesAddon
Appears in: TanzuKubernetesAddon
| Field | Description | Required |
|---|---|---|
addonNamestring | AddonName is the generic name of this addon, e.g. "antrea", "calico", "pvcsi", etc. | Yes |
versionstring | Version is the fully qualified Semantic Versioning conformant version of the TanzuKubernetesAddon. If set, Version MUST be unique across all TanzuKubernetesAddon objects with the same addonName. | No |
repositorystring | Repository is the default container image repository used by Images. It MUST be a DNS-compatible name. | No |
images[]ContainerImage | Images is the list of container images shipped by this addon (e.g. coredns, etcd). | No |
resourceManifestResource | Resource contains the YAML manifest for installing the addon. | No |
TanzuKubernetesAddonStatus
TanzuKubernetesAddonStatus defines the observed state of TanzuKubernetesAddon
Appears in: TanzuKubernetesAddon
TanzuKubernetesClusterSpec
TanzuKubernetesClusterSpec defines the desired state of TanzuKubernetesCluster: its nodes, the software installed on those nodes and the way that software should be configured.
Appears in: TanzuKubernetesCluster
| Field | Description | Required |
|---|---|---|
topologyTopology | Topology specifies the topology for the Tanzu Kubernetes cluster: the number, purpose, and organization of the nodes which form the cluster and the resources allocated for each. | Yes |
distributionDistribution | Distribution specifies the distribution for the Tanzu Kubernetes cluster: the software installed on the control plane and worker nodes, including Kubernetes itself. Deprecated: use topology.controlPlane.tkr and topology.nodePools[*].tkr instead. | No |
settingsSettings | Settings specifies settings for the Tanzu Kubernetes cluster: the way an instance of a distribution is configured, including information about pod networking and storage. | No |
TanzuKubernetesClusterStatus
TanzuKubernetesClusterStatus defines the observed state of TanzuKubernetesCluster.
Appears in: TanzuKubernetesCluster
| Field | Description | Required |
|---|---|---|
apiEndpoints[]APIEndpoint | APIEndpoints represents the endpoints to communicate with the control plane. | No |
versionstring | Version holds the observed version of the Tanzu Kubernetes cluster. While an upgrade is in progress this value will be the version of the cluster when the upgrade began. | No |
addons[]AddonStatus | Addons groups the statuses of a Tanzu Kubernetes cluster's add-ons. | No |
phaseTanzuKubernetesClusterPhase | Phase of this TanzuKubernetesCluster. Deprecated: will be removed in v1alpha3 | No |
conditionsConditions | Conditions defines current service state of the TanzuKubernetestCluster. | No |
totalWorkerReplicasint32 | Total number of replicas in worker node pools. | No |
TanzuKubernetesReleaseSpec
TanzuKubernetesReleaseSpec defines the desired state of TanzuKubernetesRelease
Appears in: TanzuKubernetesRelease
| Field | Description | Required |
|---|---|---|
versionstring | Version is the fully qualified Semantic Versioning conformant version of the TanzuKubernetesRelease. Version MUST be unique across all TanzuKubernetesRelease objects. | Yes |
kubernetesKubernetesSpec | Kubernetes is Kubernetes | Yes |
osImages[]LocalObjectReference | OSImages lists references to all OSImage objects shipped with this TKR. | No |
bootstrapPackages[]LocalObjectReference | BootstrapPackages lists references to all bootstrap packages shipped with this TKR. | No |
TanzuKubernetesReleaseStatus
TanzuKubernetesReleaseStatus defines the observed state of TanzuKubernetesRelease
Appears in: TanzuKubernetesRelease
| Field | Description | Required |
|---|---|---|
conditions[]Condition | No |
TkgServiceConfigurationSpec
TkgServiceConfigurationSpec defines the desired state of TkgServiceConfiguration
Appears in: TkgServiceConfiguration
| Field | Description | Required |
|---|---|---|
defaultCNIstring | Default CNI for TanzuKubernetesCluster | No |
proxyProxyConfiguration | Proxy specifies default global HTTP(s) Proxy Configuration for all new TanzuKubernetesClusters in this Supervisor cluster If omitted, no proxy will be configured for new TanzuKubernetesClusters | No |
trustTrustConfiguration | Trust specifies default global Trust settings for all new TanzuKubernetesClusters in the Supervisor Cluster. If omitted, no additional Trust settings will be configured for the new TanzuKubernetesCluster. | No |
defaultNodeDrainTimeoutDuration | DefaultNodeDrainTimeout specifies the total amount of time that the controller will spend on draining a node by default. Undefined, the value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from kubectl drain --timeout | No |
TkgServiceConfigurationStatus
TkgServiceConfigurationStatus defines the observed state of TkgServiceConfiguration
Appears in: TkgServiceConfiguration
APIEndpoint
APIEndpoint represents a reachable Kubernetes API endpoint.
Appears in: TanzuKubernetesClusterStatus
| Field | Description | Required |
|---|---|---|
hoststring | The hostname on which the API server is serving. | Yes |
portint | The port on which the API server is serving. | Yes |
AddonStatus
AddonStatus represents the status of an addon.
Appears in: TanzuKubernetesClusterStatus
| Field | Description | Required |
|---|---|---|
namestring | Name of the add-on used. | Yes |
typeAddonType | Type of the add-on used | Yes |
versionstring | Version of the distribution applied | No |
conditionsConditions | Conditions defines the current conditions of the add-on. | No |
ClusterBootstrapPackage
Appears in: ClusterBootstrapTemplateSpec
| Field | Description | Required |
|---|---|---|
refNamestring | Yes | |
valuesFromValuesFrom | No |
ContainerImage
ContainerImage is a struct representing a single fully qualified container image name, constructed as {Repository}/{Name}:{Tag}.
Appears in: TanzuKubernetesAddonSpec
| Field | Description | Required |
|---|---|---|
repositorystring | Repository is the container image repository used by this image. It MUST be a DNS-compatible name. | No |
namestring | Name is the container image name without the repository prefix. It MUST be a valid URI path, MAY contain zero or more '/', and SHOULD NOT start or end with '/'. | Yes |
tagstring | Tag is the container image version tag. It is the suffix coming after ':' in a fully qualified image name. | No |
Deployment
Appears in: KappControllerConfigSpec
| Field | Description | Default | Required |
|---|---|---|---|
updateStrategystring | Deployment update strategy Validation: Allowed values: | RollingUpdate | No |
rollingUpdateRollingUpdateInfo | Deployment rolling update info | No |
Distribution
Distribution specifies the version of software which should be installed on the control plane and worker nodes. This version information encompasses Kubernetes and its dependencies, the base OS of the node, and add-ons.
Appears in: TanzuKubernetesClusterSpec
| Field | Description | Required |
|---|---|---|
fullVersionstring | Version specifies the fully-qualified desired Kubernetes distribution version of the Tanzu Kubernetes cluster. If the cluster exists and is not of the specified version, it will be upgraded. Version is a semantic version string. The version may not be decreased. The major version may not be changed. If the minor version is changed, it may only be incremented; skipping minor versions is not supported. The current observed version of the cluster is held by status.version. Deprecated: use topology.controlPlane.tkr and topology.nodePools[*].tkr instead. | No |
versionstring | VersionHint provides the version webhook with guidance about the desired Kubernetes distribution version of the Tanzu Kubernetes cluster. If a hint is provided without a full version, the most recent distribution matching the hint will be selected. The version selected based on the hint will be stored in the spec as the full version. This ensures that the same version is used if the cluster is scaled out in the future. VersionHint is a semantic prefix of a full version number. (E.g., v1.15.1 matches any distribution of v1.15.1, including v1.15.1+vmware.1-tkg.1 or v1.15.1+vmware.2-tkg.1, but not v1.15.10+vmware.1-tkg.1.) A hint that does not match the full version is invalid and will be rejected. To upgrade a cluster to the most recent version that still matches the hint, leave the hint alone and remove the fullVersion from the spec. This will cause the hint to be re-resolved. Deprecated: use topology.controlPlane.tkr and topology.nodePools[*].tkr instead. | No |
KappController
Appears in: KappControllerConfigSpec
| Field | Description | Default | Required |
|---|---|---|---|
createNamespacebool | Whether to create namespace specified for kapp-controller | false | No |
globalNamespacestring | The namespace value used for global packaging resources. Any Package and PackageMetadata CRs within that namespace will be included in all other namespaces on the cluster, without duplicating them | tkg-system | No |
deploymentKappDeployment | hostNetwork: true | No | |
configKappConfig | No |
KubernetesSpec
KubernetesSpec specifies the details about the Kubernetes distribution shipped by this TKR.
Appears in: TanzuKubernetesReleaseSpec
| Field | Description | Required |
|---|---|---|
versionstring | Version is Semantic Versioning conformant version of the Kubernetes build shipped by this TKR. The same Kubernetes build MAY be shipped by multiple TKRs. | Yes |
imageRepositorystring | ImageRepository specifies container image registry to pull images from. | No |
etcdContainerImageInfo | Etcd specifies the container image repository and tag for etcd. | No |
pauseContainerImageInfo | Pause specifies the container image repository and tag for pause. | No |
corednsContainerImageInfo | CoreDNS specifies the container image repository and tag for coredns. | No |
kube-vipContainerImageInfo | KubeVIP specifies the container image repository and tag for kube-vip. | No |
MachineImageInfo
MachineImageInfo describes the "Image" part of the OSImage, defined by the image type.
Appears in: OSImageSpec
| Field | Description | Required |
|---|---|---|
typestring | Type of the OSImage, roughly corresponding to the infrastructure provider (vSphere can serve both ova and vmop). Some of currently known types are: "ami", "azure", "docker", "ova", "vmop". | Yes |
refmap[string]interface{} | Ref is a key-value map identifying the image within the infrastructure provider. This is the data to be injected into the infra-Machine objects (like AWSMachine) on creation. Validation: Type: object | Yes |
ManifestResource
ManifestResource represents a YAML manifest for installing an addon.
Appears in: TanzuKubernetesAddonSpec
| Field | Description | Required |
|---|---|---|
versionstring | Version is the addon version. | No |
typestring | Type is the type of the manifest resource. In VirtualMachineImage based addons its value is 'inline'. | Yes |
valuestring | Value is the text of the YAML manifest. | Yes |
OSInfo
OSInfo describes the "OS" part of the OSImage, defined by the Operating System's name, version and CPU architecture.
Appears in: OSImageSpec
| Field | Description | Required |
|---|---|---|
typestring | Yes | |
namestring | Yes | |
versionstring | Yes | |
archstring | Yes |
ProxyConfiguration
ProxyConfiguration configures the HTTP(s) proxy to be used inside the Tanzu Kubernetes cluster.
Appears in: Network, TkgServiceConfigurationSpec
| Field | Description | Required |
|---|---|---|
httpProxystring | HttpProxy specifies a proxy URL to use for creating HTTP connections outside the cluster. Example: http://<user>:<pwd>@<ip>:<port> | No |
httpsProxystring | HttpsProxy specifies a proxy URL to use for creating HTTPS connections outside the cluster. Example: http://<user>:<pwd>@<ip>:<port> | No |
noProxy[]string | NoProxy specifies a list of destination domain names, domains, IP addresses or other network CIDRs to exclude proxying. Example: [localhost, 127.0.0.1, 10.10.10.0/24] | No |
Settings
Settings specifies configuration information for a cluster.
Appears in: TanzuKubernetesClusterSpec
| Field | Description | Required |
|---|---|---|
networkNetwork | Network specifies network-related settings for the cluster. | No |
storageStorage | Storage specifies storage-related settings for the cluster. The storage used for node's disks is controlled by TopologySettings. | No |
TanzuKubernetesClusterPhase
TanzuKubernetesClusterPhase is a type for the Tanzu Kubernetes cluster's phase constants.
Appears in: TanzuKubernetesClusterStatus
Topology
Topology describes the number, purpose, and organization of nodes and the resources allocated for each. Nodes are grouped into pools based on their intended purpose. Each pool is homogeneous, having the same resource allocation and using the same storage.
Appears in: TanzuKubernetesClusterSpec
| Field | Description | Required |
|---|---|---|
controlPlaneTopologySettings | ControlPlane specifies the topology of the cluster's control plane, including the number of control plane nodes and resources allocated for each. The control plane must have an odd number of nodes. | Yes |
nodePools[]NodePool | NodePools specifies the topology of cluster's worker node pools, including the number of nodes and resources allocated for each node. | Yes |
TrustConfiguration
TrustConfiguration configures additional trust parameters to the cluster configuration
Appears in: Network, TkgServiceConfigurationSpec
| Field | Description | Required |
|---|---|---|
additionalTrustedCAs[]TLSCertificate | AdditionalTrustedCAs specifies the additional trusted certificates (which can be additional CAs or end certificates) to add to the cluster | No |
AddonType
Appears in: AddonStatus
ContainerImageInfo
ContainerImageInfo allows to customize the image used for components that are not originated from the Kubernetes/Kubernetes release process (such as etcd and coredns).
Appears in: KubernetesSpec
| Field | Description | Required |
|---|---|---|
imageRepositorystring | ImageRepository sets the container registry to pull images from. if not set, defaults to the ImageRepository defined in KubernetesSpec. | No |
imageTagstring | ImageTag specifies a tag for the image. | No |
KappConfig
Appears in: KappController
| Field | Description | Required |
|---|---|---|
caCertsstring | A cert chain of trusted CA certs. These will be added to the system-wide cert pool of trusted CA's. Cluster-wide CA Certificate setting will be used if this is not provided. | No |
httpProxystring | The url/ip of a proxy for kapp controller to use when making network requests. Cluster-wide HTTP proxy setting will be used if this is not provided. | No |
httpsProxystring | The url/ip of a TLS capable proxy for kapp-controller to use when making network requests. Cluster-wide HTTPS proxy setting will be used if this is not provided. | No |
noProxystring | A comma delimited list of domain names which kapp-controller should bypass the proxy for when making requests. Cluster-wide no-proxy setting will be used if this is not provided. | No |
dangerousSkipTLSVerifystring | A comma delimited list of hostnames for which kapp-controller should skip TLS verification | No |
KappDeployment
Appears in: KappController
| Field | Description | Default | Required |
|---|---|---|---|
hostNetworkbool | Whether to enable host networking for kapp-controller deployment | true | No |
priorityClassNamestring | The priority value that various system components use to find the priority of the kapp-controller pod | system-cluster-critical | No |
concurrencyint | Concurrency of kapp-controller deployment | 4 | No |
tolerations[]map[string]string | kapp-controller deployment tolerations | - key: CriticalAddonsOnly operator: Exists - effect: NoSchedule key: node-role.kubernetes.io/control-plane - effect: NoSchedule key: node-role.kubernetes.io/master - effect: NoSchedule key: node.kubernetes.io/not-ready - effect: NoSchedule key: node.cloudprovider.kubernetes.io/uninitialized value: true | No |
apiPortint | Bind port for kapp-controller API | 10100 | No |
metricsBindAddressstring | Address for metrics server | 0 | No |
Network
Network specifies network-related settings for a cluster.
Appears in: Settings
| Field | Description | Required |
|---|---|---|
servicesNetworkRanges | Services specify network settings for services. Defaults to 10.96.0.0/12. | No |
podsNetworkRanges | Pods specify network settings for pods. When CNI is antrea, set Defaults to 192.168.0.0/16. When CNI is antrea-nsx-routed, set Defaults to empty | No |
serviceDomainstring | ServiceDomain specifies service domain for Tanzu Kubernetes cluster. Defaults to a cluster.local. | No |
cniCNIConfiguration | CNI is the Container Networking Interface plugin for the Tanzu Kubernetes cluster. Defaults to Calico. | No |
proxyProxyConfiguration | Proxy specifies HTTP(s) proxy configuration for Tanzu Kubernetes cluster. If omitted, no proxy will be configured in the system. | No |
trustTrustConfiguration | Trust specifies certificate configuration for the Tanzu Kubernetes Cluster. If omitted, no certificate will be configured in the system. | No |
NodePool
NodePool describes a group of nodes within a cluster that have the same configuration
Appears in: Topology
| Field | Description | Required |
|---|---|---|
namestring | Name is the name of the NodePool. | Yes |
labelsmap[string]string | Labels are map of string keys and values that can be used to organize and categorize objects. User-defined labels will be propagated to the created nodes. | No |
taints[]Taint | Taints specifies the taints the Node API object should be registered with. User-defined taints will be propagated to the created nodes. | No |
failureDomainstring | FailureDomain is the failure domain the machines will be created in. Must match a key in the FailureDomains map stored on the cluster object. | No |
RollingUpdateInfo
RollingUpdateInfo contains the rolling update settings
Appears in: Deployment
| Field | Description | Default | Required |
|---|---|---|---|
maxUnavailableint | 0 | No | |
maxSurgeint | 1 | No |
Storage
Storage configures persistent storage for a cluster.
Appears in: Settings
| Field | Description | Required |
|---|---|---|
classes[]string | Classes is a list of storage classes from the supervisor namespace to expose within a cluster. If omitted, all storage classes from the supervisor namespace will be exposed within the cluster. | No |
defaultClassstring | DefaultClass is the valid storage class name which is treated as the default storage class within a cluster. If omitted, no default storage class is set | No |
TLSCertificate
TLSCertificate specifies a single additional certificate name and contents
Appears in: TrustConfiguration
| Field | Description | Required |
|---|---|---|
namestring | Name specifies the name of the additional certificate, used in the filename Example: CompanyInternalCA | Yes |
datastring | Data specifies the contents of the additional certificate, encoded as a base64 string. Specifically, this is the PEM Public Certificate data as a base64 string.. Example: LS0tLS1C...LS0tCg== (where "..." is the middle section of the long base64 string) | Yes |
TopologySettings
TopologySettings describes a homogeneous pool of nodes: the number of nodes in the pool and the properties of each of those nodes, including resource allocation and storage.
Appears in: NodePool, Topology
| Field | Description | Required |
|---|---|---|
replicasint32 | Replicas is the number of nodes. This is a pointer to distinguish between explicit zero and not specified, nil. For control plane, defaults to 1 if nil. For node pools, a value of nil indicates that the field will not be reconciled, allowing external services like autoscalers to choose the number of nodes. By default, CAPI's MachineDeployment will pick 1. | No |
vmClassstring | VMClass is the name of the VirtualMachineClass, which describes the virtual hardware settings, to be used each node in the pool. This controls the hardware available to the node (CPU and memory) as well as the requests and limits on those resources. Run kubectl describe virtualmachineclasses to see which VM classes are available to use. | Yes |
storageClassstring | StorageClass is the storage class to be used for storage of the disks which store the root filesystems of the nodes. Run kubectl describe ns on your namespace to see which storage classes are available to use. | Yes |
volumes[]Volume | Volumes is the set of PVCs to be created and attached to each node. | No |
tkrTKRReference | TKR points to KubernetesRelease intended to be used by the node pool (the control plane being special kind of a node pool). | No |
nodeDrainTimeoutDuration | NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node will be drained without any time limitations. NOTE: NodeDrainTimeout is different from kubectl drain --timeout | No |
ValuesFrom
ValuesFrom specifies how values for package install are retrieved from
Appears in: ClusterBootstrapPackage
| Field | Description | Required |
|---|---|---|
inlinemap[string]interface{} | Validation: Schemaless: {} | No |
secretRefstring | No | |
providerRefTypedLocalObjectReference | No |
CNIConfiguration
CNIConfiguration indicates which CNI should be used.
Appears in: Network
| Field | Description | Required |
|---|---|---|
namestring | Name is the name of the CNI plugin to use. Supported values: "calico", "antrea". | Yes |
NetworkRanges
NetworkRanges describes a collection of IP addresses as a list of ranges.
Appears in: Network
| Field | Description | Required |
|---|---|---|
cidrBlocks[]string | CIDRBlocks specifies one or more ranges of IP addresses. Note: supplying multiple ranges many not be supported by all CNI plugins. | No |
TKRReference
TKRReference is an extensible way to link a KubernetesRelease.
Appears in: TopologySettings
| Field | Description | Required |
|---|---|---|
referenceObjectReference | Reference is a way to set the fixed link to the target object. | No |
Volume
Volume defines a PVC attachment. These volumes are tied to the node lifecycle, created and deleted when the node is. The volumes are mounted in the node during the bootstrap process, prior to services being started (e.g. etcd, containerd).
Appears in: TopologySettings
| Field | Description | Required |
|---|---|---|
namestring | Name is suffix used to name this PVC as: node.Name + "-" + Name | Yes |
mountPathstring | MountPath is the directory where the volume device is to be mounted | Yes |
capacityResourceList | Capacity is the PVC capacity | Yes |
storageClassstring | StorageClass is the storage class to be used for the disks. Defaults to TopologySettings.StorageClass | No |